Re: [TLS] PR#28: Converting cTLS to QUIC-style varints

Mohit Sethi M <mohit.m.sethi@ericsson.com> Wed, 07 October 2020 19:57 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6283D3A0A2E for <tls@ietfa.amsl.com>; Wed, 7 Oct 2020 12:57:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.514
X-Spam-Level:
X-Spam-Status: No, score=-3.514 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dF1_AWKOolY0 for <tls@ietfa.amsl.com>; Wed, 7 Oct 2020 12:57:25 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3966E3A0AFD for <tls@ietf.org>; Wed, 7 Oct 2020 12:57:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=esGgPyieEkrF+MMiR3Mg4c7YZQOjsV61RRXpoJEXACmbRVEKR+xOdESPcdHZ3FCKoNMZur96oIGh4fmOZpZjGImSvhTVzBNbkdDMZoxtXe9hNYgeQlm8odY9wU5kOs6AZ4oIRL7Z9PtXocM4jP8jWZgbMJ903WFvmI+nX7lDe4oP4NQ8dJN4vDr1d2u8NiM6LclCUm5nuQBdM+rQw3Mm4hW2hgZC5XDyGfEfwMWrVJt2dgED51GGTPm1KOmxdI8EqhlJOKq7DBwjkafdI4/glXbrfb3SD5ddXJzAJp7j6ZvgLQbk8KwyhPDksqoYIHAoH/KWNDlNtE32QqGuVAUS/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZTtbkmHxW8F9UuJUFavzKyUV+XqgsEEoB51E00UN220=; b=hJLVaHMXkluJtHUoVVJe807jfGQeA1md1WtYJnPU9pSdpj5mRuKsdMcpC7ZAcvG4G8TdsXUP7Ow8TD2GDb6F9lBxfTdnjDZ4HCGccrTu4Y0h8Vkg7RDfPANkFqI6DOW/MRjaPknMUHRZDzE/qZjLsyaKGObRvLDbM6SGfMH0Qm3HpjjJQ4z7BLy9N/+DOxoIGefPCN2Bl9J2vEaqty956X9bDDuQnO65qYjgVEQYa3vIVOR0lDwWsd6+E8FYtdI+qcLcug+y/pDAa0gdaWJG0K7ScEVoQjYwTdKWGMrifidAAr+C3Kg6gff4yg/gs+QXIhcDtrfDw4KBawYcfm5ybA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZTtbkmHxW8F9UuJUFavzKyUV+XqgsEEoB51E00UN220=; b=o6C5Oi/kQ22gA2pbEjeue2P1FOGLO+KyVDlGKB/1VndH1RSUMmLxxqtj5BQ40oGZnBXVC1OvFYsZ8/eCgzdH9Gdt0IMV6y1pI1vKeOiH8tYbVCQ3ZmSFCrJmQF+Ml87nzse4cwDAI/Cg8h6Y4y68IxIpCXyyZz1klkAyW96+qt8=
Received: from HE1PR07MB3209.eurprd07.prod.outlook.com (2603:10a6:7:32::14) by HE1PR0702MB3548.eurprd07.prod.outlook.com (2603:10a6:7:8b::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.13; Wed, 7 Oct 2020 19:57:20 +0000
Received: from HE1PR07MB3209.eurprd07.prod.outlook.com ([fe80::1550:2d88:a5be:95ca]) by HE1PR07MB3209.eurprd07.prod.outlook.com ([fe80::1550:2d88:a5be:95ca%6]) with mapi id 15.20.3455.023; Wed, 7 Oct 2020 19:57:19 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>, Watson Ladd <watsonbladd@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] PR#28: Converting cTLS to QUIC-style varints
Thread-Index: AQHWnNHiaVI1NS22a0OA6GEJUmjn9KmMgomAgAAL8gA=
Date: Wed, 7 Oct 2020 19:57:19 +0000
Message-ID: <5cb03a05-ce29-40d3-a36e-871e0c0e9bcb@ericsson.com>
References: <CABcZeBPNFhGoLhgqeR9ObwyU68BYq=hXG1PhXcqNsNDNFGGyaw@mail.gmail.com> <CAOYVs2rEDtgJFVpiQkcaaYG2LAyW1hB5Cou4kUoG2_dkxMFTww@mail.gmail.com> <CABcZeBP3BUDEeiV2T-kxYTmC841XE_BrXhPHSoRqfdH0hHd-6w@mail.gmail.com> <BBA456AB-EC42-47DD-A3E3-5FC0E9E7A534@akamai.com> <53DD7D0D-D325-4246-86F2-C409875134FB@ll.mit.edu> <8e8ca76e-37ce-ce10-ae42-ea26d87c35fc@pobox.com> <9CED80DA-FAE7-4C7F-9687-3B61B63587E9@akamai.com> <a49d4b8c-cf49-51df-0c6b-332a4459f318@pobox.com> <b8f4597c-37de-0092-6179-c6bf275c20f9@huitema.net> <CACsn0c=V035wmmhwTzJoREHwmGJmVujcdm0LQKQqLCCBRzv4oQ@mail.gmail.com> <0fbf5f36-9480-ceb6-dc20-5e27e41061a8@ericsson.com> <d6556cb3-260c-f120-4e52-fff205ced760@gmail.com>
In-Reply-To: <d6556cb3-260c-f120-4e52-fff205ced760@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:14bb:140:34a4:43da:bde5:a265:cf55]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2221f73e-c0fc-491e-7909-08d86afb330d
x-ms-traffictypediagnostic: HE1PR0702MB3548:
x-microsoft-antispam-prvs: <HE1PR0702MB3548583578769E2941FF73C9D00A0@HE1PR0702MB3548.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /dzPu7Nc/U3hmj7zUnyxLonj3QaHM+TilJoXo/xjZQ8yDxzZsRZrVw+++LKUseoRSGaXIoTPWhOPjLyeHBlmJMVGKGY0ljJd5IlHxwawOcRPzejEMjnFt+z5e8wzQI0bHyH0HKHkmQS/F+t7+nJnUDZnY5FgaOWZQtFS3qJlv+TkJzMPAQo95FE38ROg2sjWVEmb5HIANs81K5WZ4I8Iilbw+5TPbmDOWqAyyJZNvRcwwTMu2fDkQe6na/61NKSh/oDjz6FMWZfIp8f5JF6lWStbyOcJODXwodWNuksIvsAutF8jwF6RmpLRdHmQL1jxh2XsXrOKItMrypV5qBVbYgwahzLICBqsbO4IX3+9oj0Hpjm8aQ935iogRU5BrF1PJrr5Zy86Oi5uLEY0AP8QT047kNH+WxjfFeNQ0PqZA6zPQKcOsr86wLa29TSkx24aD2DckuFAcm/OyW3MujAwNg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3209.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(39860400002)(136003)(376002)(346002)(6506007)(186003)(53546011)(2616005)(6512007)(8676002)(5660300002)(2906002)(110136005)(83380400001)(36756003)(8936002)(316002)(6486002)(76116006)(966005)(71200400001)(31686004)(4326008)(64756008)(66446008)(66556008)(86362001)(66476007)(478600001)(66946007)(31696002)(83080400001)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Ys58ZbQP7vF3gnkVpj7bq6UPjRcC1oBj4OBQX4b33bKRCr+ZtlQN30Fo3SpMygTUYS07RoZ+Eq8PvP9KCmpEFoLpM1/3m651zbaL/734TAAH7lrwpa8jd/eLDOHk/0dFE6U/PFh/Re3VaFnQufD3eZzFZW9WXKlR2/4LYRa19IOMY0pSm6NQ1G/rAAG2S4TE0TpHqEvlp63BjZS/+V/OgMaJ7Toqb02u3TActah8QxKK4rMpyIdGS9RKbqTrTErz4sJnq4wCpqj4bUYrYUkZEVcnrskILx2mqWTnhkk4MZRvA6tTIcQ5JtNMJTrvgt9/sGL+qxm1+SrdV9nx4vOWCOUZ7f/+DyK5MFnk9+07j1DFc1QG46sC7TBlI+UtXgRO4EKrhPfZYTwdZpkjI7gSJ5e1eMAknZ0BEgMWAtAXBchwwa9j7bRdcD2x80qOvjVTihrdBLNQwJDO7bLl2Lnxy82E3+3KlTs2tB6v8PifW85P5DZlSmVmd+NopERCswPY+v5nL1r0CvPOoQqLT9QDuqqC9f0GozmFN9lEpMdo/prX7OgeA18sGF/omHocO79mHs6j/kqcvvQuACnoQdy6T6f9eW7ORggAT+LE3y2c2cQN0GlFL8gJrv7cdX9/h2ee4Ttf+YEKCyI041V6QS+5UuKvH6OzSUsbwiLsPNCrL/V8zWUDkH/JUOrAYRyeMUGm7DodhCQ4QezYxifPitVDJg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <4B55EF9A28B7144E989311969C4FF4AB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3209.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2221f73e-c0fc-491e-7909-08d86afb330d
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2020 19:57:19.7282 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: g+txAk8vcde7xmAjl9oy72YXCv6kfeS2rNSyMjuWD5l62FLdEV7lMTORv1ZLLqnwVKKc6TTp6x9Rot5+uvE3rVz78lXqKcWdXxnwoOGkR3w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3548
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TMtxxPJ2m3dd33d5GzRU66SepEU>
Subject: Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 19:57:27 -0000

Hi Anders,

On 10/7/20 10:14 PM, Anders Rundgren wrote:
> On 2020-10-07 19:47, Mohit Sethi M wrote:
>> A strong +1 on the security issues of decode -> extract -> re-encode ->
>> verify signature flow. The lack of canonical encoding can also mean that
>> the resulting bytes can be different in different encoder/decoder
>> implementations.
>>
>> It would have been nice to have canonical JSON. Some implementations
>> support it with flags such as "JSON_PRESERVE_ORDER"
>> (https://jansson.readthedocs.io/en/2.8/apiref.html). Some specs try to
>> specify things like keys should be in alphabetical order but fail to
>> realize the complication with nested structures.
>
> Hi Mohit,
>
> Since a few months back there is an RFC (8785) which specifies a
> scheme for canonicalizing JSON, albeit limited to the JSON subset
> supported by ECMAScript and browsers.
>
> It can be tested in an on-line application where it is combined with
> JWS: https://mobilepki.org/jws-jcs/home

Cool ! Thanks for informing and thanks for doing the work!

--Mohit

>
> Anders
>
>>
>> CBOR has thankfully specified canonical representation (called as
>> deterministic encoding in 7049bis). Some CBOR libraries have added
>> support: https://github.com/agronholm/cbor2/issues/6.
>>
>> --Mohit
>>
>> On 10/7/20 7:30 AM, Watson Ladd wrote:
>>> On Tue, Oct 6, 2020 at 10:13 AM Christian Huitema 
>>> <huitema@huitema.net> wrote:
>>>> On 10/6/2020 10:00 AM, Michael D'Errico wrote:
>>>>
>>>>> It matters in X.509 certificates because the basic
>>>>> encoding rules (BER) allow you to specify the same
>>>>> thing in different ways.  With DER, there is only
>>>>> one way to encode every element, so everybody will
>>>>> come up with the same string of bytes and hashes of
>>>>> those strings will be the same, signatures will
>>>>> verify, etc.
>>>>
>>>> Well, we have learned a few things since 1994. The DER rules are 
>>>> defined
>>>> to allow a "re-encoding" workflow:
>>>>
>>>> * Sender side: prepare the message, encode with DER, sign the result
>>>>
>>>> * Receiver side: receive the message, parser with generic ASN.1 
>>>> decoder,
>>>> process the message using the "parsed" representation, re-encode with
>>>> DER, check the signature.
>>>>
>>>> Experience showed that this workflow is very problematic, because the
>>>> parse/reencode process may introduce subtle changes and the signature
>>>> will fail.  One may argue that these changes are due to implementation
>>>> bugs, but fact it that this is a rich environment for growing bugs.
>>>> Based on experience, the receiver side is better done as:
>>>>
>>>> * Receiver side: receive the message, save it, parse and process, and
>>>> when it is time to verify the signature go back to the original 
>>>> message
>>>> and check the signature.
>>> Examining signed data ahead of verification, particularly to determine
>>> what should have signed it, is fraught with issues. In particular
>>> parser errors that would only be exploitable by trusted parties become
>>> exploitable by anyone. Furthermore, you should know the expected
>>> signer ahead of time. That this isn't possible in X509 due to
>>> inordinate flexibility is one of many pitfalls for implementors. This
>>> sort of issue periodically leads to authentication bypasses and other
>>> such fun.
>> A strong +1 to this.
>>>
>>> Sincerely,
>>> Watson Ladd
>>>
>>>
>>>
>>> -- 
>>> Astra mortemque praestare gradatim
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls