Re: [TLS] Last Call: <draft-ietf-tls-tls13-vectors-06.txt> (Example Handshake Traces for TLS 1.3) to Informational RFC

Mark O <Mark.O@ncsc.gov.uk> Fri, 27 July 2018 16:58 UTC

Return-Path: <Mark.O@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F04D130F43 for <tls@ietfa.amsl.com>; Fri, 27 Jul 2018 09:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1xw83OjKGUh for <tls@ietfa.amsl.com>; Fri, 27 Jul 2018 09:58:01 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100122.outbound.protection.outlook.com [40.107.10.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7104912D7F8 for <tls@ietf.org>; Fri, 27 Jul 2018 09:58:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pML0t7H6WPQ6CeGNyMhn5r8STHYUMoJRWvipcT6seAw=; b=fBTR0uxn7xZXt0HdNXJ9CM/IE6/ftRaz53l8pIxdkSXaA4/R1fuBQR4Xqn7bsU2YKGFGcQq50KbV14V42MbntjfmGNcz+/RXD8OCTdGaQowFW75nXpKxCIeyp0nO8mYuKL0Kbi1FxgKnnABnVZOaPVl7Ic4GDmIUgAKPooUfJbQ=
Received: from LOXP123MB1176.GBRP123.PROD.OUTLOOK.COM (10.166.252.145) by LOXP123MB1416.GBRP123.PROD.OUTLOOK.COM (10.166.255.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.19; Fri, 27 Jul 2018 16:57:58 +0000
Received: from LOXP123MB1176.GBRP123.PROD.OUTLOOK.COM ([fe80::4c32:d4f5:1a0d:9900]) by LOXP123MB1176.GBRP123.PROD.OUTLOOK.COM ([fe80::4c32:d4f5:1a0d:9900%3]) with mapi id 15.20.0995.019; Fri, 27 Jul 2018 16:57:57 +0000
From: Mark O <Mark.O@ncsc.gov.uk>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Re: [TLS] Last Call: <draft-ietf-tls-tls13-vectors-06.txt> (Example Handshake Traces for TLS 1.3) to Informational RFC
Thread-Index: AdQlvLgjCo2xIe9fRqOnyG5Q7NEmMQ==
Date: Fri, 27 Jul 2018 16:57:57 +0000
Message-ID: <LOXP123MB1176437868ECB2E1FAB41C60D32A0@LOXP123MB1176.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mark.O@ncsc.gov.uk;
x-originating-ip: [51.141.34.27]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; LOXP123MB1416; 6:JTf4CCwmfdDgKKLFjXW316plqtbzc6hK+KdlJ50RKIWaEoz/Cq5Qc69wTvA6irqzldLLlmlWgxFMehMJOMLGTZzZq3W6UBtZwtYFRnRPZCYVFjoHrZs/5s4XR97QVgWL6T3/ZkRIKhXnsqmX9zoOOopUjtJwDFbNPG9ewU2E3evwQlfjCBayIk0FFf01xMD9v1ALE6+qodei9+EDircla/iuFkpQgCMvi8zm/IV8TqQwdrgsgioDZ4XyLNerOQZeWN/WWe3cj35K7cfsWifvb0y4+Nv3G+5Oeur/yoQIA/6GTDodNvaJRQWLucq4Itn+91gCfOz1g+U1CmH/Pa3Qc6UWsgth2JDbq2/J9QxW3XjXTGUEfTvTg77CgQnfMgZrS4+baCTYtOPmGm7Vsu3yzXS//LCu7Y/S/OcoRFNxxcypSLnkvMwWbNfH4Cl5p6X4dg/lRP1Yn1IOfXt12Qv3Cg==; 5:7qN8BirIRzWefMBrd9F60dZ4KNsXtkfXZKkb4Mj75C/oMSsmzNDyWeJzmFdP2xKJIoqSoRGcI3PYnP09Xxvt/ORgeJ+YXtiZiajLzgPdEYBTMbueBSudyFGk55+WBpm0LXBljnUrDJXVUaj/cV/gR8RSjgs7LduFgeMXBWNyUdU=; 7:jq1rJZYhov+KYdfh0GeCgyDIxCRaWoWT1QGcyoycVSDU5ua34n8JxE5gL9v+uYLni6ASLxmiPUpEELwbk5m2SnmLizdwfaJJ2EkWTwmzKVHYT177dK98EBpOZwWGV2iGt1mUH986tGH1vLnCbQ5NyJX2WMRdEI3RSgSODqdM2klNSCynx51uhqP2KmlkCtaPTiLyqhec0s2/HVU11IopaXPFJAqt7xLGvrdB+duSkj7vt3JpdQEzpiorZt2eNFNa
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f2ca930b-9d54-4270-ec9a-08d5f3e21abb
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:LOXP123MB1416;
x-ms-traffictypediagnostic: LOXP123MB1416:
x-microsoft-antispam-prvs: <LOXP123MB1416A995B13D3C9025B675BDD32A0@LOXP123MB1416.GBRP123.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(28532068793085)(27231711734898)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(3002001)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:LOXP123MB1416; BCL:0; PCL:0; RULEID:; SRVR:LOXP123MB1416;
x-forefront-prvs: 07467C4D33
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(366004)(346002)(136003)(376002)(396003)(199004)(189003)(6436002)(6246003)(2501003)(5250100002)(6506007)(7696005)(55236004)(102836004)(26005)(186003)(68736007)(1730700003)(8676002)(74482002)(74316002)(7736002)(81166006)(256004)(81156014)(2351001)(105586002)(5660300001)(106356001)(486006)(6916009)(3846002)(6116002)(2900100001)(99286004)(229853002)(478600001)(72206003)(14454004)(316002)(790700001)(476003)(5640700003)(53936002)(5630700001)(8936002)(97736004)(9686003)(55016002)(6306002)(54896002)(2906002)(75922002)(33656002)(25786009)(66066001)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:LOXP123MB1416; H:LOXP123MB1176.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-microsoft-antispam-message-info: mrHBTU5N/XZGrZhuD3rv6sHwwK5PDN43EKu2KacRXzQvBCYuCiVHUTkSYiB6deXZFLDoeJuVuDVxyHfojGvPkJKXJu21MTNdZpcQXKW09mG6Ocs3prxzRFbLuWPgUzpfx06let+WVw1TH9BZfTemMayt8Qu3NDDQ9XB+zMrFcXKdO+rdTaDoWrwG5L1aNHJQiahF1O1Kbnbuuz/24tj8aJ9O/Sl9mKuuGcOOZAUKwiO5DluM9EGOKEF53huHj21JWiImJsCKDIVNWcPHjwchMZjxEZ5K/v5/y4t3+wD9cs9Se8HkFlg4uSxi7IqCsM0kPEE/BemWRyDR2XCm7xx6bE+Po6iVr8C3nA/XVYwI8M8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_LOXP123MB1176437868ECB2E1FAB41C60D32A0LOXP123MB1176GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: f2ca930b-9d54-4270-ec9a-08d5f3e21abb
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2018 16:57:57.8294 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LOXP123MB1416
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RHbMjgwcH2ioHFFNUhfYAL99v1s>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-tls13-vectors-06.txt> (Example Handshake Traces for TLS 1.3) to Informational RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 16:58:04 -0000

A couple of comments on draft-ietf-tls-tls13-vectors-06:
Ordering of messages:

  *   Whenever the steps '{server}  derive secret "tls13 c hs traffic":' and '{server}  derive secret "tls13 s hs traffic":' appear, this is corresponding to the steps in the second phase of the key schedule (section 7.1 of tls13-28)
  *   To complete these you need to have the encoded ServerHello message (as seen in 'Derive-Secret(., "c hs traffic", ClientHello...ServerHello)').
  *   The description of the ServerHello message doesn't come until several steps later. Someone using the test vectors to create unit tests would need to look ahead to the ServerHello payload (after '{server}  send handshake record:', starting with 'payload (90 octets):  02 00 00') before they can recreate the steps above.
Coalescence of records:
There are several examples where multiple messages are shown concatenated, both in their payload and ciphertext forms, which makes it much harder to test them. Concatenating them (or not) has no effect on the protocol, so it's not a requirement. It would be helpful to split out the messages so that it's clearer which bytes belong to which message. The first example of this is after "{server}  send a EncryptedExtensions handshake message", "{server}  send a Certificate handshake message", "{server}  send a CertificateVerify handshake message", and "{server}  send a Finished handshake message"; starting with "payload (657 octets):  08 00 00".

  *   Mark

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk