Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18

Eric Rescorla <ekr@rtfm.com> Fri, 10 February 2017 20:51 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9526A1293F4 for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 12:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rxA9RRfcUDmY for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 12:51:50 -0800 (PST)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73592129BCC for <tls@ietf.org>; Fri, 10 Feb 2017 12:51:50 -0800 (PST)
Received: by mail-yb0-x22c.google.com with SMTP id o65so15088525ybo.2 for <tls@ietf.org>; Fri, 10 Feb 2017 12:51:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ppk/+KlVzd9k3K3hpim9QUN2VUFp0JxNYEhYsEfr14A=; b=so61G0bhl98xnwkqDLkbvBFuWu/k7RYU9yhfyBb739Bie9Sy4g+GNb0BFF4rSy80/b jGUNkbLB6peQlevntMItqzRMs2jySsfPQLVgapfNV7XMimbP2h0j4Ki4Nb54VRy4ZyXP LvDJ8udzGlL3fOtiiexq+zZCS1/jtsJTK2swbFb9R4hlcCYU2MvvfzZww0hWOwLn5Cbg Z+3tPICiAJfX2zsIhnPb5swciP5qIBfA1BcJdF1qTh2ij7Zr7pif/DjAjKrgG3RDqZkw kNnoYYPkQAeYWP6KoaJb9dy0zaCyq/HFERHsCO+zjjazN8/wN2DYsN5ILZ9mdpVJg+6H iomg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ppk/+KlVzd9k3K3hpim9QUN2VUFp0JxNYEhYsEfr14A=; b=B/65Z3b21LiENxRDxGX0TvzC2oYsiSap4pCVTpj4ySgOAb9fOURgw5kjtXjkGGtfm7 qEwEW8lbe5YMVwXuJXEOhwuM75juc7Hq55hxdRldBt+8ZoUd0FT89gzhbDucKfLcx9wL +WYu6dP3LCvIvzWWB1MKHE7e0q13V07OaC6pbhsKltnh8WPnsGJO36wWXuyTzo8vQGFj 7X4dK7hr6/eYBZE/PPLKZhCo9F/8anvU4L1pG6zta+5TQZtqDVVAuFAX0y/p2fwRoLcO w4p9RYsck/h/kgjdGyGW2rQjzdslK8LU7/bBgIHMwDtu3sVyjnH1lcOgpsuZed6BlQc1 PcFA==
X-Gm-Message-State: AMke39l0K7x2bcKaNHnjmpWPu+FqMcGVYMndyU5JpSGqF6Uwk5yKsYO/sb9nfqcN+fd7wtnxqXK0h+LoDGZD2Q==
X-Received: by 10.37.14.69 with SMTP id 66mr8067095ybo.64.1486759909664; Fri, 10 Feb 2017 12:51:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.204.80 with HTTP; Fri, 10 Feb 2017 12:51:08 -0800 (PST)
In-Reply-To: <CAAZdMadhr6r160A50x=DzMHEvsSN0x9dUcpOzBOuXGcYzyR4oA@mail.gmail.com>
References: <CABdrxL53Fd7tY6+qF-p=acvCDa=hvbPov83XSd-Y8-gB3c33Ag@mail.gmail.com> <20170210172224.GA22473@LK-Perkele-V2.elisa-laajakaista.fi> <dade38c1-e5a3-4058-9291-c94ea14dfe91@gmail.com> <CABcZeBPxid8W-r4uUXewFg+cYtUssqQLOcjJ=2ueuyVqj4qZUA@mail.gmail.com> <CAAZdMadhr6r160A50x=DzMHEvsSN0x9dUcpOzBOuXGcYzyR4oA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 10 Feb 2017 12:51:08 -0800
Message-ID: <CABcZeBOWTcBR52L8Yt-LKMX4Mxcnyr32C_gS8uGaVbeoOxnwvQ@mail.gmail.com>
To: Victor Vasiliev <vasilvv@google.com>
Content-Type: multipart/alternative; boundary="001a113e930c48755e05483344b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SFJDfr1sYlwxsgEHkV_xN43hY6s>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Awkward Handshake: Possible mismatch of client/server view on client authentication in post-handshake mode in Revision 18
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 20:51:51 -0000

On Fri, Feb 10, 2017 at 12:44 PM, Victor Vasiliev <vasilvv@google.com>
wrote:

> On Fri, Feb 10, 2017 at 3:39 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>> I agree that the specification doesn't explicitly say this, but
>> it's implicit in the processing rules via the following:
>>
>
> We do at least explicitly promise those properties in Section E.2:
>
> Order protection/non-replayability
> : An attacker should not be able to cause the receiver to accept a
> record which it has already accepted or cause the receiver to accept
> record N+1 without having first processed record N.
>
>
Good point, so if the processing rules don't in fact enforce that, we
should make them
do so (I think they do for the reasons I indicated earlier)

-Ekr


>   -- Victor.
>
>