Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-grease-03: (with COMMENT)
Mirja Kuehlewind <ietf@kuehlewind.net> Fri, 16 August 2019 07:39 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BB23120125; Fri, 16 Aug 2019 00:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkyZTxGs1OSU; Fri, 16 Aug 2019 00:39:16 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD7E612011A; Fri, 16 Aug 2019 00:39:15 -0700 (PDT)
Received: from [129.192.10.3] (helo=[10.149.1.218]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hyWpN-0003Qd-Ro; Fri, 16 Aug 2019 09:39:13 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <CAF8qwaC7CvyrzrS=SWD9OT9Eq6BGirha2cjut5P-Wz5bz6NQAg@mail.gmail.com>
Date: Fri, 16 Aug 2019 09:39:13 +0200
Cc: Benjamin Kaduk <kaduk@mit.edu>, draft-ietf-tls-grease@ietf.org, "<tls@ietf.org>" <tls@ietf.org>, The IESG <iesg@ietf.org>, Sean Turner <sean@sn3rd.com>, tls-chairs <tls-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6BD4AC5B-BA54-4BED-8B9B-ECA298E8BF0F@kuehlewind.net>
References: <156588205271.15865.9243229289426203471.idtracker@ietfa.amsl.com> <20190815152405.GS88236@kduck.mit.edu> <44BDC996-0E18-48BE-A700-C49A101330F8@kuehlewind.net> <CAF8qwaC7CvyrzrS=SWD9OT9Eq6BGirha2cjut5P-Wz5bz6NQAg@mail.gmail.com>
To: David Benjamin <davidben@google.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1565941155;c0845f8a;
X-HE-SMSGID: 1hyWpN-0003Qd-Ro
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Res-xfN2Mvu7qSEGU1Qc9kEz2rI>
Subject: Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-grease-03: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 07:39:18 -0000
Hi David, See below. > On 15. Aug 2019, at 20:52, David Benjamin <davidben@google.com> wrote: > > On Thu, Aug 15, 2019 at 11:30 AM Mirja Kuehlewind <ietf@kuehlewind.net> wrote: > Hi Ben, > > See line. > > > On 15. Aug 2019, at 17:24, Benjamin Kaduk <kaduk@mit.edu> wrote: > > > > On Thu, Aug 15, 2019 at 08:14:12AM -0700, Mirja Kühlewind via Datatracker wrote: > >> Mirja Kühlewind has entered the following ballot position for > >> draft-ietf-tls-grease-03: No Objection > >> > >> When responding, please keep the subject line intact and reply to all > >> email addresses included in the To and CC lines. (Feel free to cut this > >> introductory paragraph, however.) > >> > >> > >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> https://datatracker.ietf.org/doc/draft-ietf-tls-grease/ > >> > >> > >> > >> ---------------------------------------------------------------------- > >> COMMENT: > >> ---------------------------------------------------------------------- > >> > >> One comment/question: I think I didn't quite understand what a client is > >> supposed to do if the connection fails with use of greasing values...? The > >> security considerations seems to indicate that you should not try to re-connect > >> without use of grease but rather just fail completely...? Also should you cache > >> the information that greasing failed maybe? > > > > I'll let the authors chime in, but I think the sense of the security > > considerations is more that we are preventing the fallback from being > > needed "in production due to "real" negotiation failures. Falling back on > > GREASE failure is not as bad, provided that you follow-up with the failing > > peer out of band to try to get it fixed. > > I don't know how much value there would be in caching the grease-intolerate > > status; ideally it would almost-never happen. > > Okay, then I think it would be nice to say something more in the document, about fallback at least. > > Ben's description is right. If deploying a new TLS feature results in too many interop failures with existing buggy servers, that feature becomes difficult to deploy and there is a lot of pressure to apply some sort of mitigation like a fallback. That's no good. GREASE's goal is to avoid the interop failures to begin with. The text was not meant to imply that you should do any sort of fallback. > > What change did you have in mind? The current text says: > > > Historically, when interoperability problems arise in deploying new TLS features, implementations have used a fallback retry on error with the feature disabled. This allows an active attacker to silently disable the new feature. By preventing a class of such interoperability problems, GREASE reduces the need for this kind of fallback. > > That reads to me as describing historical fallbacks, rather than recommending new ones. (Indeed you shouldn't do fallbacks. Fallbacks are bad. They break downgrade protection.) I was thinking about adding some new text somewhere else in the document that give a recommendation if you should fallback on grease and when. > > > > >> And a note on normative language: > >> > >> "Implementations sending multiple > >> GREASE extensions in a single block thus must ensure the same value > >> is not selected twice." > >> Should this be a "MUST"? > > > > I asked for this to be changed away from a "MUST" -- RFC 8466 already has > > this prohibition on duplicated values; we're just calling it out again here > > since randomly picking values (with replacement, which is the easy way to > > code it) can result in collisions, that are forbidden by 8446. > > Ah okay, that’s fine. Didn’t check 8446. > > > >> Also this is an interesting MUST: > >> "... MUST correctly ignore unknown values..." > >> While this is the whole point of the document, I assume this is already > >> normatively specified in RFC8446 and therefore it could make sense to use > >> non-formative language here... > > > > I think you are correct, but I personally do not mind the extra normative > > force in this case. > > I just found this actually particularly weird because of the “correctly”. To me it reads like “please, please finally follow normative specification we do in RFCs”… anyway… I after all don't really mind if you pick on or the other. > > Mirja > > > > > > > -Ben > > > > >
- [TLS] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind via Datatracker
- Re: [TLS] Mirja Kühlewind's No Objection on draft… Benjamin Kaduk
- Re: [TLS] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind
- Re: [TLS] Mirja Kühlewind's No Objection on draft… David Benjamin
- Re: [TLS] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind
- Re: [TLS] Mirja Kühlewind's No Objection on draft… David Benjamin
- Re: [TLS] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind
- Re: [TLS] Mirja Kühlewind's No Objection on draft… David Benjamin
- Re: [TLS] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind
- Re: [TLS] Mirja Kühlewind's No Objection on draft… David Benjamin