Re: [TLS] tls-flags: abort on malformed extension
Yoav Nir <ynir.ietf@gmail.com> Wed, 20 October 2021 20:12 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 332DB3A0EAA for <tls@ietfa.amsl.com>; Wed, 20 Oct 2021 13:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V86lNnRy0mRt for <tls@ietfa.amsl.com>; Wed, 20 Oct 2021 13:12:06 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0DA3A0E77 for <tls@ietf.org>; Wed, 20 Oct 2021 13:12:06 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id t2so222108wrb.8 for <tls@ietf.org>; Wed, 20 Oct 2021 13:12:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=LteT6tlbETcrYtoF+uOhYk+JXimO180smQ8WVgwaS9Y=; b=XyGesjDor52xMyFT7s1lizL6yRGkDeQHw4vXJUp1xBaV0uVTCY2dtxgymhVxoMRtYT LnvuwnyCR4NsdeqOgTH3kVUIrUrGOogP6uJ/QjA9AsjmYd6NIi5sWIrtChlNhf3vFKOy /5VxfN0WsiTa9saSSnOQPaG2OhttwX4JDKcgqsPxR6iIbmH1hfu2dFDbKJDaVx2rdA8U ScZQy/b0sY6T+6q+lZ8bz1rsilVQSx6iLcgtpd66PV6bMYx4ZKoR1YDJJNs4CrLSAIjZ 6oUYx7MALnS7YKhgc92dJEnW35SVHwtAG/ANNg/lbKDaJkHeRz9gkwEXX3MdRnz10wXK XDWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=LteT6tlbETcrYtoF+uOhYk+JXimO180smQ8WVgwaS9Y=; b=Fpi3NQS7z7dL2cEvUspgwolOg2d4GdxYuQEcFUdLGc+6AigkChErdohmspuArYBHDY gA22w1OucTpDTtWX6F0ugk3Oo1kQXV+ZLNz4r4E4bnbnTv0cDVnqH1x5g66L8rmZ9dvA 7Ry/eVEuwJh+SQ6bbglisUgbUsjAYXy+KCB6K8P6LsWngOnc3x7JztChxYopdfc7W3NC 7LqJhoEMjAtkyR5MtfU4SNxWk4Ymlbq++lf9vFths4GwPel3eDkYKM+gOGzxQsAGIPSm yVFiWFPy/IiAvYLR+VHPiwngm+8C1gDvZyMdtZx5pPpx4OjXx4I8MR2/yTWLrswAYYuQ 3zEA==
X-Gm-Message-State: AOAM5322glTiDbiYFxHlgIbCYkw7qCGrwDakWU/gRDjYNO99aBz1NBus n5PEJsQ6gJaZ/3Koe2nzIeSYO366Rccq9w==
X-Google-Smtp-Source: ABdhPJwZSQX0C5nTeYLsTx75bP2G4kbriTeqaUJv2/htL/1dNRhhb+yWDqrMacKwmsfuCECebC/buQ==
X-Received: by 2002:a5d:4882:: with SMTP id g2mr1602945wrq.399.1634760721640; Wed, 20 Oct 2021 13:12:01 -0700 (PDT)
Received: from smtpclient.apple (84.94.176.50.cable.012.net.il. [84.94.176.50]) by smtp.gmail.com with ESMTPSA id m15sm3004662wmq.0.2021.10.20.13.12.00 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Oct 2021 13:12:01 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_837F164E-20EF-4132-AE05-BE9CC202940D"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Wed, 20 Oct 2021 23:11:59 +0300
References: <5BFCE990-52C0-4C0C-BD8A-AC3DB0A48084@gmail.com> <E37094D9-A40B-4E7B-BE6B-0AE16F0E0C64@gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
In-Reply-To: <E37094D9-A40B-4E7B-BE6B-0AE16F0E0C64@gmail.com>
Message-Id: <E595452A-31F6-4FF9-8BF3-ADF0E6377832@gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YHWGgReMAtyrwNGLChTKhy52H4s>
Subject: Re: [TLS] tls-flags: abort on malformed extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 20:12:12 -0000
Hi. I updated the PR. If there are no further objections, I will commit and submit a new version in time for the submission deadline. Yoav > On 7 Oct 2021, at 21:37, Yoav Nir <ynir.ietf@gmail.com> wrote: > > Since I prefer to have the discussion in a single place, I’m copying below a comment by David Benjamin from GitHub: > >> On 28 Aug 2021, at 23:36, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote: >> >> Hi. >> >> To address Michael StJohns comment from 19-July, I submitted PR #12: >> >> https://github.com/tlswg/tls-flags/pull/12 <https://github.com/tlswg/tls-flags/pull/12> >> >> What is says is that any implementation receiving a malformed tls_flags extensions should abort the handshake. The text provides a list (which I hope is comprehensive) of all the ways this specific extension can be malformed. >> >> Please comment here or on the PR is this makes sense to everybody. > > > My proposed text: > >> An implementation that receives an invalid tls_flags extension MUST >> terminate the TLS handshake with a fatal illegal_parameter alert. >> Such invalid tls_flags extensions include: >> * zero-length extension >> * Multiple tls_flags extensions for the same message >> * A flag set in the tls_flags extension of the wrong message, as >> specified in the document for that flag > > > > David’s comment about the zero-length extension: >> If we want this to be invalid, we can put it in the TLS presentation language. Change FlagExtensions to: >> >> struct { >> opaque flags<1..255>; >> } FlagExtensions; > > > David’s comment about the multiple extensions: >> RFC8446 already prohibits this on the sender. We don't do a good job of defining the rules for the receiver, but that should probably be done uniformly across all extensions, rather than just in this one > > > David’s comment about the flag on the wrong message: >> This seems unimplementable. If I receive a message with a flag I don't recognize, I have no idea whether the flag is allowed in the message or not. Yet this text says I MUST enforce this rule. (There's probably some corresponding wording in RFC8446 we can borrow.) >> >> Nit: It also seems better to phrase this in terms of the registry, rather than the document. We might have multiple documents for the flag if we have to update it. > > OK, so now my response: > > I agree with the first and second comments. About the third, what I meant was that a supported flag that is supposed to appear only in CH appears instead and CR, or more likely, a flag that should appear in EE apears in SH instead. > > But I think the best way to resolve the issue is to remove the bullet point list and the last sentence before them, IOW: remove the examples. > > If this is agreeable to everyone, I will modify it in my PR. > > Yoav
- [TLS] tls-flags: abort on malformed extension Yoav Nir
- Re: [TLS] tls-flags: abort on malformed extension Sean Turner
- Re: [TLS] tls-flags: abort on malformed extension Rob Sayre
- Re: [TLS] tls-flags: abort on malformed extension Yoav Nir
- Re: [TLS] tls-flags: abort on malformed extension Hubert Kario
- Re: [TLS] tls-flags: abort on malformed extension Ilari Liusvaara
- Re: [TLS] tls-flags: abort on malformed extension Yoav Nir
- Re: [TLS] tls-flags: abort on malformed extension Sean Turner