Re: [TLS] Post-handshake Finished when rejecting a CertificateRequest

Eric Rescorla <ekr@rtfm.com> Tue, 02 August 2016 12:54 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A980112D590 for <tls@ietfa.amsl.com>; Tue, 2 Aug 2016 05:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ul67xc-Cv7Yp for <tls@ietfa.amsl.com>; Tue, 2 Aug 2016 05:54:58 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211AC12D581 for <tls@ietf.org>; Tue, 2 Aug 2016 05:54:58 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id z8so197067625ywa.1 for <tls@ietf.org>; Tue, 02 Aug 2016 05:54:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SxaqPu7oW27UyM0cf3tw7IYGLdf6s2fbzSnC1q/Ktvs=; b=X4/7v/Rnfo7GbihEtpn+SZGVCpBlY9khYS5nlmYp8Qig5GENdo1dvsnyDFI2wQynOq Zq4KoAIUKqazZYFKidmUAZKqDAT4tzM7FAVU6ogSM4yoTqjvvcXGenGrPjqpLmualJUR RXWMUPb4fGJK3eABdUJ/44Vm4fBfNULIEOoDoa8i0/Cx8BjGCgiV3E721RbsSE7yxJlP XLeKb49bWU76IaivcVU1Dj751rYGhXvnCkuqwGo/tgc3XLNHRYaaheDmjRFoLynfXPvW ZQKe7B2X/39oFd9qllFnLuIsF5uIS3BgWH08fWXDgN06mC8Jo8F+DKrTXYEV51zD4tT6 qI/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SxaqPu7oW27UyM0cf3tw7IYGLdf6s2fbzSnC1q/Ktvs=; b=P1EiEebDZ7ERlkhPIgNM5cYKKQxl29TK6cgKEyprA8+2B9l9/2VoXgCcHGMul/Cwxo CBnE1VXH97wTrzfCz6B4ekvgdvh5PlaUFFxC5H1IrVJrU6O6RS7dK5/CLfbkUl8u+cYn lXgjHn1bhsTSVB66Y0wJJa7UQajN+6SJOFBSE4ED8wO48Whvq28dcZqF3vrkc4pHx+38 hyHSlw1DPL0x7fWwjecZWW4DcGoYK5FoYdeVeogE5JxQVnmvPrWBmTPr6d4rcip8/GTz OwBt9wM0cp/WeMxCViP6BF/qwKgTXumWJA5Cetl6GyJ4eSFLxqyTNmGAp5aqto/253yT vcCA==
X-Gm-Message-State: AEkoout3g/wZVhDRPvZ+q29UwwQqCyGtxsSTYsbjT/A3GRAB2o/k3ZAxI0qCTTnQWHR74NFrDUctXkFOxxUFFA==
X-Received: by 10.129.92.215 with SMTP id q206mr24941565ywb.8.1470142497434; Tue, 02 Aug 2016 05:54:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Tue, 2 Aug 2016 05:54:17 -0700 (PDT)
In-Reply-To: <20160802122546.GA28281@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABkgnnVUHmqDjkRn3LaV=Bz7_X_Y4oShkSyXg8h5E9=bKoLAog@mail.gmail.com> <20160802074854.GA21071@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnWMoiM4B_5Vd-qyd4f2_59FqybbHt3eziRAdM9U8BBPKA@mail.gmail.com> <20160802122546.GA28281@LK-Perkele-V2.elisa-laajakaista.fi>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 2 Aug 2016 05:54:17 -0700
Message-ID: <CABcZeBNXY9fqNkbS13yfqsAEKoCmX+bTK9O4K13SA78ma050rQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary=001a114d85ce545aed0539163930
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XG9QaKozLMm7kVmdDk78p2ttkDU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Post-handshake Finished when rejecting a CertificateRequest
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2016 12:55:00 -0000

On Tue, Aug 2, 2016 at 5:25 AM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Tue, Aug 02, 2016 at 08:40:08PM +1000, Martin Thomson wrote:
> > On 2 August 2016 at 17:48, Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
> > > Also, what exact base key does that Finished use? Client's current
> > > traffic secret at the beginning of the Finished (the sequence of
> > > traffic secrets is the same client and server, but the values may
> > > be out of sync.)?
> >
> >
> > Presumably it's the traffic_secret_N that is active at the start of
> > the sequence of messages; also presumably, the sequence of messages
> > cannot be interrupted by something like a KeyUpdate.
>
> It can't be interrupted by KeyUpdate from client, but can be interrupted
> by KeyUpdate by server.
>

Not sure why that matters. Key Updates are unidirectional. I think it
clearly has to
be sender's.

-Ekr




> (Also, I think base key only appears in Finished).
>
>
> -Ilari
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>