IETF Logo Mail Archive

Re: [TLS] TLS1.2 vs TLS1.0

Eric Rescorla <ekr@rtfm.com> Thu, 23 May 2013 01:30 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8728011E8182 for <tls@ietfa.amsl.com>; Wed, 22 May 2013 18:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.525
X-Spam-Level:
X-Spam-Status: No, score=-96.525 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, RELAY_IS_220=2.118, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwArZUvEAsa9 for <tls@ietfa.amsl.com>; Wed, 22 May 2013 18:30:37 -0700 (PDT)
Received: from mail-qa0-x236.google.com (mail-qa0-x236.google.com [IPv6:2607:f8b0:400d:c00::236]) by ietfa.amsl.com (Postfix) with ESMTP id 31BA011E8181 for <tls@ietf.org>; Wed, 22 May 2013 18:30:37 -0700 (PDT)
Received: by mail-qa0-f54.google.com with SMTP id hu16so1367545qab.20 for <tls@ietf.org>; Wed, 22 May 2013 18:30:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=WjFUhtqDoc1ocz/48bHQ2yFAwHj7EXyw3k1cz/PSrbs=; b=jtPuTCdKumW5PkGpeYdlF+JNuotzUKfqAKiQZhIUSEcOXPDPOQBMFIiVlh8F0cs8RH TSdidS3+d+cG/BP3xGdPsjZl+e1djMdRsmsAWhqlPshrf5b3jKOY83nGJgxB4mJplQcs MNMH5OKPflZ6B8H2H7rXScQRxb0ySMBDWeK32SQUtj6I/rvPKAQ6fbdb3QvjDorLcZOG eKZsepa0hLI1dcAPkstQW6PhhK5u4eAyw7LZ7BcwoO83oa8d/B85QDNhkfn6vt6wHhfB ZLV04t1oGAcoBweMn30IGFOnRaPg0EJuarOJEVusEPVK/LlvUfdJ+nOWNrDDXtrr4vQ+ 4fyQ==
X-Received: by 10.224.201.198 with SMTP id fb6mr9525235qab.68.1369272636567; Wed, 22 May 2013 18:30:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.49.52.33 with HTTP; Wed, 22 May 2013 18:29:55 -0700 (PDT)
X-Originating-IP: [220.136.14.43]
In-Reply-To: <20130523005145.1C3DC1A76F@ld9781.wdf.sap.corp>
References: <CABcZeBM+BpP8USk6MNMUp3NMYB8jgOcvB8+oKpQnte7AnFJAKQ@mail.gmail.com> <20130523005145.1C3DC1A76F@ld9781.wdf.sap.corp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 22 May 2013 18:29:55 -0700
Message-ID: <CABcZeBMJDfiHKgNcVHAHwi22PwX__JS8qo+5--vTBbcTo2hWAg@mail.gmail.com>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="20cf3005dc481a97f904dd58a135"
X-Gm-Message-State: ALoCoQkPQ/uIZXsALECvfBL3mBXQVk6XtAOnzQbyDDUfS/bI31MpdKUs9WtGKu8QYl6EE2KAAQ7J
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS1.2 vs TLS1.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 01:30:41 -0000

On Wed, May 22, 2013 at 5:51 PM, Martin Rex <mrex@sap.com> wrote:

> Eric Rescorla wrote:
> > Martin Rex <mrex@sap.com> wrote:
> > >
> > > Paterson, Kenny wrote:
> > > >
> > > > True. Though the spec for DTLS does allow DTLS implementations to
> > > > terminate a connection in the event of errors.
> > > >
> > > > It's just that most (all?) implementations don't.
> > >
> > > Now that you mention it, I hadn't noticed that DTLS gives actual two
> > > _different_ guidances (MAY abort on MAC error and MUST discard records
> > > with MAC error are mutually exclusive)
> > >
> > > http://tools.ietf.org/html/rfc4347#section-4.1.2.1
> > >
> > >    4.1.2.1  MAC  (last paragraph):
> > >
> > >    In general, DTLS implementations SHOULD silently discard data with
> > >    bad MACs.  If a DTLS implementation chooses to generate an alert
> when
> > >    it receives a message with an invalid MAC, it MUST generate
> > >    bad_record_mac alert with level fatal and terminate its connection
> > >    state.
> > >
> > > http://tools.ietf.org/html/rfc4347#section-4.1.2.5
> > >
> > >    4.1.2.5  Anti-replay  (last paragraph):
> > >
> > >    If the received record falls within the window and is new, or if the
> > >    packet is to the right of the window, then the receiver proceeds to
> > >    MAC verification.  If the MAC validation fails, the receiver MUST
> > >    discard the received record as invalid.  The receive window is
> > >    updated only if the MAC verification succeeds.
> > >
> >
> > Hmm.... I'm not sure these are contradictory.
> >
> > If you get a packet with a MAC error you MUST discard the packet (i.e.,
> > not process it.) You may either *silently* discard it (i.e.., proceed as
> if
> > you had not received it) or terminate the connection with an alert.
>
> Silently discarding it     = proceed as if you had not received it
>
> non-silently discarding it = log an error and proceed as if you had not
>                              not received it
>
> Terminating the connection with an alert means "processing it".
>

Unsurprisingly, I don't agree with this interpretation.

-Ekr

v2.23.0 | Report a Bug | By Email