IETF Logo Mail Archive

Re: [TLS] Proposed text for removing renegotiation

Nikos Mavrogiannopoulos <nmav@redhat.com> Thu, 19 June 2014 10:26 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F22551A011E for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 03:26:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Level:
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOxa4FcK8TzK for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 03:26:54 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40F421A0114 for <tls@ietf.org>; Thu, 19 Jun 2014 03:26:54 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s5JAQpOC029740 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Jun 2014 06:26:51 -0400
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s5JAQm68006547 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 19 Jun 2014 06:26:50 -0400
Message-ID: <1403173608.5825.6.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 19 Jun 2014 12:26:48 +0200
In-Reply-To: <53A0AB7E.4050706@fifthhorseman.net>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <1402648977.6191.36.camel@dhcp-2-127.brq.redhat.com> <CACsn0ck6OxPm8BwuNeAn+wpayaefkAzZtiyjkaQ1sB_4hp0C_Q@mail.gmail.com> <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com> <53A0AB7E.4050706@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_HqoYQhGY4geAFTumvhO8OLfZo0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2014 10:26:56 -0000

On Tue, 2014-06-17 at 16:56 -0400, Daniel Kahn Gillmor wrote:
> On 06/17/2014 03:36 AM, Nikos Mavrogiannopoulos wrote:
> > On Fri, 2014-06-13 at 08:34 -0300, Watson Ladd wrote:
> > 
> >> The issue is the following: most applications do something like this
> >> parse_request(conn)
> >> check_if_request_authorized(conn)
> >>
> >> This assumes that the authentication state doesn't change in between
> >> the two lines, or midway through the parse.
> >> With renegotiation it can.
> > 
> > Indeed, but this is an easily unsolvable issue. 
> Do you mean "easily solvable" here?

Yes.

> > That can be easily
> > avoided on the implementation side (and gnutls is does not allow that).
> > I have numerous times asked to clarify and better specify this part on
> > the past.
> Do you have a suggestion for how we could clarify and better specify
> this part?  Maybe it's worth crafting that into a counterproposal that
> could be weighed against the current "remove renegotiation" proposal.

My counter-proposal would be:
1. Removing the Note "If a rehandshake occurs while data is flowing on a
connection, the communicating parties may continue to send data using
the old CipherSpec."

2. Adding the text: "During the handshake process implementations SHALL
NOT allow application protocol data exchange. Implementations SHALL
terminate the session if application protocol data is received." (in
DTLS that data may arrive due to network errors so they should be
quietly discarded.

3. Adding the text "Since the authentication credentials may change
during a renegotiation the upper layers must be notified of either the
new negotiation process or any identity change."

That would make renegotiation a strictly inband process, and
applications would be able to distinguish traffic before and after a new
negotiation.

regards,
Nikos

v2.23.0 | Report a Bug | By Email