Re: [TLS] What is "completed handshake"?
Martin Thomson <mt@lowentropy.net> Tue, 09 August 2022 21:47 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14B1FC157B57 for <tls@ietfa.amsl.com>; Tue, 9 Aug 2022 14:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gG42USTM; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UEwT7WC6
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfAK03fBk7Gj for <tls@ietfa.amsl.com>; Tue, 9 Aug 2022 14:47:28 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4020DC157B4A for <tls@ietf.org>; Tue, 9 Aug 2022 14:47:28 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 5AE055C02AE for <tls@ietf.org>; Tue, 9 Aug 2022 17:47:27 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Tue, 09 Aug 2022 17:47:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1660081647; x=1660168047; bh=BIZjDIE7qd RCdadyIAI+awZypXyIH2yhFSKQisan5XU=; b=gG42USTMi8Nn+Hlu2MnrWOGTQj 8H8Jposn0ugCgatIYPibO1TYCj4AlweW6SAw/HobjZrgO6Fen/ec0vFfSBEOoCzO 09LjWcqO7KC5HhcQtm9BVfFaEurGtceuMoOp9WTmSVp+jcuBNIcLBVkF0bxnek9c JJdlPo4ncLvde1ejMXF5X/mdP98pWocKPQODJngrHMNxasWI8/RSLT6Hu7a4Vlus 2ZYwiSaAVlN1GdYniyl+2X1SqMfVbU+ZFiGW/nBs6XaTZ3fI16AB8GE4/j0xv7Nv s29vGERnMBGArPXnr2xL4AcqiAE8dllv/r8X+ZW398MXlW+ne46KE3vw07ow==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1660081647; x=1660168047; bh=BIZjDIE7qdRCdadyIAI+awZypXyI H2yhFSKQisan5XU=; b=UEwT7WC6a9JEzARPtlmN8eGXeV/RlgBQZcQuNbes9A6g qFo/pNlMnIaqZqUt56e2tjTFsRoyvBEw+Nl0Ju3PaaKdSm0uRTgAkxvsW5tE41cq FUE00oUV2CUYivI3lEnHZVKVifgs1CwLBXui37fv34iEa6apjewhKHiMCA9/AIJ5 Ui+8LAnvEReFbypx6xk1bXD8wtMmRRL8pGJ216g4bFh+PWX9mkfEST5/k0ts7D9s 3Dev1W00MJ4v845pf94QU/HmKyopDyGu79XbRIwpZvEwGE49OBpTtUCp8iipQD2r 8IZQvbXTvXl4vw95lQtORSKwpqhNREBJvtFgQze4oQ==
X-ME-Sender: <xms:79XyYvfuXc9a1F-rnRmCkfxi3luFGKJ7ZHSIC7END5mELKIipejGEg> <xme:79XyYlPFWnWATjxzMc26BSu-Z3wLxRpkQVNwQ0PNrzFP4NFPC9tVj5uVS-PUhxteN 3KzLxJFH-s_g1U4tw8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeguddgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:79XyYoju0l5oU4ss272mEwBiwLYpLkECQ7oIB322cG_55Ie2ZFMqxA> <xmx:79XyYg8sYfyV__reZ4j6KUkIuFpGP7HlJBma_VMtHl0oyGLK-ymRfA> <xmx:79XyYrsADZ_tDUfDSdkr6Q8OicaTi5YpU97xNXjIJRWEjgsQmjkG5w> <xmx:79XyYp6hipG87VvjxzZLkuukCxhkdTiUtHMoGPOaxtwvOOPmf4WPJQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2C02C2340077; Tue, 9 Aug 2022 17:47:27 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-811-gb808317eab-fm-20220801.001-gb808317e
Mime-Version: 1.0
Message-Id: <8f803ba0-67b1-4403-a5b7-a23e8a93c38d@beta.fastmail.com>
In-Reply-To: <CA+_8xu3MqirbSVfjiB+5R_r4tkjigKxFsDd8noSTZ7WD2rnXCA@mail.gmail.com>
References: <CADqLbz+EJAWpAF0bBZn7DOmPwT7ZkfvNsj+uPxP3qenG26fWhQ@mail.gmail.com> <CALZ3u+aJE-ha2YFQ62fNaZUQy6yUbABAt+uBgW8h47fgkp_tiQ@mail.gmail.com> <CA+_8xu2z7jNZt3EVb71b5usU13ggXHBoGbNvVL+S9xkBqiUpMA@mail.gmail.com> <1cde19df-e130-43be-b447-41106dafa179@beta.fastmail.com> <CA+_8xu3MqirbSVfjiB+5R_r4tkjigKxFsDd8noSTZ7WD2rnXCA@mail.gmail.com>
Date: Wed, 10 Aug 2022 07:47:06 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Zl-bw2BJUuZRnId7FJQbU60Zeyk>
Subject: Re: [TLS] What is "completed handshake"?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 21:47:33 -0000
On Tue, Aug 9, 2022, at 17:49, Ben Smyth wrote: > A handshake partially completes on sending/receiving a server's Finished > message I don't see this as "partially complete", the way I frame this is that a server can send prior to the completion of the handshake under some conditions. The same applies to early data where a client can send prior to the completion of the handshake under some other conditions. In the first case, the conditions are largely self-imposed, whereas the latter has some protocol-level constraints.
- Re: [TLS] What is "completed handshake"? Töma Gavrichenkov
- [TLS] What is "completed handshake"? Dmitry Belyavsky
- Re: [TLS] What is "completed handshake"? Ben Smyth
- Re: [TLS] What is "completed handshake"? Martin Thomson
- Re: [TLS] What is "completed handshake"? Ben Smyth
- Re: [TLS] What is "completed handshake"? Martin Thomson
- Re: [TLS] What is "completed handshake"? Rob Sayre
- Re: [TLS] What is "completed handshake"? Benjamin Kaduk