IETF Logo Mail Archive

Re: [TLS] WGLC for "A Flags Extension for TLS 1.3"

Christopher Wood <caw@heapingbits.net> Mon, 01 June 2020 20:16 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E02B3A152E for <tls@ietfa.amsl.com>; Mon, 1 Jun 2020 13:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=DQb60JsO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=FxII4f61
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drCYlMDkA10Q for <tls@ietfa.amsl.com>; Mon, 1 Jun 2020 13:16:38 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9EA73A152D for <tls@ietf.org>; Mon, 1 Jun 2020 13:16:37 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3070F5C008D for <tls@ietf.org>; Mon, 1 Jun 2020 16:16:37 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Mon, 01 Jun 2020 16:16:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=Q8CpN Lx2KPAxiHrlC87dKHljnwgtm+wfQU/OZE30fy8=; b=DQb60JsOAFwl0InmKeONo IDmjIbp4mXxyNAHCxCkSctY3qdA+E3O4uX0RICuSX8Q4pdAg+ZwtEqXxpwPp1KHJ bgZSBrw0BI6S0g27MUOtd5e2PpNLSmx3jRuMMLHX5VmQ7I22qf7febxKb+BkqZ9M AJh+6GkMyAmw+04n5xK+MBQeQuFSRUu6gSrIp3TnqwUbm+6wUbGz6in+tXvEO5ev JJgbHVPvR01DOYeBhZMLV/i7DH5/XgYO6T2iLbcWDNWVTXpkNerRq4/O9CRTOFd2 I5jGWKestQydVDeSm1RtdkTfze94+ZixpnQCLYKSFP0xMNDYdjCv2LwqlJat+cRl Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=Q8CpNLx2KPAxiHrlC87dKHljnwgtm+wfQU/OZE30f y8=; b=FxII4f61TkddmW5IioSRNVJGyE8CZGoKw8PtHW9K3pCwWsRIvpBy/57Bo c492ae18bmsCWlYPFIQNcsEqN+aUWMeKTsL+PfL9ndCroXRR3V2jxI/4p4ZIStxS zc2+NIt28UVFea55eOLR8m/QQQmlixccOMF0zcj0T6Wvp6eM6jNNYeZNnW9BukMU mpp89ISc+s3t8+mJLgrgfKkY+g1lTXEiXW8qzHLShM7wFqwkMv1k00SHgo4JNxNv wNhQLnhir2WC8lHjnS2In4Azf0Cd5YLd5IPg636rNFia/Hvz5Kan8frXwZ9TFTPm 75is4jE8HNZxzKT6TT82FdGfr2NrA==
X-ME-Sender: <xms:JGLVXv52wbY4YB27JbuFy9gqcz99QM_1U3cyVbCcKgXjvzlyANQlpg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudefhedgudefkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgse htqhertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegt rgifsehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeekffekve eghffgtdffieevudfgledthefhfedvvdehleeivdegveegleefteejudenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinh hgsghithhsrdhnvght
X-ME-Proxy: <xmx:JGLVXk76Zd8T5RQAQ2t7qgYlVt7xtdAOoUQWFtOLVf3252Uj2V-7MA> <xmx:JGLVXmf_lRjhXdjj-npQZvLDT35d9x36IiZCPKf8IUJHfhh5a6Ofdw> <xmx:JGLVXgK1K0X59LVaekHfxzrZIgVMyhbPx_hkjrKi3p0zYS0NXGvw_w> <xmx:JWLVXuZtl-UEUb30wRxagXdDCYN2MQMijRhxAYLKdUd-JwmWJibNXw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E2A293C00A1; Mon, 1 Jun 2020 16:16:36 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-519-g0f677ba-fm-20200601.001-g0f677ba6
Mime-Version: 1.0
Message-Id: <630127d8-3423-4afc-808a-e61165a76a26@www.fastmail.com>
In-Reply-To: <730DE2CB-BD16-47B9-9729-B8D49615AB7B@gmail.com>
References: <bf0f823a-99ab-46b0-9b2a-d397d6bf3139@www.fastmail.com> <3aab08b9-d979-4952-85f6-62e993f6fb4b@www.fastmail.com> <B6EC2F38-504C-46C0-B5A3-F16ED27CA923@gmail.com> <fbc76c60-a250-40dc-95bc-7390937206aa@www.fastmail.com> <730DE2CB-BD16-47B9-9729-B8D49615AB7B@gmail.com>
Date: Mon, 01 Jun 2020 13:15:37 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RH5jcGUSeg99DbHF72_wrhCOn64>
Subject: Re: [TLS] WGLC for "A Flags Extension for TLS 1.3"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 20:16:39 -0000

On Sat, Apr 25, 2020, at 11:38 AM, Yoav Nir wrote:
> See below.
> 
> I think the next thing to do is to get a signal from the working group 
> about whether we do or don’t want to allow unsolicited server flags, 
> because prohibiting it will require a significant change in the draft.
> 
> I’m happy to make such a change, because I still can’t come up with such a flag.

Given that it's a deviation from the norm, and we don't have a compelling use case, I think we ought to make the change. If you have cycles, would you be willing to draft that change for review?

> > On 23 Apr 2020, at 3:07, Martin Thomson <mt@lowentropy.net> wrote:
> > 
> > On Wed, Apr 22, 2020, at 05:31, Yoav Nir wrote:
> >>> Third, more substantially, and invalidating the above, I don't think that we should make flags introduce a new style of negotiation just because it can.  I would strongly prefer that this function as close as possible to "empty ClientHello extension; empty EncryptedExtensions extension".  Aside from that, the utility of an advertisement from the server that a client cannot respond to is pretty marginal.
> >> 
> >> If this is what the group prefers, I’m fine with it, but then there’s 
> >> never any point in sending an empty extension, either from the client 
> >> of form the server. The absence of an individual flag is always implied 
> >> from the absence of the extension.
> > 
> > When you say "empty extension" here, do you mean "empty flags extension" or are you speaking more generally?
> > 
> > If the server can't add flags, then I agree that having the client send an empty flags extension has little value.  Same for the server sending an empty flags extension in that case.
> 
> I mean the flags extension. An empty extension conveys just that the 
> sender supports the extension. An empty CH flags extension just says 
> the client supports the flags extension. Unless the server is allowed 
> to send unsolicited flags, an empty flags extension in CH does not 
> convey any useful information.
> > 
> >>> Are we confident that sending the same extension in both places is safe?  I know that clients have to implement this and so should be able to test that this works, but it seems awkward.  And it might not be necessary.  It's also not sufficient, as we currently allow responses to ClientHello extensions to appear in Certificate (and for CertificateRequest to carry "requests" in the other direction).
> >> 
> >> I don’t think the two extensions ever carry the same flags. Each server 
> >> side flag should be one of three: serverHello, encrpytedExtensions, or 
> >> neither (if we are not expecting a response)
> > 
> > So the intersection of flags in different responses must be zero?  i.e. flags[ServerHello] & flags[EncryptedExtensions] == 0 (and the same for any combination that we allow, including Certificate and NewSessionTicket, I guess).
> 
> I can’t think of any flag that will have a different meaning when sent 
> in SH or EE so that you might want to send both. Just in case, the flag 
> registry should have a field similar to the extension registry which 
> says where the field is valid.

That seems reasonable, though I think restricting the flags to EE is probably better. The possible cases for inclusion in SH (another KEX or KDF algorithm?) seem like they can be handled by existing client extensions. 

Best,
Chris (no hat)

v2.23.0 | Report a Bug | By Email