IETF Logo Mail Archive

Re: [TLS] Next steps for draft-agl-tls-padding

Andrey Jivsov <crypto@brainhub.org> Tue, 08 April 2014 06:25 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE94D1A00C6 for <tls@ietfa.amsl.com>; Mon, 7 Apr 2014 23:25:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2_x7JlbJP9N for <tls@ietfa.amsl.com>; Mon, 7 Apr 2014 23:25:14 -0700 (PDT)
Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:243]) by ietfa.amsl.com (Postfix) with ESMTP id D0DC71A00AF for <tls@ietf.org>; Mon, 7 Apr 2014 23:25:14 -0700 (PDT)
Received: from omta09.emeryville.ca.mail.comcast.net ([76.96.30.20]) by qmta13.emeryville.ca.mail.comcast.net with comcast id nJGj1n00A0S2fkCADJR9NB; Tue, 08 Apr 2014 06:25:09 +0000
Received: from [192.168.1.8] ([71.202.164.227]) by omta09.emeryville.ca.mail.comcast.net with comcast id nJR71n00M4uhcbK8VJR8Bo; Tue, 08 Apr 2014 06:25:08 +0000
Message-ID: <53439643.5090004@brainhub.org>
Date: Mon, 07 Apr 2014 23:25:07 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: tls@ietf.org
References: <cf049a7104934cc7a4bddced33cd00a2@BL2PR03MB419.namprd03.prod.outlook.com> <20140107201722.ECDA01AB93@ld9781.wdf.sap.corp> <CAL9PXLzawuetexEvU5PECUwuuiLvq5T0bxnhiky3cevQpetjNQ@mail.gmail.com> <CABcZeBNMAB40p+zxTGh354MCtEu+TbikS4w=C0SDyHNCdu=djw@mail.gmail.com> <CAK6vND_4umziyfG=XWe37tUmv=ahVP08jFX+YrgaSG+_THFWUA@mail.gmail.com> <5341EFA4.7070808@brainhub.org> <CABkgnnXMHTW2cfeFgYoO1Ui_PgBeDgMMaG+hco7MXi5qnEHD+g@mail.gmail.com> <CACsn0cnzMs9t0bDii+JxnBOs43rG6Hhs=F4kHP27S32s4X=Vxw@mail.gmail.com>
In-Reply-To: <CACsn0cnzMs9t0bDii+JxnBOs43rG6Hhs=F4kHP27S32s4X=Vxw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1396938309; bh=MxBZE3M8UElNf/YFBE6FkpuBvZNO7TH5CIuyZxis3gQ=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=DfWLfry2AQtH8TaGwkkAWcmyTV6/LxyZgOhB3i1irdoofC8F7DE6pi6W+sspH68Og LZty7uYmOI6molvHhOzIlk5IC/RjqVFGAIiZaOSHV8jRUWkVliiRUCxSN2HsE8ooil NlwOUgLR4xy/Y3Fqir3FpxbXg+Csqki30tHbTH05/XUqr8MVerCFsAP7D28/UR2Flc +7upeKWOjKflnwR2LxjEz0xvYyh6VhpuaqnH5dNucLx/VNlBsiuVr15iwxLQHY1c35 EL8l8HGAmrzidFK2Gx7Y9NgFJUdDn5pLj6lCg4v6bfxr+RZsgk5fM+y5o5xMdYcMi/ iF967na4YII7Q==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/e1GmxhRtfhGScevNH6vhq6mY4aY
Subject: Re: [TLS] Next steps for draft-agl-tls-padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 06:25:19 -0000

On 04/07/2014 10:40 AM, Watson Ladd wrote:
>
> On Apr 7, 2014 10:21 AM, "Martin Thomson" <martin.thomson@gmail.com
> <mailto:martin.thomson@gmail.com>> wrote:
>  >
>  > On 6 April 2014 17:21, Andrey Jivsov <crypto@brainhub.org
> <mailto:crypto@brainhub.org>> wrote:
>  > > The spec would benefit from a suggestion about what the recommended
> use of
>  > > the padding extension is (i.e. to which size one should pad).
>  >
>  >
>  > This has been discussed extensively, here and elsewhere.  See for
>  > instance, http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
>  > or https://www.imperialviolet.org/2013/10/07/f5update.html or
>  > https://code.google.com/p/chromium/issues/detail?id=315828 .
>  >
>  > I expect that the draft authors are being sensitive to the fact there
>  > is no need to create a more public, permanent record of what is a
>  > transient problem.

I appreciate this concern, but I think that both goals can be achieved.

I was looking for a generic description of what problem the draft solves 
and how from the viewpoint of somebody who is unfamiliar with the problem.

Something along these lines:
> The extension can mitigate defects in TLS message identification by
> allowing the sender control the values of octets representing the
> size of the ClientHello packet. The extension can also be used as a
> testing tool for such issues.

>
> I read the F5 explaination. It's worth keeping it around so in the
> future, when tempted to upgrade a binary protocol we ask the guy
> proposing the upgrade how to distinguish old and new.

True. One should always think about what kind of a state machine will be 
needed to handle the old and new protocol messages.

v2.23.0 | Report a Bug | By Email