IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-tlsflags-00.txt

Benjamin Kaduk <bkaduk@akamai.com> Wed, 14 August 2019 01:12 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82B3C120018 for <tls@ietfa.amsl.com>; Tue, 13 Aug 2019 18:12:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vP-XLEl4C0aS for <tls@ietfa.amsl.com>; Tue, 13 Aug 2019 18:12:04 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D854212000E for <tls@ietf.org>; Tue, 13 Aug 2019 18:12:04 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x7E1BgLq016973; Wed, 14 Aug 2019 02:12:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=TwuBSCtpmRm/aeANm1JqYCOv6s8Z9e4cGN6WtYOIl28=; b=CS8JxMjaOVl32g4HkOPes31m5hbizOhhiF7rFqxouuPjniOTbWX3yaAnQoO/wCyXfniz RFwcel9kV3NVAo8f+Zdbe9O9wzvl4WbOZaDLzzHTsvqpFryh46aEaZifb7C0WWcKsx0n 2F59QBcyUKZCRUQS50AUYPIUlEXiE4+Cd7uKfRnV9dpDwi9M2onZDmypYAl6Y7V03drf AmJKapUwJyiXqG+be5y9bUle1C5jjl5NHe/cKYZLugKmAJe4c4Aa7cpHWuUqVU2IhfyC wJicT83ffdAUFbBcErUV6tOwQC7pE1MsXIgXMBJNBfFGAFOkQNHtmA08rD2lRnfG0aow lQ==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2ubf8negsa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Aug 2019 02:12:03 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x7E12Qqa021906; Tue, 13 Aug 2019 21:12:02 -0400
Received: from prod-mail-relay11.akamai.com ([172.27.118.250]) by prod-mail-ppoint2.akamai.com with ESMTP id 2u9s8weyg2-1; Tue, 13 Aug 2019 21:12:02 -0400
Received: from bos-lpczi.kendall.corp.akamai.com (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id F16ED1FC0D; Wed, 14 Aug 2019 01:12:01 +0000 (GMT)
Received: from bkaduk by bos-lpczi.kendall.corp.akamai.com with local (Exim 4.86_2) (envelope-from <bkaduk@akamai.com>) id 1hxhpY-0006XE-Hp; Tue, 13 Aug 2019 20:12:00 -0500
Date: Tue, 13 Aug 2019 20:12:00 -0500
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, TLS List <tls@ietf.org>
Message-ID: <20190814011159.GE30400@akamai.com>
References: <156563213549.17893.514258464688769886@ietfa.amsl.com> <20190812182519.GA455391@LK-Perkele-VII> <20190814005910.GC30400@akamai.com> <CACsn0cnV720QmDTjwvg+Kk4eH4s4ZPPDT0x2KdHTsdAV7SnVgQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0cnV720QmDTjwvg+Kk4eH4s4ZPPDT0x2KdHTsdAV7SnVgQ@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-08-13_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908140008
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-08-13_07:2019-08-13,2019-08-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 suspectscore=0 phishscore=0 mlxscore=0 bulkscore=0 spamscore=0 priorityscore=1501 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1908140010
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Vvjw1ED0splH-Mj6VJSGxOHA3fs>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-tlsflags-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2019 01:12:07 -0000

On Tue, Aug 13, 2019 at 06:03:32PM -0700, Watson Ladd wrote:
> On Tue, Aug 13, 2019 at 6:00 PM Benjamin Kaduk <bkaduk@akamai.com> wrote:
> >
> > On Mon, Aug 12, 2019 at 09:25:19PM +0300, Ilari Liusvaara wrote:
> > > On Mon, Aug 12, 2019 at 10:48:55AM -0700, internet-drafts@ietf.org wrote:
> > > >
> > > > A New Internet-Draft is available from the on-line Internet-Drafts directories.
> > > > This draft is a work item of the Transport Layer Security WG of the IETF.
> > > >
> > > >         Title           : A Flags Extension for TLS 1.3
> > > >         Author          : Yoav Nir
> > > >     Filename        : draft-ietf-tls-tlsflags-00.txt
> > > >     Pages           : 6
> > > >     Date            : 2019-08-12
> > > >
> > > >
> > > > The IETF datatracker status page for this draft is:
> > > > https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/
> > > >
> > > > There are also htmlized versions available at:
> > > > https://tools.ietf.org/html/draft-ietf-tls-tlsflags-00
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-tls-tlsflags-00
> > >
> > > Two things:
> > >
> > >
> > > 1) uint8 flags<0..31>;
> > >
> > > That adds an extra byte that is not technically necressary (because
> > > extensions have lengths anyway) and limits number of flags to 248
> > > (which might be enough).
> > >
> > > And I do not think the length of flags field can be 0 (if it would
> >
> > I think you need to send it in at least one protocol "response", to
> > confirm support for the extension, even if none of the flags offered
> > require confirmation/echo individually.
> 
> I'm not sure this is the case: if in the future we define flags, then
> what is the difference between not understanding any flag and not
> understanding the extension?

Nothing -- the difference is between understanding the "please frobnitz
my baddle" flag and not understanding it (or the extension, for that
matter).  If "please frobnitz my baddle" is defined such that it appears
in the ClientHello and if the server supports the extension, the server
has the option to send a Thwarp handshake message to the client at any
time post-handshake if the server detects its imminent demise, then the
client that observes "I didn't get a Thwarp" cannot distinguish between
"the server doesn't support the extension" and "the server supports the
extension but is unaware of an imminent demise".

Does that help?

-Ben

v2.30.2 | Report a Bug | By Email | System Status