Re: [TLS] Cached-info substitution

Stefan Santesson <stefan@aaa-sec.com> Sat, 20 February 2010 00:45 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20B4A3A7CE9 for <tls@core3.amsl.com>; Fri, 19 Feb 2010 16:45:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUgB93rCciUU for <tls@core3.amsl.com>; Fri, 19 Feb 2010 16:45:13 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id D25CA3A7904 for <tls@ietf.org>; Fri, 19 Feb 2010 16:45:03 -0800 (PST)
Received: from s42.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 712EE369810 for <tls@ietf.org>; Sat, 20 Feb 2010 01:45:53 +0100 (CET)
Received: (qmail 99046 invoked from network); 20 Feb 2010 00:45:43 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s42.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <wtc@google.com>; 20 Feb 2010 00:45:43 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Sat, 20 Feb 2010 01:45:42 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Wan-Teh Chang <wtc@google.com>
Message-ID: <C7A4EF46.86DA%stefan@aaa-sec.com>
Thread-Topic: [TLS] Cached-info substitution
Thread-Index: AcqxxgdxLgwQBO/pM0iLpvtRmQPOyw==
In-Reply-To: <e8c553a61002191348x7339e688s10cbdea90843b0cd@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] Cached-info substitution
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2010 00:45:19 -0000

On 10-02-19 10:48 PM, "Wan-Teh Chang" <wtc@google.com>; wrote:

> On Fri, Feb 19, 2010 at 7:01 AM, Stefan Santesson <stefan@aaa-sec.com>; wrote:
>> 
>> As I see it we have two choices.
>> 
>> 1) To define a format for the handshake message which include the hash
>> substitution using a syntax that alters the defined syntax of the handshake
>> message. (current draft approach)
>> 
>> 2) To define a format which preserves the original handshake message syntax.
>> 
>> 
>> In practice this would look something like this:
>> 
>> 
>> Certificate handshake message:
>> 
>> Original syntax:
>>      opaque ASN.1Cert<1..2^24-1>;
>> 
>>      struct {
>>          ASN.1Cert certificate_list<0..2^24-1>;
>>      } Certificate;
>> 
>> 
>> Substitution syntax, choice 1 (current draft):
>>      struct {
>>          CachedInformationHash certificate_list<0..2^24-1>;
>>      } Certificate;
>> 
>> 
>> Substitution syntax, choice 2 (preserving original syntax):
>>      CachedInformationHash CachedCertList<1..2^24-1>;
>> 
>>      struct {
>>          CachedCertList certificate_list<0..2^24-1>;
>>      } Certificate;
> 
> In choice 2, did you mean CachedCertList or CachedCert?

It's CachedCertList in the sense that it contains a hash of a
certificate_list vector.


> With CachedCertList, the Certificate message would contain
> a list of lists of certificates.
> 
It would use the same structure as the original handshake message. That is,
a 3 byte total length followed by a number of 3byte length vectors.

The only difference is that in the original syntax the inner vectors are
opaque and in the substitution syntax they have the structure of a
CachedInformationHash.



> In choice 2, how does a decoder distinguish between 'opaque' and
> CachedInformationHash?  Is it supposed to "sniff" the first few
> bytes to see whether it looks like an ASN.1 DER encoded cert?
> 

The client is supposed to compare the content against the
CachedInformationHash values sent to the server in the Client Hello
extension. If both length and content matches a value sent to the server,
there is a match.

/Stefan 


> Wan-Teh