IETF Logo Mail Archive

Re: [TLS] Next steps for draft-agl-tls-padding

mrex@sap.com (Martin Rex) Tue, 07 January 2014 20:17 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BA341AE192 for <tls@ietfa.amsl.com>; Tue, 7 Jan 2014 12:17:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Level:
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, WEIRD_QUOTING=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVJEEGYy_Em7 for <tls@ietfa.amsl.com>; Tue, 7 Jan 2014 12:17:34 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 851F41AE15B for <tls@ietf.org>; Tue, 7 Jan 2014 12:17:34 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id s07KHN0p004489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 7 Jan 2014 21:17:23 +0100 (MET)
In-Reply-To: <cf049a7104934cc7a4bddced33cd00a2@BL2PR03MB419.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Date: Tue, 07 Jan 2014 21:17:22 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140107201722.ECDA01AB93@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Next steps for draft-agl-tls-padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 20:17:37 -0000

Andrei Popov wrote:
>
> A provisional code point assignment for this TLS extension would be great.

A provisional code point would be nice, but I had to read the
description of the extension contents several times and cross-check
with other TLS extension documents to figure out (and assure myself)
what draft-agl-tls-padding-02 really means implementation-wise.

  http://tools.ietf.org/html/draft-agl-tls-padding-02#section-3

   3.  Padding Extension

   A new extension type (""padding(TBD)"") is defined and MAY be
   included by the client in its ClientHello message.
   enum {
           padding(TBD), (65535)
   } ExtensionType

   The client MUST fill the padding extension completely with zero
   bytes, although the padding extension may be empty.

   The server MUST NOT echo the extension.


Based on the general definition of TLS extensions:

   http://tools.ietf.org/html/rfc3546#section-2.3
   http://tools.ietf.org/html/rfc4366#section-2.3
   http://tools.ietf.org/html/rfc5246#section-7.4.1.4

   2.3.  Hello Extensions

   The extension format for extended client hellos and extended server
   hellos is:

      struct {
          ExtensionType extension_type;
          opaque extension_data<0..2^16-1>;
      } Extension;

   Here:

   - "extension_type" identifies the particular extension type.

   - "extension_data" contains information specific to the particular
     extension type.


I assume that what draft-agl-tls-padding-02 intends to say is that

  "extension_data" for the Padding TLS extension has no internal structure
  (and therefore no additional extension-internal length field).

Anyhow, extension_data is supposed to have variable length,
and constain only zero bytes when present.

compare to Renegotiation Info TLS extension:
   http://tools.ietf.org/html/rfc5746#section-3.2

It might help to describe the resulting on-the-wire encoding of two samples:

the padding ExtensionType will be a 16-bit integer that can be represented
as 0xhhll  (where hh stands for the most significant octet and ll stands
for the least significant octet).

The shortest padding "Extension" struct with padding length 0 will encode to

   hh ll 00 00

With a padding of 5 octets, the padding "Extension" struct will encode to

   hh ll 00 05 00 00 00 00 00

   \   / \   / \            /
    \ /   \ /   \          /
     |     |     ----------
     |     |         |
     |     |         +----  Extension.extension_data contents 
     |     |
     |     +--------------  <0..2^16-1> 16-bit length of
     |                      Extension.extension_data variable length vector
     |
     +--------------------  IANA-assigned Extension.extension_type
                            for padding extension


The Renegotiation Info extension will also be "empty" on initial handshakes
on a connection, but its extension_data has internal structure

      struct {
          opaque renegotiated_connection<0..255>;
      } RenegotiationInfo;

and the variable length internal structure adds an additional length field
(a one-octet length field for vector size <0..255>), even when
renegotiated_connection itself is "empty", resulting in the
on-the-wire representation  ff 01 00 01 00 .


-Martin

v2.23.0 | Report a Bug | By Email