Re: [TLS] SNI with early data
Benjamin Kaduk <bkaduk@akamai.com> Thu, 20 July 2017 17:11 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E551131AA9 for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 10:11:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CD3-BXQxZReh for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 10:11:00 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBD9613192B for <tls@ietf.org>; Thu, 20 Jul 2017 10:10:59 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v6KH6nUW026615; Thu, 20 Jul 2017 18:10:54 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type; s=jan2016.eng; bh=jrOEDYCDq3wEYtb0c8rDQ7WTOaLRwYzDJy7/Px9cgJ4=; b=UDWo6vSeSpau7BwIm1q4/Xs7VaU/KnTv9OV/QTQZ+VKt8bV2B7wLRKNGNyErrAO64jt2 dUukuN785iKayzaOgSbdziQh+tQsw5eVHi3IwO/MHAW/0RlwdwqtbAg1WX8/hXTeRPVb C3UvPt3Uk9Hlo1IDTiGDmFAqY/kzjwo+ZfGcM3B8lI0hRandA7mKDzFCCxutorhi92At 7ZcKeWv/RmJuhQrBtN2tbDoRRCGOws27KaijdjjoMHNIndaEFmS2PC/3IPQrM0dNUH3l Rk8rXjlmlF0t+8JkKir6//4fEC1Z0BiyDEXLmrRKo9DvO9t85EfvBFItB3o4ZwN/6pV1 ww==
Received: from prod-mail-ppoint1 (a184-51-33-18.deploy.static.akamaitechnologies.com [184.51.33.18] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2btsmmswph-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jul 2017 18:10:53 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v6KHAdNk009657; Thu, 20 Jul 2017 13:10:53 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint1.akamai.com with ESMTP id 2bqecuh02d-1; Thu, 20 Jul 2017 13:10:53 -0400
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id DEA851FFA2; Thu, 20 Jul 2017 17:10:52 +0000 (GMT)
To: Matt Caswell <frodo@baggins.org>, "tls@ietf.org" <tls@ietf.org>
References: <CAMoSCWatQZDT8qUv7EqmTH_FJ4OjrSTXVY+he6qw6MmfJ_w8vg@mail.gmail.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <b1396d4a-2d62-d87c-3491-a965fb89cda3@akamai.com>
Date: Thu, 20 Jul 2017 12:10:52 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAMoSCWatQZDT8qUv7EqmTH_FJ4OjrSTXVY+he6qw6MmfJ_w8vg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------C0D24F4283895A6B9EECA0BA"
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-20_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707200264
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-20_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707200262
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bqHBSKsDgmIJR7Nbz2rGvp88swM>
Subject: Re: [TLS] SNI with early data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 17:11:01 -0000
On 07/20/2017 04:51 AM, Matt Caswell wrote: > I note in draft-21 the following text: > > When clients use a PSK obtained externally to send early data, then > the following additional information MUST be provisioned to both > parties: > > - The TLS version number for use with this PSK > > - The cipher suite for use with this PSK > > - The Application-Layer Protocol Negotiation (ALPN) protocol > [RFC7301], if any is to be used > > - The Server Name Indication (SNI), if any is to be used These are in addition to the hash algorithm provisioned with the external psk that is needed for 1-RTT operation, as mentioned somewhat in passing in section 4.2.10 > Later it says this: > > In order to accept early data, the server MUST have accepted a PSK > cipher suite and selected the first key offered in the client's > "pre_shared_key" extension. In addition, it MUST verify that the > following values are consistent with those negotiated in the > connection during which the ticket was established. > > - The TLS version number and cipher suite. > > - The selected ALPN [RFC7301] protocol, if any. > > > The language about "during which the ticket was established" seems to > suggest that the following checks do not apply to an external PSK - > which I don't think is intended. Additionally there does not seem to These values are a subset of those listed above. I believe this block of text only applies to NST-provisioned PSKs being used for early data, as the previous text applies to external PSKs being used for early data. So, since the previous list is a superset, there is no problem caused by this text not applying to external PSKs. > be a requirement on the server to check that the SNI is consistent. > So, there is a mandatory requirement for an external PSK to specify > the SNI, but no requirement on the server to check that it is actually > correct. Is this discrepancy intentional? > I'm not sure I fully understand what you are saying. The text says that (for external PSKs) the SNI must be provisioned to both parties, which to me implies that the server must only use the given PSK for early data with the specified SNI. (That is, that the server has to check.) For tickets, the requirement that SNI must match the original connection is mentioned in section 4.6.1 (NewSessionTicket). In short ... I don't see any problems here. Do you still see a problem? -Ben
- [TLS] SNI with early data Matt Caswell
- Re: [TLS] SNI with early data Kazu Yamamoto ( 山本和彦 )
- Re: [TLS] SNI with early data Benjamin Kaduk
- Re: [TLS] SNI with early data Matt Caswell
- Re: [TLS] SNI with early data Benjamin Kaduk