Re: [TLS] I-D Action: draft-ietf-tls-ctls-03.txt

Ben Schwartz <bemasc@google.com> Wed, 14 July 2021 16:39 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC543A23C6 for <tls@ietfa.amsl.com>; Wed, 14 Jul 2021 09:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.097
X-Spam-Level:
X-Spam-Status: No, score=-18.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Y2Wt7bQ80uv for <tls@ietfa.amsl.com>; Wed, 14 Jul 2021 09:39:06 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A6F73A23CA for <tls@ietf.org>; Wed, 14 Jul 2021 09:39:05 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id d2so4086840wrn.0 for <tls@ietf.org>; Wed, 14 Jul 2021 09:39:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fy+E0a+40EQgNn4E/mv3MNSBhaVP7+MQAARPPg3wAfg=; b=h9u8qO92DvStJ5Tc20DmtPIf1gdgpvHPXAVwIwL8T4hw8244m2L91IzdtZcYE2jOrp 8XJYkUvu26Yn4zqyOGdV9FzwnJ1l8moTNfQdQ0kIbWiZul/RoEiBatmGPY85qdc7J28c Uk9x7N3At0bklL813PzGwvRvczDpRWmI4MxIjbIIdXIqz1EK+/0LGHD9cxjRkFjhHTcO GhCJb78rtCWG0HOz97VY802qb6fOsLhdpZaUUJk3bVTZpdAiYREDOoR7yufh16vioFpf s6AabIBQ2OfAmBbtDcENhs9cgDrFB6aGKmlAoFoTC4XO4O6+1HYVCB0Q00bLXPWb9whx Jghg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fy+E0a+40EQgNn4E/mv3MNSBhaVP7+MQAARPPg3wAfg=; b=BlydC1EEhgZU824AOakGq43ezi1wIwYg27zRjFtcWAordaINMc5KzdSx0/n4dRmrXc XcjA7nq36VGqtCE53EbpinagFxDKaPnK3nev4viSDKo7gep548NvTCVgq5DL9PHSPudA 3XDPHxVYNFp3KlvOEmH79B0SZy6LbGeCftP97eCnc/treZk/Ua9kRsJOWKqlCn1p04OG p21k/V/PqxhfQV+msXC9RkR2x6xlTunMMMfLp1j6fMNQFbM8PR/IroIMHk7GacJ1nrPH WhufDivf4iT5dp4SFiTyeavKktpsKeXyOaRugP4V4pDRxgfV5l7dcdOjYH2wBBi5/0Ga TtwQ==
X-Gm-Message-State: AOAM5335TZCU0O4J7fl8S0NDweebu50K1ftXYgaVhuld7LebKLDbqOII aEU3DcKBW/gQjc4HvqwXYThlWbBrI+NSmU1kcblLTeOk8ns=
X-Google-Smtp-Source: ABdhPJzJDTDJCkQMr8ETcdULm/MVfu6Hz0YUKaInB+2jsbi6KMPvVtmAEXdu0P6gUXKF6K6CEQDuSn6tIZkm+kGdR88=
X-Received: by 2002:adf:ea8c:: with SMTP id s12mr14696768wrm.404.1626280743037; Wed, 14 Jul 2021 09:39:03 -0700 (PDT)
MIME-Version: 1.0
References: <162610891038.25212.2033168575799699475@ietfa.amsl.com>
In-Reply-To: <162610891038.25212.2033168575799699475@ietfa.amsl.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 14 Jul 2021 12:38:51 -0400
Message-ID: <CAHbrMsBzmk9gYbMfXt9ubnznhg0guOQQQNQa5sNF0bz2n8jZaw@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Cc: i-d-announce@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="00000000000004c7e005c717fe9d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/USO48wsxc-r0FpRELsJwFXKu9Yo>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ctls-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 16:39:11 -0000

Feature request for cTLS: NAT Slipstream defense.

In the NAT Slipstream attack [1], the server causes the client to emit TCP
data that confuses a middlebox.  This attack is possible because, in
insecure HTTP, the server can largely control the TCP contents of
client->server communication (after the first packet).  Unfortunately, TLS
also allows server control of some portions of client output (e.g. session
tickets in resumption handshakes), so these attacks are also likely
possible with TLS.

cTLS could easily close this category of vulnerabilities, with zero size
overhead, by using the Random to randomize the remainder of the ClientHello
(or ServerHello).  There are many ways to enable this; e.g. XOR with the
output of HKDF-Expand-Label, with a "Secret" provided in the cTLS profile,
Label="ctls ch" or "ctls sh", and Context=Random.

[1] https://samy.pl/slipstream/

On Mon, Jul 12, 2021 at 12:55 PM <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
>
>         Title           : Compact TLS 1.3
>         Authors         : Eric Rescorla
>                           Richard Barnes
>                           Hannes Tschofenig
>         Filename        : draft-ietf-tls-ctls-03.txt
>         Pages           : 17
>         Date            : 2021-07-12
>
> Abstract:
>    This document specifies a "compact" version of TLS 1.3.  It is
>    isomorphic to TLS 1.3 but saves space by trimming obsolete material,
>    tighter encoding, and a template-based specialization technique. cTLS
>    is not directly interoperable with TLS 1.3, but it should eventually
>    be possible for a cTLS/TLS 1.3 server to exist and successfully
>    interoperate.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/
>
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-ctls-03
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-ctls-03
>
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>