[TLS] SNIP: simplified negotiation of incompatible protocols

Martin Thomson <mt@lowentropy.net> Wed, 07 July 2021 04:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2BF3A1256 for <tls@ietfa.amsl.com>; Tue, 6 Jul 2021 21:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=BfD8axxy; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=O2c8XANn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sy82eVuwdMwF for <tls@ietfa.amsl.com>; Tue, 6 Jul 2021 21:44:57 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 418433A1254 for <tls@ietf.org>; Tue, 6 Jul 2021 21:44:57 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 19BF15C010C for <tls@ietf.org>; Wed, 7 Jul 2021 00:44:56 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Wed, 07 Jul 2021 00:44:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm2; bh=SvUZ/kNcN6wldJupqXIa6Icwcn/9kASjLQBz/GOPI4o=; b=BfD8axxy InFV7jLp//iiyao1SfIpLRulE1fE89WTMiUxFEyhvdn6AbXE4Evpo2ig2eC4Dckh GN6IGQZmVynTxzFWX5fu/UooPlsc76qIgku7atsLuR0iYaLOU4C4ZF6UKjYe+K4v vEkz1M64xEy8zFAC11HOQy1/K5NGoyeiRayHJ26F6XKDhw3y4j1IGh67F4mJ9jG6 VsPuaoL8l2TDgASAD75rphoBStwqP5E50fYYEpThqVoh2b9NtCZaOSE92jAcciTw aUv0tf0zr2EPx46TW85PcFzNzbSAEqIco3rDDT26hJwitLt14oSyTZ0R5tSgdz5r WqSacNBbhrXt4A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=SvUZ/kNcN6wldJupqXIa6Icwcn/9k ASjLQBz/GOPI4o=; b=O2c8XANnl+T+vK6V9wl3cy9uvjiaxPKidF0snfqvmjp6Y 26umxANnHONcyiKlh21Ig+CcokGgjmGxl7S932w/FwGLgNvw+hlor83JTObVs8+W t8aWV93PGq4imXn/KmMb5366P5PWeoypSs81H7C9rN8C2xuPRY1YYBZfS8VCVpL3 /5GtME5nsPGraY8zyDS/eJ6ZmVPWPHuzXew35qwH7yW2CVTVIpuRUQb2QNwIrA03 kznsFbjYQ9qnfjE432QxGlyk1vcVokkR2max8/JpvCKwhZ1Eo7fNYrVf25X8xfZd wrP7FodldHmG37h0advgvA7dgKn1muUGuyUNkXJXA==
X-ME-Sender: <xms:RzHlYI4DWGj9MYpMJAyKmeTvLCKTlo5EXpV3wCyyJCVTRM31r6D53g> <xme:RzHlYJ4ziTNI8yOQxDda_2cDDF39S5shyG1wF1ZLaDsMb4CM4mLwMUALK7kyFAJZX bNL2zaBK63T1_mPNUs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrtddugdehkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghn thhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepgfehieeggfeileekhfdthfdtff egjeffvdekudffgfeltddujefhieeihffhveegnecuffhomhgrihhnpehivghtfhdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmth eslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:RzHlYHdG08ZX6Ct4ajNnhVPTAmbr0Aw9Wug74oJSgeFbFx1kbbuicA> <xmx:RzHlYNJW2-WW82SDcsGLtutbLg4XQwRmPc2LeG6eeJoRjtM2M6Rb6g> <xmx:RzHlYMJnQFDu6rTuMTVx1Qgr_Ql-Lmg7NFTgcwD0exqJPkq7WmPnaA> <xmx:SDHlYBUSZF9hHmeXrd7wHkcW5hlLD8dPo5coUyfVb8vswiIWl5tbzA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id AA2F63C00B6; Wed, 7 Jul 2021 00:44:55 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-531-g1160beca77-fm-20210705.001-g1160beca
Mime-Version: 1.0
Message-Id: <748465c1-f90f-4b11-8c96-ee4223313ac7@www.fastmail.com>
Date: Wed, 07 Jul 2021 14:44:35 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RWFuwRY3R2QNzAWX9Z4ems8Dl4g>
Subject: [TLS] SNIP: simplified negotiation of incompatible protocols
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 04:45:02 -0000

I've updated my version of the draft we discussed a while back.  After time to reflect, I was convinced by feedback from Benjamin Schwartz suggesting that the more complicated bits of the proposal could be simplifed greatly.  So I did that.

Hopefully this is a little easier to comprehend, implement, and deploy.

https://www.ietf.org/archive/id/draft-thomson-tls-snip-02.html

[*] Yes, the title in the doc differs.