Re: [TLS] RFC 5878 - why?
Darshak Thakore <d.thakore@cablelabs.com> Wed, 18 September 2013 05:04 UTC
Return-Path: <d.thakore@cablelabs.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CE3611E80F7 for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 22:04:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.463
X-Spam-Level:
X-Spam-Status: No, score=-0.463 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5b09pe2cLvP for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 22:04:27 -0700 (PDT)
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by ietfa.amsl.com (Postfix) with ESMTP id 31DB811E80DF for <tls@ietf.org>; Tue, 17 Sep 2013 22:04:26 -0700 (PDT)
Received: from kyzyl.cablelabs.com (kyzyl [10.253.0.7]) by ondar.cablelabs.com (8.14.7/8.14.7) with ESMTP id r8I54L7u020760; Tue, 17 Sep 2013 23:04:21 -0600
Received: from exchange.cablelabs.com (10.5.0.19) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com); Tue, 17 Sep 2013 23:04:21 -0600 (MDT)
X-Virus-Status: clean(F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com)
Received: from EXCHANGE.cablelabs.com ([fe80::797a:96d1:3c53:18ee]) by EXCHANGE.cablelabs.com ([fe80::797a:96d1:3c53:18ee%11]) with mapi id 14.03.0146.000; Tue, 17 Sep 2013 23:04:21 -0600
From: Darshak Thakore <d.thakore@cablelabs.com>
To: Trevor Perrin <trevp@trevp.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RFC 5878 - why?
Thread-Index: AQHOs1zD1tB51ocLGUiZYCyZ8N3SHpnJ4x4AgAAFJQCAAAVLgIAAhnKAgABja4CAADTrgP//5gCA
Date: Wed, 18 Sep 2013 05:04:19 +0000
Message-ID: <CE5E822F.14454%d.thakore@cablelabs.com>
In-Reply-To: <CAGZ8ZG2i8jefSMXvqrqseCY3_P3Rqp=WN2a_gRt7K__8Gq20Cg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.7.130812
x-originating-ip: [10.5.0.27]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16C519FA1D86784EB177763E634A94B2@cablelabs.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Approved: ondar
Subject: Re: [TLS] RFC 5878 - why?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2013 05:04:31 -0000
I'm trying to understand if the primary issue being pointed out here is about the errata in RFC5878 or the extension model that RFC5878 provides. This thread started off with the primary question being what does RFC5878 provide and seems to be turning into a bashing of how bad it is. While i agree that RFC5878 needs to be "fixed" in order to be usable, if we go back to the original question of: why this: Client -> Server : ClientHello Extension signalling AuthorizationData Client <- Server : ServerHello Extension signalling AuthorizationData, SupplementalData containing AuthorizationData Client -> Server : SupplementalData containing AuthorizationData instead of this: Client -> Server : ClientHello Extension Client <- Server : ServerHello Extension Client -> Server : SupplementalData (RFC 4680) then: 1. You seem to be assuming that data is always flowing from the Client to the Server and that anything that a server may want to send can always be carried in the extension. That's not the only case. While it is possible (and in most scenarios sufficient) to carry data in the extension itself, certain extensions may require that actual data be passed in a specific MessageType (based on certain aspects of the handshake being accomplished). In such situations, the extension and the data in the extension serves as triggers/extension code points to indicate what type of data is to be expected in the subsequent messages. In order to achieve that, if you do not define an extension code point, then your extensionType registry starts exploding (with corner case extensions littered around). While it is possible that way, IMHO, having a separate code point and having a separate registry that provides a categorization/registration of specific data types seems cleaner and provides better management. RFC4681 also does the same thing. It defines an extension and establishes a registry to allow registering new UserMappings. Going back to the problems of RFC5878 itself, the lack of length field definitely needs to be fixed but the AuthorizationDataEntry being 1 byte (while weird as you put it) is not really an issue. Also as Yoav pointed out, due to lack of interest or whatever historic reasons, there wasn't any other alternative/interest so RFC5878 was published. When I actually had the need to pass DTCP data as authorization data, RFC5878 provided the closest option (for better or for worse). So my (very biased :) counter question is if RFC5878 is fixable, why not fix it and leverage the registry already defined. If it is obsoleted, wouldn't an alternative still be needed? Darshak On 9/17/13 6:37 PM, "Trevor Perrin" <trevp@trevp.net> wrote: >On Tue, Sep 17, 2013 at 2:27 PM, Marsh Ray <maray@microsoft.com> wrote: >>> From: Trevor Perrin [mailto:trevp@trevp.net] >>> Sent: Tuesday, September 17, 2013 8:32 AM >>> >>> 5878 itself is quite ugly, and riddled with errors and design flaws. >>> Which is why I'm bringing this up. >> >> Now, now, be nice. > >Did you see the errata? > > * It's a weird extension structure, instead of having the standard >2-byte type / 2-byte length fields, like TLS Extensions and 4680 >SupplementalDataEntry, each AuthorizationDataEntry has a (too-small) >1-byte type field, and no length field. > > * Without the length fields it's not generically parseable (Ben >suggests fixing that in the errata, but that breaks compatibility with >the 5878 URLandHash structure). > > * The structure definitions in section 3 are wrong. > > * The submitted errata also argue that the length field for >authz_data_list should be removed. While I agree its redundant, >that's another compatibility-breaking change, so I'm not sure about >that. > >So I'm asking: Is there a legitimate reason for the community to >spend time fixing this RFC, implementing it in TLS libraries (it's not >currently present in any libraries, I believe), and adapting new >standards to use it? > >If not, can we mark it as "obsoleted" or similar? > >Projects like TACK, CT, and OpenSSL have wasted a lot of time >evaluating 5878 and doing trial implementations before backing away >from it. I worry that people (like DTCP) [1] are going to keep making >that mistake, as on the surface this seems like the >"officially-condoned", IETF way to exchange new data through TLS. > > >> Alternatively, if you know something exploitable please drop it while >>it's hot. >> >>> I don't know how you could "extend" it to a larger code space. I >>>suppose we >>> could nest another extension structure *inside* the 5878 structure, to >>>see >>> how many parsing layers we can bury extensions inside... >> >> 254 authZ data formats ought to be enough for anyone. But if not, sure, >>we could indeed use 255 as a value to indicate a multi-byte value >>follows. > >Don't we have some 65000+ unused TLS extensions? > >If you really want a few hundred numbers for "Private Use" or >"Specification Required" extensions, why don't we just carve that out >of the existing TLS Extension space? > > >Trevor > >[1] http://tools.ietf.org/html/draft-dthakore-tls-authz-04 >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] RFC 5878 - why? Darshak Thakore
- [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Ben Laurie
- Re: [TLS] RFC 5878 - why? Salz, Rich
- Re: [TLS] RFC 5878 - why? Simon Josefsson
- Re: [TLS] RFC 5878 - why? Russ Housley