Re: [TLS] Interaction between cookies and middlebox compat mode
Matt Caswell <matt@openssl.org> Fri, 29 December 2017 10:54 UTC
Return-Path: <matt@openssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2677D12D832 for <tls@ietfa.amsl.com>; Fri, 29 Dec 2017 02:54:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2njRQTttKaBP for <tls@ietfa.amsl.com>; Fri, 29 Dec 2017 02:54:45 -0800 (PST)
Received: from mta.openssl.org (mta.openssl.org [194.97.150.230]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF7B012D7F6 for <tls@ietf.org>; Fri, 29 Dec 2017 02:54:45 -0800 (PST)
Received: from [10.40.10.6] (unknown [104.238.169.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta.openssl.org (Postfix) with ESMTPSA id 98161E701E; Fri, 29 Dec 2017 10:54:42 +0000 (UTC)
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <9a7b1178-f856-ec63-c4b7-e2b29993e133@openssl.org> <CABcZeBMS9TeR-kFem4xHiWGVyKn5LbvDomdzL6vV_3XrKkravQ@mail.gmail.com> <37a087f4-efbe-7eae-5539-d220ff67e243@openssl.org> <CABcZeBOfcKTDnc+FcTPutMazSEhg3V8_tWqzeqpv=N6ki9jN9g@mail.gmail.com> <4c37d15e-7375-d4d0-62d1-c6d295fb7080@openssl.org> <CABcZeBNii93boJJBKehxiHa8DZng4FyRZXhu0qD-jx_snzFdvA@mail.gmail.com> <a4822dc1-85c8-c4e1-f757-04786ad9fbbb@openssl.org> <CABcZeBOtCJb538RXrZkHMgV5Q63mYAhrULNPepbGADgDjer50g@mail.gmail.com> <62bfa0e8-ae90-5291-e179-39743994c51a@openssl.org> <CABcZeBP+TooCZE7S_ZWsqi-DMSrtfV6xzqsyc7-L4zaBmfnOhA@mail.gmail.com>
From: Matt Caswell <matt@openssl.org>
Message-ID: <f3dece30-45fd-d875-3205-a6baec11f757@openssl.org>
Date: Fri, 29 Dec 2017 10:54:41 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBP+TooCZE7S_ZWsqi-DMSrtfV6xzqsyc7-L4zaBmfnOhA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RV0BVLruuGBwTbGBaDaaRfEqsr4>
Subject: Re: [TLS] Interaction between cookies and middlebox compat mode
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2017 10:54:48 -0000
On 28/12/17 18:06, Eric Rescorla wrote: > I must be missing your point. According to the spec as it stands even > with a stateful server I MUST ignore a CCS that comes first. Since this > is a stateful server it may end up negotiating TLSv1.2 - which requires > us to abort the handshake if the CCS comes first. No sensible > implementation will ever send a CCS first in this scenario, so why am I > required by the spec to ignore it and implement the extra complexity in > TLSv1.2 handling? > > In reality I wouldn't bother to implement this which would make me > technically non-compliant. I would prefer it if the wording were fixed > to not require this. > > > OK, I understand your point now, I think it's fine to reject this case > as long as > you properly handle things in the stateless case. If you want to submit > a PR, > I will take a look. https://github.com/tlswg/tls13-spec/pull/1129 Matt
- [TLS] Interaction between cookies and middlebox c… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara