Re: [TLS] Interaction between cookies and middlebox compat mode
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 28 December 2017 13:01 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB57127873 for <tls@ietfa.amsl.com>; Thu, 28 Dec 2017 05:01:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDNtIaMSTFwl for <tls@ietfa.amsl.com>; Thu, 28 Dec 2017 05:01:32 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 395AC126D46 for <tls@ietf.org>; Thu, 28 Dec 2017 05:01:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 56C48B4D20; Thu, 28 Dec 2017 15:01:29 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id s82PRta260eX; Thu, 28 Dec 2017 15:01:29 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 5FA6DC4; Thu, 28 Dec 2017 14:54:31 +0200 (EET)
Date: Thu, 28 Dec 2017 14:54:31 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Matt Caswell <matt@openssl.org>
Cc: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20171228125430.GA5837@LK-Perkele-VII>
References: <9a7b1178-f856-ec63-c4b7-e2b29993e133@openssl.org> <CABcZeBMS9TeR-kFem4xHiWGVyKn5LbvDomdzL6vV_3XrKkravQ@mail.gmail.com> <37a087f4-efbe-7eae-5539-d220ff67e243@openssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <37a087f4-efbe-7eae-5539-d220ff67e243@openssl.org>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cUV2EvpVfyl7fkr-Za_vFAzKdUs>
Subject: Re: [TLS] Interaction between cookies and middlebox compat mode
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Dec 2017 13:01:35 -0000
On Thu, Dec 28, 2017 at 08:54:45AM +0000, Matt Caswell wrote: > > So, do you believe that the correct interpretation of "any time during > the handshake" includes the first message? I think it would be helpful > to be more explicit in the text if that is the case, i.e. identify the > first point in the handshake and the last point in the handshake where > CCS is valid. There probably should also be some words about how servers > implementing older TLS versions should handle a CCS that comes first. > > However, I'm concerned about the added complexity of interpreting things > that way. Suddenly a CCS arriving is no longer handled by just dropping > it and forgetting it - you now have to store state about that and > remember it later on in the process in other TLS versions. The CCS > workaround was supposed to be a simple no-op to implement and it no > longer appears that way in this interpretation. To me it seems like if you are doing a stateless retry, you can not fail the handshake if you receive CCS between the two CHs. In fact, more generally you can not fail the handshake if you receive arbitrary junk between the two CHs (as long as the junk does not mess framing of the later CH). Here "can not fail" does not mean requirement on implementation, it is fundamential constraint due to stateless implementation (because failing would require keeping state!). I think there should be note about this in the specification (that stateless implementations need to ignore arbitrary junk records and messages before the ClientHello message). However, this causes problems if the junk contains any handshke messages that are fragmented. Especially so if the underlying transport not reliable. This is the same problem as why fragmenting ClientHello is a bad idea. -Ilari
- [TLS] Interaction between cookies and middlebox c… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara