Re: [TLS] Next steps for draft-agl-tls-padding
mrex@sap.com (Martin Rex) Tue, 07 January 2014 20:17 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BA341AE192 for <tls@ietfa.amsl.com>; Tue, 7 Jan 2014 12:17:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Level:
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, WEIRD_QUOTING=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVJEEGYy_Em7 for <tls@ietfa.amsl.com>; Tue, 7 Jan 2014 12:17:34 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 851F41AE15B for <tls@ietf.org>; Tue, 7 Jan 2014 12:17:34 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id s07KHN0p004489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 7 Jan 2014 21:17:23 +0100 (MET)
In-Reply-To: <cf049a7104934cc7a4bddced33cd00a2@BL2PR03MB419.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Date: Tue, 07 Jan 2014 21:17:22 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140107201722.ECDA01AB93@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Next steps for draft-agl-tls-padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 20:17:37 -0000
Andrei Popov wrote: > > A provisional code point assignment for this TLS extension would be great. A provisional code point would be nice, but I had to read the description of the extension contents several times and cross-check with other TLS extension documents to figure out (and assure myself) what draft-agl-tls-padding-02 really means implementation-wise. http://tools.ietf.org/html/draft-agl-tls-padding-02#section-3 3. Padding Extension A new extension type (""padding(TBD)"") is defined and MAY be included by the client in its ClientHello message. enum { padding(TBD), (65535) } ExtensionType The client MUST fill the padding extension completely with zero bytes, although the padding extension may be empty. The server MUST NOT echo the extension. Based on the general definition of TLS extensions: http://tools.ietf.org/html/rfc3546#section-2.3 http://tools.ietf.org/html/rfc4366#section-2.3 http://tools.ietf.org/html/rfc5246#section-7.4.1.4 2.3. Hello Extensions The extension format for extended client hellos and extended server hellos is: struct { ExtensionType extension_type; opaque extension_data<0..2^16-1>; } Extension; Here: - "extension_type" identifies the particular extension type. - "extension_data" contains information specific to the particular extension type. I assume that what draft-agl-tls-padding-02 intends to say is that "extension_data" for the Padding TLS extension has no internal structure (and therefore no additional extension-internal length field). Anyhow, extension_data is supposed to have variable length, and constain only zero bytes when present. compare to Renegotiation Info TLS extension: http://tools.ietf.org/html/rfc5746#section-3.2 It might help to describe the resulting on-the-wire encoding of two samples: the padding ExtensionType will be a 16-bit integer that can be represented as 0xhhll (where hh stands for the most significant octet and ll stands for the least significant octet). The shortest padding "Extension" struct with padding length 0 will encode to hh ll 00 00 With a padding of 5 octets, the padding "Extension" struct will encode to hh ll 00 05 00 00 00 00 00 \ / \ / \ / \ / \ / \ / | | ---------- | | | | | +---- Extension.extension_data contents | | | +-------------- <0..2^16-1> 16-bit length of | Extension.extension_data variable length vector | +-------------------- IANA-assigned Extension.extension_type for padding extension The Renegotiation Info extension will also be "empty" on initial handshakes on a connection, but its extension_data has internal structure struct { opaque renegotiated_connection<0..255>; } RenegotiationInfo; and the variable length internal structure adds an additional length field (a one-octet length field for vector size <0..255>), even when renegotiated_connection itself is "empty", resulting in the on-the-wire representation ff 01 00 01 00 . -Martin
- [TLS] Next steps for draft-agl-tls-padding Eric Rescorla
- Re: [TLS] Next steps for draft-agl-tls-padding Russ Housley
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
- Re: [TLS] Next steps for draft-agl-tls-padding Andrei Popov
- Re: [TLS] Next steps for draft-agl-tls-padding Martin Rex
- Re: [TLS] Next steps for draft-agl-tls-padding Adam Langley
- Re: [TLS] Next steps for draft-agl-tls-padding Eric Rescorla
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Gutmann
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
- Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
- Re: [TLS] Next steps for draft-agl-tls-padding Martin Thomson
- Re: [TLS] Next steps for draft-agl-tls-padding Manuel Pégourié-Gonnard
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
- Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen