IETF Logo Mail Archive

[TLS] Review of draft-ietf-tls-rfc4366-bis-04

Simon Josefsson <simon@josefsson.org> Fri, 24 April 2009 22:45 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 68BA13A68DA for <tls@core3.amsl.com>; Fri, 24 Apr 2009 15:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.681
X-Spam-Level:
X-Spam-Status: No, score=-2.681 tagged_above=-999 required=5 tests=[AWL=-0.082, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6+0HTScNyGfQ for <tls@core3.amsl.com>; Fri, 24 Apr 2009 15:45:44 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 4634E3A6839 for <TLS@ietf.org>; Fri, 24 Apr 2009 15:45:44 -0700 (PDT)
Received: from c80-216-29-127.bredband.comhem.se ([80.216.29.127] helo=mocca.josefsson.org) by yxa-v.extundo.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from <simon@josefsson.org>) id 1LxUAe-00015k-5I for TLS@ietf.org; Sat, 25 Apr 2009 00:47:01 +0200
From: Simon Josefsson <simon@josefsson.org>
To: TLS@ietf.org
References: <AC1CFD94F59A264488DC2BEC3E890DE507E145E8@xmb-sjc-225.amer.cisco.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:090424:jsalowey@cisco.com::ZI45WoCSkaCNkQGu:1WNg
X-Hashcash: 1:22:090424:tls@ietf.org::Mn6kQuMBcaqWRUo0:AF/i
Date: Sat, 25 Apr 2009 00:46:58 +0200
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE507E145E8@xmb-sjc-225.amer.cisco.com> (Joseph Salowey's message of "Fri, 24 Apr 2009 07:47:27 -0700")
Message-ID: <87vdotis9p.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [TLS] Review of draft-ietf-tls-rfc4366-bis-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2009 22:45:45 -0000

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> writes:

> This is a working group last call for comments on
> draft-ietf-tls-rfc4366-bis-04 prior to sending this document on to the
> IESG for publication as a proposed standard RFC.  The document and
> revision history can be found here:
>
> http://tools.ietf.org/html/draft-ietf-tls-rfc4366-bis-04
>
>
> Please send any comments to the list by May 15, 2009.  

Hi.  The document looks good in general, however I have two comments:

1)

RFC 4366 contains:

      struct {
          opaque url<1..2^16-1>;
          Boolean hash_present;
          select (hash_present) {
              case false: struct {};
              case true: SHA1Hash;
          } hash;
      } URLAndOptionalHash;

The draft changes the struct to:

      struct {
          opaque url<1..2^16-1>;
          opaque SHA1Hash[20];
      } URLAndHash;

An RFC 4366 implementation that receives a RFC4366bis struct will reject
the encoding as corrupt, and possibly refuse the connection.

Likewise, an RFC 4366bis implementations will reject a RFC4366 struct.

It is possible to implement a parser that will accept both structs, but
this is not discussed nor suggested by the document.

I suggest that a padding byte is inserted as follows:

      struct {
          opaque url<1..2^16-1>;
          opaque padding<1>;
          opaque SHA1Hash[20];
      } URLAndHash;

And some text is added:

   The "padding" byte MUST be 0x01.  It is present to make the structure
   backwards compatible.

TLS 1.2 also changed old structs, let's not make the same mistake again.

2)

There is an RFC Errata for RFC 4366:

http://rfc-editor.org/errata_search.php?eid=111

The issues are all either irrelevant or fixed, except for (2).  As far
as I can tell, the concern is valid.  The text needs to be modified to
replace "the server name" with "any of the server names".  The WG could
also consider Alfred's suggestion that clients needs indication of which
name the server accepted, but I'm not sure this is important.

/Simon

v2.23.0 | Report a Bug | By Email