Re: [TLS] Flags extension and announcing support

Martin Thomson <mt@lowentropy.net> Fri, 22 January 2021 05:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5943A11C0 for <tls@ietfa.amsl.com>; Thu, 21 Jan 2021 21:45:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=nhjjuvhG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SI9Dwmi5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rb1jM4-A-aU1 for <tls@ietfa.amsl.com>; Thu, 21 Jan 2021 21:45:56 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B473A118B for <tls@ietf.org>; Thu, 21 Jan 2021 21:45:53 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4D6885C01E8 for <tls@ietf.org>; Fri, 22 Jan 2021 00:45:51 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Fri, 22 Jan 2021 00:45:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=kCGMoyz2yOywF9P+alYsy3qKbBP63Q5 h/hmOt3vPAOQ=; b=nhjjuvhGbQPEvsJaEdBzNcTaBZD7IMGRkLXKEngFTUCyQL0 CDuIFKdUiVV91Nb+Je16RGrl5Uz8TpXaTHqQ33RS4Plq9zLvoitVZ2vtGtJzjo8d Vw6PAZdLEn6sCUdMijS5RlDbn70pthhEbOLuLa6vQqbImkdkjVA55oktWCV4+xC9 ZVVIT8HKQeVDZKkm07PLaLrECHBa4Vn+hSPBrxRiSssTaiEF0TEypvX/zpea+pTO cyDq3O8+K6VHly3JTcsFrwAa484UMrZATrKHceyuyMlraixdbn+jzzUw+dFo9TA8 l/5UjTYX2otmCPEjmfBLuXuMpN4poTqvk2QaTeA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=kCGMoy z2yOywF9P+alYsy3qKbBP63Q5h/hmOt3vPAOQ=; b=SI9Dwmi5xbE/zC3t+4BAeX 7LQKrdUdQQU+Fa14bG9KNeKKHsPbhW9Isd53b2Uqsrfc1+N55NHMph5AJh6cNvYR NIL2fvxyHpnG7rF15eEGe5CWevKmAettEAtsrcOMhtadRRr1Dvv27gnqzyIc0EuX bCUO5SIhL9NUVjiZ42ctpDESlohO7UlgO1UC/xhJdc7EezkgAPxAanJFoZb7/wAe WVCvIfoL1lw8f1jhByFv1QwEYbu9t5tbMPwj0Z5aQ6Kjg2VPG+izg7J85fCuJ7sN RZrdnq1E7tkaOvnL/Oe6+yFzzT2le3zbhKNMS3QWccPualpiA/s0GKBI8sQd9tnw ==
X-ME-Sender: <xms:j2YKYFI5m2SzDVDMQFo588hcSb22Y0lDN9uquKtYwlxErB5Rguq-VA> <xme:j2YKYBIwJYcMugPO9eJl4YrLOXIPkiLb6tpy0Xym1dqd2M2V_XzBtSYdRYoyaV4va -0hzMm55Cm_Fh2YslM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudehgdekkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnheptdeghfekgeffhfetfeejke evfeetheehleegheehveelfeetfeeikeefgfejvdegnecuffhomhgrihhnpehgihhthhhu sgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:j2YKYNv7_dfu39P_lk_tOpCeNBZ2Ht_hEp7jcrblNEIGVwNgC0mCzQ> <xmx:j2YKYGZqMoQr87tSHpAswOWnPsrJDcL2Zm6UG8hMZAfrGUYF5riinQ> <xmx:j2YKYMa1Wls-tsAT-bLTUlODQh1VnB_tvvbY-iCX-jYcv-qcb1VwjQ> <xmx:j2YKYFm8xiO0XzfMG3PzhdQD2iKJzJmB-zWaPbiUU4JKrtWKmh1uQg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1C0AB4E0064; Fri, 22 Jan 2021 00:45:51 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-78-g36b56e88ef-fm-20210120.001-g36b56e88
Mime-Version: 1.0
Message-Id: <a1ca4368-ed59-426b-8d27-a700aa5af10f@www.fastmail.com>
In-Reply-To: <A7A1AB60-6E20-4F84-A36D-EA9BD8D9C990@gmail.com>
References: <A7A1AB60-6E20-4F84-A36D-EA9BD8D9C990@gmail.com>
Date: Fri, 22 Jan 2021 16:45:30 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SpG_C2miJGRGcZdjyB11HrmPqK0>
Subject: Re: [TLS] Flags extension and announcing support
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 05:46:05 -0000

On Fri, Jan 22, 2021, at 16:16, Yoav Nir wrote:
> See this PR: https://github.com/tlswg/tls-flags/pull/5

It looks like there is lots of disagreement there.  I'm going to disagree with others too.

> All except the first are Server-side.

Certificate is client-side too.

> The controversy is about unsolicited flags. An unsolicited flag is a 
> flag that is set in a Flags extension in a server-side message without 
> having been first declared in the ClientHello extension.

So I think that you need to separate requests from responses.  Because Certificate contains response to ClientHello or CertificateRequest, my view is that CertificateRequest can contain any flag (provided that the definition of that flag permits it or you don't know whether it does) and Certificate can only contain flags that CertificateRequest did.  

This is part of what Ekr seems to have objected to, and I agree with him there.  A server should be able to use any flag in NewSessionTicket or CertificateRequest because those are the messages that initiate an exchange (NST doesn't generate any response, so it's an exchange with one flight, but that's immaterial).

To review:
ClientHello is answered by HelloRetryRequest, ServerHello, EncryptedExtensions, and (server) Certificate.
CertificateRequest is answered by (client) Certificate.
NewSessionTicket is not answered (which is totally fine).

Those three first messages above can include new flags.  They can contain the extension or not at the discretion of the entity that sends the message.  Those messages that are in response can only contain the extension if the initiating message contained the extension.  Furthermore, the extension can only contain a specific flag if the initiating message contained that flag.

In other words, each flag is treated just like an empty extension: you can initiate an exchange with it, but you can only answer with it if it was initiated with it.

This differs a little from Chris who suggests that only NewSessionTicket can include a flag that was previously not indicated.