Re: [TLS] Keeping TLS extension points working

David Benjamin <davidben@chromium.org> Mon, 25 July 2016 22:35 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACC5512D0B2 for <tls@ietfa.amsl.com>; Mon, 25 Jul 2016 15:35:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.986
X-Spam-Level:
X-Spam-Status: No, score=-3.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Hm8Zl21ioem for <tls@ietfa.amsl.com>; Mon, 25 Jul 2016 15:35:49 -0700 (PDT)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8857912B029 for <tls@ietf.org>; Mon, 25 Jul 2016 15:35:48 -0700 (PDT)
Received: by mail-lf0-x230.google.com with SMTP id l69so138089969lfg.1 for <tls@ietf.org>; Mon, 25 Jul 2016 15:35:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Cqien/fxRG2Xq+12qGWaS61nbICBl4UIjXanqOU66Jw=; b=MBk5C9ZLq7teq1zjQwmJKDGt+6a53NUZj102TPpV0NZ3hIgla6NViNZ6I1G/2x95gq BFAHq1wPLe+Ka5FbT7uhOsdX1uYljpCgsiTdFzPqsUPi20WR7p0PfXk7ByTPfaT04Zvp e8TYr1WDFiEiMNqJDTkDyHfJd/NEw7GuaxADY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Cqien/fxRG2Xq+12qGWaS61nbICBl4UIjXanqOU66Jw=; b=euodnFqmUlZecEYSvnGjl40fxMRmzICy94dY8qHCgQPp5ABIe9YaWYf4R4wKIPSFhH TtHZ6SqLGGAZdTt7EurHaI6NIKxqN/8xZMyYAt7ChER5b5Plx6rWG7XKK9Y200x2EvQt bvjAJyX7s5SlTqbl5RLAwZNgmQQQU7FpDL5aTAh7mDM7vUGkSgEECS5Xo8jQx7gxec52 /ua7YYmKkIqOXqsBBWNRnkqLHDQ/5Zb49nuIPimKP8zEhYlFHKMUBuXyNxKaTHiTjCYi TmuDRy2HMchD/EX87Tw813cIzT3t2uSJiyq1n13kjM2ZRKWajrDAknpPYCwr7FY2t8gh uVQw==
X-Gm-Message-State: AEkoousdqiWHyqQJOvFfSvqs00oXnZlmMKhHW0x3A04kzDdkN+JJJE4obhHTY4RN41G1Jl5Cokkh7frXb8yjD79Q
X-Received: by 10.25.145.135 with SMTP id t129mr8753756lfd.163.1469486146503; Mon, 25 Jul 2016 15:35:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaCaW2Q+z_JoDqzQZaGCWJ2aqUiyK8_J8_CO4Ck_cqtaSA@mail.gmail.com>
In-Reply-To: <CAF8qwaCaW2Q+z_JoDqzQZaGCWJ2aqUiyK8_J8_CO4Ck_cqtaSA@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 25 Jul 2016 22:35:37 +0000
Message-ID: <CAF8qwaA1gDoSvJvFzt2zwwEL1zhGA1p4f_ARc09FVcBGiBKVBw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a11402830c4212405387d67dc
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XPx0LzU7opHlQfE9-qJDhzLr0Z4>
Subject: Re: [TLS] Keeping TLS extension points working
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 22:35:52 -0000

On Mon, Jul 25, 2016 at 6:32 PM David Benjamin <davidben@chromium.org>
wrote:

> Hi folks,
>
> I'm not sure how this process usually works, but I would like to reserve a
> bunch of values in the TLS registries to as part of an idea to keep our
> extension points working. Here's an I-D:
> https://tools.ietf.org/html/draft-davidben-tls-grease-00
>
> (The name GREASE is in honor of AGL's rusted vs. well-oiled joints analogy
> from https://www.imperialviolet.org/2016/05/16/agility.html )
>
> One problem we repeatedly run into is servers failing to implement TLS's
> various extension points correctly. The most obvious being version
> intolerance. When we deployed X25519 in Chrome, we discovered an intolerant
> implementation. (Thankfully it was rare enough to not warrant a fallback or
> revert!)
>

Er, I lost a sentence here, sorry.

I meant that, in addition to version intolerance other extension points
have also gathered rust. The X25519 trouble was an example of named curve
intolerance, not version. (Someone forgot a default in their switch-case.)


> It appears that signature algorithms maybe also be gathering rust. Ciphers
> and extensions seem to have held up, but I would like to ensure they stay
> that way.
>
> The root problem here is these broken servers interoperate fine with
> clients at the time they are deployed. It is only after new values get
> defined do we notice, by which time it is too late.
>
> I would like to fix this by reserving a few values in our registries so
> that clients may advertise random ones and regularly exercise these
> codepaths in servers. If enough of the client base does this, we can turn a
> large class of tomorrow's interop failures into today's interop failures.
> This is important because an bug will not thrive in the ecosystem if it
> does not work against the current deployment.
>
> If you were in Berlin, you may recognize this idea from the version
> negotiation debate. Alas that all happened in the wrong order as I hadn't
> written this up yet. This idea can't be applied to versioning without
> giving up on ClientHello.version, but we can start with the rest of the
> protocol.
>
> David
>
> PS: This is actually my first I-D, so apologies if I've messed it up
> somewhere!
>