IETF Logo Mail Archive

Re: [TLS] Server validation of a second ClientHello

Benjamin Kaduk <bkaduk@akamai.com> Wed, 13 February 2019 16:17 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0741C130E6E for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 08:17:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfFdn0zYngzP for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 08:17:46 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57B77131094 for <tls@ietf.org>; Wed, 13 Feb 2019 08:17:46 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x1DGCxlw010573; Wed, 13 Feb 2019 16:17:46 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=ABdqySBC8UVdB4fcOAZX4fjU2P8idMqT0eO2aXvA9vo=; b=j1Z929tOjlePA5eABsxm/WyYvlvqiRGAF+bTXJ4M9CqJtLb2oRy26+ShMQ6tkBCfX+6Z pmJvF4c1waWs3nRP5clT/GI+CQa8MpTG/gy1mqsupTiAMUTB3F0BmZp/GgT7pep6J2oc osno4oCCRlsRx3YZRJhsi1SRLsY/1dKBfDkaGzgUA3tX7bEMtVZ4sqsEuP/a7wKON9sN /zTPeemC9p/ZTp4LoHSXA01RH5tNkzmlyeyLtWDYBYW2NtY02Ru0Cc9MjtJOAx1ZomAP EjET0lXiVSfxBqJ22k2GHk0fW+nnDfXdpw5cwpcoa3NjH/Y6O0kB9zmiTXVobsflTsu5 eg==
Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2qm9m9aaxk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Feb 2019 16:17:45 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x1DGGbJT030415; Wed, 13 Feb 2019 11:17:44 -0500
Received: from prod-mail-relay14.akamai.com ([172.27.17.39]) by prod-mail-ppoint4.akamai.com with ESMTP id 2qhu323dsj-1; Wed, 13 Feb 2019 11:17:44 -0500
Received: from bos-lpczi.kendall.corp.akamai.com (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay14.akamai.com (Postfix) with ESMTP id A3BEF8122C; Wed, 13 Feb 2019 16:17:44 +0000 (GMT)
Received: from bkaduk by bos-lpczi.kendall.corp.akamai.com with local (Exim 4.86_2) (envelope-from <bkaduk@akamai.com>) id 1gtxEF-0007Cz-OV; Wed, 13 Feb 2019 10:17:43 -0600
Date: Wed, 13 Feb 2019 10:17:43 -0600
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Hubert Kario <hkario@redhat.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20190213161743.GI13623@akamai.com>
References: <1549596678.898774.1653407000.2B2ACE8E@webmail.messagingengine.com> <103341275.xSgb4icBHy@pintsize.usersys.redhat.com> <CABcZeBP=MGrj4x5brO5t5uf4tYumkL3Vthu=4zwhBHOYpsSJyQ@mail.gmail.com> <25414967.ZWlNe5bkUN@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <25414967.ZWlNe5bkUN@pintsize.usersys.redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-13_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=743 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902130117
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-13_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=766 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902130116
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bHc2_Dt1_aMl10yJxoHgHjSN3MU>
Subject: Re: [TLS] Server validation of a second ClientHello
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 16:17:48 -0000

On Wed, Feb 13, 2019 at 04:39:49PM +0100, Hubert Kario wrote:
> On Wednesday, 13 February 2019 15:39:03 CET Eric Rescorla wrote:
> 
> > To my knowledge, there was never a WG discussion about this exact question,
> > so we only have the spec to guide us. Were we pre-publication I would have
> > advocated for (a) leaving open whether to abort and (b) requiring you to
> > use the second value.
> 
> so you don't think this qualifies for Errata?

Errata are used for things that were errors at the time of publication (and,
presumably, had WG consensus for being errors).  Since there was apparently no
WG consensus on this specific topic at time of publication, the errata process
seems inappropriate.

-Ben

v2.23.0 | Report a Bug | By Email