IETF Logo Mail Archive

Re: [TLS] [EXTERNAL] Re: [Technical Errata Reported] RFC8446 (7250)

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 14 November 2022 19:57 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6292C14CEE0 for <tls@ietfa.amsl.com>; Mon, 14 Nov 2022 11:57:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.758
X-Spam-Level:
X-Spam-Status: No, score=-5.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MvkU9AHyfUA for <tls@ietfa.amsl.com>; Mon, 14 Nov 2022 11:57:37 -0800 (PST)
Received: from DM5PR00CU002-vft-obe.outbound.protection.outlook.com (mail-centralusazon11021021.outbound.protection.outlook.com [52.101.62.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7505C14F743 for <tls@ietf.org>; Mon, 14 Nov 2022 11:57:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UrM3cvXu0S99lO6AqeT2QqAaG4Wz7hMvYwYCm4jNMnqfGWCzAV5ifaoyA6JQZ5vJMBVe2y2CNnLcT9/+F15IizXOd6xuLswH0ZLTB1VCiKu8K5scMyypGGjM3t00XhpZLJtYXw6pRK+2jUKYUR2cohmle5IsTpncRapTYm00ZGzb6Tc5sueBn5XN0tS7cIN2IVldQc/cqRsfYjlIIo5Z/nuBxBYikeuaIYvljdYQbk3iUstDLClApT2zY2oPZ4PApVoKhQqESQPfAHC9YNOTDQDawF6vpapirMhYGtAShTImzwg9JwuGq7HwPGwPX0Q3ZBlfQcGyyuJ0dPX9o4bh2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4kePqUmUR2rDTeLMjEypPClfT4AcZrTkWD23KKnljIA=; b=Xpfxb96fFDKhSL2+qEmMbfLmTHkoMNkUsMSMRLUKN4rkzIfCerLgElgC4dLdYQ88O5qiyZPbNJYYOJcrhFL0lU7ZCCql+iiOBnf0Lq7GnOFxWqre4slO+P3y6yf7OChVUkKdRP1XlfBtPpl8h6ou1MjuPSSrpR2UhbZYL6jgHlZlAoBLpPlwRFVp6eMISl+SyT7jRJyrMk0lXKSgmGWyfa4k9f/+W99kB3BnV00vQkuZoNTg2ZNEqf839cWiQ5Q74SLkU8Y7yfzCrbvvES+WlyAqifNjsVfo9OE/32S4/5lDelqMa6TKe/uNGg6OTiLS65zpdRyox8dBV4svee42Ow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4kePqUmUR2rDTeLMjEypPClfT4AcZrTkWD23KKnljIA=; b=XgEgoZbaLFlziR0mzr8J1shoDCiUtUScVUSUGBJR1AKgCxCw1El9zTa8WSuyzhjEElEFedzL3nrCEcaaetmVRTJGnODGtS2k5zs4mj2L6Lfn24izFlCfIOUgmVyR95+FKhM3tcy9+55D00dWOscZC/sdHE/cYNNZaVSp5dJWKD0=
Received: from BY5PR00MB0675.namprd00.prod.outlook.com (2603:10b6:a03:208::8) by SA1PR00MB1556.namprd00.prod.outlook.com (2603:10b6:806:2b3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5827.0; Mon, 14 Nov 2022 19:57:33 +0000
Received: from BY5PR00MB0675.namprd00.prod.outlook.com ([fe80::b1e3:80e7:3451:8397]) by BY5PR00MB0675.namprd00.prod.outlook.com ([fe80::b1e3:80e7:3451:8397%4]) with mapi id 15.20.5869.000; Mon, 14 Nov 2022 19:57:26 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, Alan DeKok <aland@freeradius.org>
CC: "tls@ietf.org" <tls@ietf.org>, "sean+ietf@sn3rd.com" <sean+ietf@sn3rd.com>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [EXTERNAL] Re: [TLS] [Technical Errata Reported] RFC8446 (7250)
Thread-Index: AQHY+FJyKL6Atk6SKkmevEk3lOjmsK4+t9KAgAAWGoCAAAWRgIAAAT0A
Date: Mon, 14 Nov 2022 19:57:26 +0000
Message-ID: <BY5PR00MB06752B8AC7971450A142D5EB8C059@BY5PR00MB0675.namprd00.prod.outlook.com>
References: <20221114165016.E656455EAF@rfcpa.amsl.com> <CABcZeBO8Eo8UONd+QBwkY5+1ewG6Hg1BCec68DW2Ys0u2zT1xA@mail.gmail.com> <D72D6674-3685-467A-84FC-9CD75BCAE7EF@freeradius.org> <CABcZeBO_fSbyJiNdQeNm-4y6D4Pc17A_w1GEd0OdrzmZ2a9imw@mail.gmail.com> <A8864AF1-6478-4F5D-8FB3-304826926DEA@freeradius.org> <CABcZeBOvJJB9MmzysdTaVX-p3Utd2DC06YqAAN=Cv=_Pwp_VDQ@mail.gmail.com>
In-Reply-To: <CABcZeBOvJJB9MmzysdTaVX-p3Utd2DC06YqAAN=Cv=_Pwp_VDQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=4ee8d504-66d9-4da9-ad58-9ac17277f584; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-11-14T19:52:54Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR00MB0675:EE_|SA1PR00MB1556:EE_
x-ms-office365-filtering-correlation-id: 8d018555-5d5f-429a-981b-08dac67a747d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aGiwaK4D55byjjZNT01/BgOU75XxL5PyKzo4EW6FpKTLMnbT1hpd6nhKbtwT2RksBvnbG8YEFnsuXkOeDC5PICXcjWuE29LkqJ6SnV+mjUed0RpfGoq/ZqmX9JYyZTp4J+XAyCj8CFzZwCQb2wiNVQ3vSQRnweFmDrT5tCd2p9HL1Bn4x+G9pfonTF4SlJSwYUdKpmk7vG5e0CLqRQRSDMBiAA9hKU5e/bxd2BRpxkUn/YK0LNBtzastQnHSjZX+agql00Z0gYIGlcy+xTd0OoeFOkH2Bl9KnYpCVONhyMv6INHb3VggzSC3BaGsO5Lf3uGlOD6rwm0EUUW58wpoQch7BlwuTbjuJkLJM5oeQhLB//ZydxlDFpcymByiZ/PLIyEX7DgVs0l/t8whrDmlY5TTNyhOaBka6PzZR7CDwbZCt+4Yg+4ReBIeMWpXgtls2Ew0CQ/BYh0eXWDbVRvjwQ/19zG6Yk5Moo23VvXXWa9ggniBI1OkTloU6tMV9tALa8LkUlBw0OHAai0eznjbjcnEc5oOHqne0+AG5Z9GyBdFoQGvTtlrP1wC3TuVzMjBBSf4K98Hq26TmUrQFHeqN0hhU2LMhadzJUp5AM3shL7CuJJKofxCCf9OHQEq599pswCGERQCA4936DZylP4qU1Zm6WztA60eSHJk42Aw1OWT6wlc3Z/w62YbcuQgPpNWenJTGJuBa9sKYLJKMHJdL/Ea+4sLHX1itQHIDDaG9Znv8odzHbiyRU3EDG9Rl4PIDicbBt4z/JLd8910j+Xld5oX/qnRQ1TPwWpGttyQazp1c4uYbs79KFx5lxOuEfFzX8Ivvwm17j9EobRJNklwsXqDMv8E0Y6LrhTkeFzimAU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR00MB0675.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(346002)(396003)(136003)(39860400002)(366004)(451199015)(82950400001)(82960400001)(316002)(53546011)(9686003)(166002)(26005)(33656002)(8990500004)(83380400001)(55016003)(2906002)(66946007)(66476007)(41300700001)(76116006)(64756008)(66556008)(66446008)(38100700002)(4326008)(122000001)(86362001)(8676002)(8936002)(52536014)(186003)(5660300002)(9326002)(71200400001)(478600001)(38070700005)(966005)(110136005)(10290500003)(7696005)(6506007)(54906003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VqwPd3r5VFFrj9BfKHWEVJtcKBmIIuDHZ0NzeJkjwhSfPz+4XhAd/wXc7ZP9VZ9pXOGLl1kvyJ3lLvnsWyN2l9dIxj7itx6OHvyRElDoahMEl/a5oKCxgOIjFiW0gZQOgTbEzSkuJIrX9WH1mvYKh0S5SH2Yzqf8cYMCssK4vJxEdt7zmt3QPLTr34cQrlG9NF3RmEPdIM1IC4gkh+JiRG8/Z3E1MG+8DdSglffkrXM8RRb4Cl5NroK6ILit3qPfpZEP1n64H/isVJLsCDJgyr/XMXfgjWi+Zbe1ozekVtW/s63T6Pl56EATB6BNuY0FeJDAQbjMAtK5cu6MwW35SSiXffjyS5eT5ixdQbIKRh6k+xfkM9wzmc5bMbC5y0NcP2/Qr5bJxYxrs6eZSOGgH8t03JEJehSpeeVkkKXV503jcXfjpxxpqb2SgoXcdWsnBC2kgwQ83u7ZmOZe392RbThXL0M5eqrImURv97dTJEgdk/DjxDfxnayCtppmkbldn82idY53Dpyk4YnItGfcMyAOCLU+UMQwn4de8GFBu2w/0K6dzaRkgYWZSqNUA18k3wrhQIomsbIF+l21YdiHStdZmivWXGkXtvg1WjnAXBJkkd3Siue+VwJ2RUD5euqPixYIY6Tu8JgBNTk+Q7XjCnTRAOCJ6pkEj2QbGXST4Iy5EbcLt4emNM4rNkz2wGPz8sS0tYy/CfwrZ5wHNsJg1f6ZFtk6ROzLpyUATRbR6QNqsGyhsBdc/uRYXDg3H+XnLg4Jc0yzQu720+pcciRRQc/tIehcUgyKYrHdrrREGDiZyHIMlYXcRse3OZREUjcXUprtIknxeRe2Z8qSwsPeZR1kx0QWu/jfBudrK3qH3NlDKOyPYRFOd0b4hCOAslVXkcTQ08eyI/vFZLrxUb5s/4n622lY6A/znlTIYKeL3J/g47fKocIuSDL0+ZLrG2tZPu+NNVxyQtC455YaE0Yr8lAPdYVIL6y9jQAIaqjurmwMEBhAvo+ssbhLb6wWuCyk2bst7tAB5eHNs4Uioo5Ojg36PzyCmR+WHN7/yB6jA/QxaZrk98XaJHT5b2wObr3dlfqKwhc+rGs6OJtKO7rOsxJHEiMbJCl55dAOyLKLOoen+lmsm/qGrQrQZ7t71xKR2Eu+QZMl+CRnCm5WoADIvmeAq6sbOI7n68WU7CVKrtwb+mpzGZPnWFDwduV6bAA6oSKJnSGYha2cVhQ9yyufxgYhaF/IiIAGqueEtPXrL/L2Xd+9NsA/lY7QmEZpLjSjtBiyfCJDhFnq+mP1tw9hhpGAwFXZ+BSFvDs3IvgtpaXsjCaZ/GMmHrMEweqASIXqpJKbuqhxSoMvThuelnHiztAd6PToe3VOr9Jv9kaRnQOMjNo5BddGv0ZhRfrksqtGfWtwZgyfzfYAbINWqyclkkjJ1SLoYFOi74gC1jXtxz8uwdSbk8E/jhSk3JWnPaudRWF38aMIIlVscTRf0qeggxqDUtXE5aWnIx6EOE004RhcgzdxeCICtJJ4j+NZ3JP2OkEzSKZpu+ClpBIFNjTAwEEYHfoniD9gOniL5rTiWTqwc+Hz07Ag9Bbuhnnaqfy0
Content-Type: multipart/alternative; boundary="_000_BY5PR00MB06752B8AC7971450A142D5EB8C059BY5PR00MB0675namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR00MB0675.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d018555-5d5f-429a-981b-08dac67a747d
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2022 19:57:26.8496 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1a2nXSHpXVRg11yvQ9hliv/eh1WUXJSN6GTRkh2zUndImxACQ3Ze3P06mBoEedSigkufVIn6U6LaUiCZhDYmbA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR00MB1556
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RAXuT6e_sdMsYdARZg0HA9_NUkY>
Subject: Re: [TLS] [EXTERNAL] Re: [Technical Errata Reported] RFC8446 (7250)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 19:57:38 -0000

Hi Alan,


  *   Windows 11 is doing this today with TLS-based EAP methods.  It's a disaster.
I own TLS in Windows; please share the details with me, on a separate thread, so we can figure out what’s broken. It’s probably a bug in the SSPI caller (EAP in this case).

Generally though, I don’t think RFCs should be updated for an obvious implementation bug. Disconnecting on ticket receipt is just plain not reasonable. An unreasonable implementer won’t heed an RFC update😊

Cheers,

Andrei

From: TLS <tls-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Monday, November 14, 2022 11:48 AM
To: Alan DeKok <aland@freeradius.org>
Cc: tls@ietf.org; sean+ietf@sn3rd.com; paul.wouters@aiven.io; RFC Errata System <rfc-editor@rfc-editor.org>
Subject: [EXTERNAL] Re: [TLS] [Technical Errata Reported] RFC8446 (7250)



On Mon, Nov 14, 2022 at 11:28 AM Alan DeKok <aland@freeradius.org<mailto:aland@freeradius.org>> wrote:
On Nov 14, 2022, at 1:09 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
>   I'd like to have a way to say "if you don't support session tickets, just ignore them".
>
> Again this text is not quite right because

  I think you're talking at cross purposes to the problem I'm trying to describe.

Yes, I had thought you were talking about the server. I got confused because your text said "extension" but NewSessionTicket is not an extension but rather a handshake message. My mistake.



> Can you explain how you got into this posture? The only reason a client should be sending session tickets is if it received one
> from the server.

  The problem isn't that.  The problem is long before the client tries to reconnect.  The problem is the client, not the server.  The problem is that the initial connection to the server is never successful.  It has nothing to do with other uses of PSKs.  It has nothing to do with clients sending anything to the server.

  The flow is this:

     Client connects to server.

     Client and server exchange TLS information.  They're both happy with everything.

     Server eventually sends a session ticket to the client.

     Client goes "OMFG" and hangs up.  No more TLS session.

     Repeat ad nauseam until server administrator (a) forbids the use of TLS 1.3, or (b) forbids session tickets.


  Windows 11 is doing this today with TLS-based EAP methods.  It's a disaster.

I agree that this is a defect.


  Again, from Section 4.6.1.<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2F4.6.1.%2F&data=05%7C01%7CAndrei.Popov%40microsoft.com%7Cf449a9b7a1cf494c438108dac6795640%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040522545624870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bcUADsU0lRk3bHxr1ZE54TEta6iasRM2s0F1NGFU6FQ%3D&reserved=0>:

  The client MAY use this PSK for future handshakes by including the
  ticket value in the "pre_shared_key" extension in its ClientHello

  and by *implication* the client also does not need to use the session ticket.  It is free to use the session ticket, or to ignore it entirely.

  What the client is *not* free to do is to treat the session ticket as a TLS connection failure.  This behavior can best be described as "surprising".

Yes, I agree with that. I would have thought this to be implicit in the spec, but I have filed https://github.com/tlswg/tls13-spec/issues/1280<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftlswg%2Ftls13-spec%2Fissues%2F1280&data=05%7C01%7CAndrei.Popov%40microsoft.com%7Cf449a9b7a1cf494c438108dac6795640%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638040522545624870%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YwCmwR%2Fy1mgA8RKIpjQthLNIriQ%2Bky9qJZoAXP9gC8A%3D&reserved=0> to address it for 8446-bis.

-Ekr

v2.23.0 | Report a Bug | By Email