[TLS] Two draft-22 comments

Joseph Birr-Pixton <jpixton@gmail.com> Fri, 08 December 2017 18:50 UTC

Return-Path: <jpixton@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2A0C127522 for <tls@ietfa.amsl.com>; Fri, 8 Dec 2017 10:50:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83GIA2zzl6S5 for <tls@ietfa.amsl.com>; Fri, 8 Dec 2017 10:49:59 -0800 (PST)
Received: from mail-ua0-x234.google.com (mail-ua0-x234.google.com [IPv6:2607:f8b0:400c:c08::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46A4F124D37 for <tls@ietf.org>; Fri, 8 Dec 2017 10:49:59 -0800 (PST)
Received: by mail-ua0-x234.google.com with SMTP id t24so8095418uaa.13 for <tls@ietf.org>; Fri, 08 Dec 2017 10:49:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=OCYy7MHCeSf7H1P3O1nI2HlTzKv8Ov2iPo7X4i9K0ro=; b=KW/gr3BTFY0IP8SFSW5UcHFta9zRIm0v3/C+9iAqIRPcsWudBib90SLJvJcYe4E9hH U6LcCa6kh81bQWH2dvzWnSiZ0fPEM8ag6Kq/WIUDWatmjzmIXLDUixlsl82o+le6W3KY r/IxxM+s+dx2/b29gIPeSZyjLRFFXy4NRBDrw/Z9t2pSujdskYxZ12AO22/fAp4UoNeC O3RXBbbApTDRLbC2Vbxna2lO2By9kQ6KRCCLZgMa7a+hZgRvwWDxvnMjdS2qxAPJCiFf iigcRnIJky8yHKSZmba9eMWvOfLFu13Pf86qjcMSnodBlxC28TIQXtVQBtL1atzPXzRW q1kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OCYy7MHCeSf7H1P3O1nI2HlTzKv8Ov2iPo7X4i9K0ro=; b=g9qC71QesnjomITVqqrL4vg59GkBbofTbIuCFY12HObDuw1q/qWhwEehkJFsUM/ahW NKuxq2WO5qhwwXduo/3Kb6D8jesOqx+jUxZCmwqK2Wvv9IU+csotkBRNqxWV1aLZqBXJ j8cuO18TJZ0/Lt6XtLcWk3nOM9dYftFRj6Jsynbe6k6iFDyQ5E5jl89ApXSTZzRIh1mb LiA7LeIsIjV9N4dYZI3x5iSrRK8VCSK+hOVHee39UdDEeW7yZ3aC8p2elNkdw7F7qnjc Fgp/spsW5lqMo0MZNqYnqK2q6Rx2CWi5sl66ai17dukONcfzt9yQ+I8kEMDech0OnItZ +lIg==
X-Gm-Message-State: AKGB3mKFnVPXkcbCyNeH3i0IniyHdkDnTt+g95u0lJ3+lHe93aCWtU2J THGSEGjp4D9D3Z+5FGd1u1ozmoWQOGJ0Jz5kJG3e8Q==
X-Google-Smtp-Source: AGs4zMa2fzqLQt2NSCIWffYlRKOfw1yd24ool9umqPakSboso0F0uoEb6HoDuqadqa7wzUrd2zBcL3lEDoBzhC7evBo=
X-Received: by 10.176.67.228 with SMTP id l91mr19525937ual.181.1512758998098; Fri, 08 Dec 2017 10:49:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.20.230 with HTTP; Fri, 8 Dec 2017 10:49:17 -0800 (PST)
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Fri, 8 Dec 2017 18:49:17 +0000
Message-ID: <CACaGAp=7juiJ9iEU-6AWc+QRGKmTe2KUQ1Ny8vepH8OnENJ8jQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UGoRpZRLArrzrBbMwzulIdr4cHw>
Subject: [TLS] Two draft-22 comments
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2017 18:50:01 -0000

Hello,

Draft 22 says:

  An implementation may receive an unencrypted record of type
  change_cipher_spec consisting of the single byte value 0x01 at any
  time during the handshake and MUST simply drop it without further
  processing.

That requirement is hard to meet in a library that implements both
TLS1.2 and TLS1.3 -- a CCS prior to ServerHello would have to be both
fatally rejected (TLS1.2) and dropped without further processing
(TLS1.3).

Are there any problems with tightening up "at any time during the
handshake"? Or perhaps I should be interpreting the time prior to
ServerHello as not being "during the handshake"?

--

There's inconsistency in whether the supported_versions extension is
allowed in HelloRetryRequest.  4.2.1 and B.3.1.1 say no, but 4.1.4,
4.2 and 9.2 say yes. I'll assume that's an omission and submit a PR.

Cheers,
Joe