Re: [TLS] proposal to encrypt ContentType for TLS 1.3

Geoffrey Keating <geoffk@geoffk.org> Mon, 07 July 2014 17:50 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 530601B281E for <tls@ietfa.amsl.com>; Mon, 7 Jul 2014 10:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTcvHcdihy3i for <tls@ietfa.amsl.com>; Mon, 7 Jul 2014 10:50:19 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.105.14]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52CDB1A0AA0 for <tls@ietf.org>; Mon, 7 Jul 2014 10:50:19 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id DDBEC33D1D6; Mon, 7 Jul 2014 17:50:18 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: mrex@sap.com
References: <CABcZeBNnL8S2+OgUgg0LagWdA_aom5Qfsm0Da=ypJGhUwoepYQ@mail.gmail.com> <20140707160643.98F421AD93@ld9781.wdf.sap.corp>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: 07 Jul 2014 10:50:18 -0700
In-Reply-To: <20140707160643.98F421AD93@ld9781.wdf.sap.corp>
Message-ID: <m2oax1t5wl.fsf@localhost.localdomain>
Lines: 23
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SYP5mMXjVju_Zo8EAS9G1cJ1h8U
Cc: IETF TLS WG <tls@ietf.org>
Subject: Re: [TLS] proposal to encrypt ContentType for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 17:50:22 -0000

mrex@sap.com (Martin Rex) writes:

> Eric Rescorla wrote:
> [ Charset UTF-8 unsupported, converting... ]
> > Daniel Kahn Gillmor <dkg@fifthhorseman.net> > wrote:
> >>
> >> i just opened a pull request to propose that the TLS ContentType (when
> >> actually using a proper cipher) should itself be encrypted, rather than
> >> in the clear:
> >>
> >> If this change is made, it's also relatively easy to just drop the TLS
> >> version field for each encrypted TLS record layer fragment.
> 
> This version field is sometimes helpful for debugging, and
> using the same formatting of the record contents (clear vs. decrypted)
> means less code complexity.

I'd be happy with dropping the version field for everything beyond the
first ServerHello.  That should help a bit with code
complexity---ClientHello is already quite special and for ServerHello
it will be the second and third bytes sent on the connection so can be
handled as an exception ("read the first three bytes, process version
number, stuff byte 0 back into the queue").