Re: [TLS] Epochs for ACKs
Hanno Becker <Hanno.Becker@arm.com> Mon, 20 April 2020 11:10 UTC
Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 667F63A0B74 for <tls@ietfa.amsl.com>; Mon, 20 Apr 2020 04:10:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.013
X-Spam-Level:
X-Spam-Status: No, score=0.013 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, T_SPF_TEMPERROR=0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=rvWpETfN; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=rvWpETfN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5EunUI6puVZ for <tls@ietfa.amsl.com>; Mon, 20 Apr 2020 04:10:41 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80074.outbound.protection.outlook.com [40.107.8.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD7EA3A0B78 for <tls@ietf.org>; Mon, 20 Apr 2020 04:10:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XxFCHxB9f2PXQqKwrwq9uGaxGC+aBYY1YzPv2aBBWtc=; b=rvWpETfNnxzga/OVCVYXAvlPCHoaXVu/2QxeHrxHPO+hjirIExT11ScgicNSN8jW7Gb4L1q5RffbIJkWovdNDBwMxuDP92yT9Zn+DE5prBduUx/zA9ZhXp6zrtt89ZVgvmgCcidh7+vtT1u8v/fxyrzP2tUMzs4ctUK8nbXAjxU=
Received: from DBBPR09CA0034.eurprd09.prod.outlook.com (2603:10a6:10:d4::22) by VI1PR08MB3902.eurprd08.prod.outlook.com (2603:10a6:803:c2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.29; Mon, 20 Apr 2020 11:10:31 +0000
Received: from DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:d4:cafe::20) by DBBPR09CA0034.outlook.office365.com (2603:10a6:10:d4::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25 via Frontend Transport; Mon, 20 Apr 2020 11:10:31 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT044.mail.protection.outlook.com (10.152.21.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Mon, 20 Apr 2020 11:10:31 +0000
Received: ("Tessian outbound ecb846ece464:v53"); Mon, 20 Apr 2020 11:10:31 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 8334ace0e636002b
X-CR-MTA-TID: 64aa7808
Received: from d49606e92ae5.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 78611862-035E-4CB0-A87E-060A45DE1D9F.1; Mon, 20 Apr 2020 11:10:25 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d49606e92ae5.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 20 Apr 2020 11:10:25 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E3gRjVF69Amkay8O/m9gB1cLuQ180xjrQSm5S3FOQETJIdBOo+86F2STAcsD2z0/1gXQq3T59dc7E6boAKdYWruUZDoCAKUVHDFA1r6Uj0hP4aLaVKyZYtQbwxUIOU4JSMQL6oW7Uk8kE8Z7bvcvI5SwlAfuog0BxU9d9tg4EJ2QQSijlZFW/JrnnUcZMXJr8Z2SVcAN3DF/BB9l7LMd/yaDJDzgOl9QtXmqGfi0dpZe7wSWYuDskG9KFQy+ShsYMAB0L29Faog1pxmhwpx39fQpHgkM6c+42DDG3StAG4mDdXFRjWiKhpWNUz+TBqlXQSSVmTuy05mR8s1pFhFRWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XxFCHxB9f2PXQqKwrwq9uGaxGC+aBYY1YzPv2aBBWtc=; b=lTp5CYkeZoyX8Nz1a+3W5ElMQjjly5UUxvozn8IF4r8d1beOgbyO1s9uSRCOHDWMvt7GYVFDk7w8hg02/AR8TY8XZuehIeXqKmF98mtdBxs29J0Vt9+NhpHQr8Jmu93/+EySsZLGHqnunLCLVungGGsO++kq5wl+LLWycBQ2O59vOExLFWXecobTKVESmj9P6AvEXlKbzVBhtS4WEt+9YKnnXA7bSefusUFEfuKoqM3EvSPaB5rcKUwxmGg2sLYXR++IGs0WMcFU/ZgaasGDMRAMM3x3IIOzGVtD35NJhOqK51iEOfz2Q3pIAHuEJsxu9A8Ixro+FIcDDF80mjuFtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XxFCHxB9f2PXQqKwrwq9uGaxGC+aBYY1YzPv2aBBWtc=; b=rvWpETfNnxzga/OVCVYXAvlPCHoaXVu/2QxeHrxHPO+hjirIExT11ScgicNSN8jW7Gb4L1q5RffbIJkWovdNDBwMxuDP92yT9Zn+DE5prBduUx/zA9ZhXp6zrtt89ZVgvmgCcidh7+vtT1u8v/fxyrzP2tUMzs4ctUK8nbXAjxU=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (2603:10a6:209:45::15) by AM6PR08MB4360.eurprd08.prod.outlook.com (2603:10a6:20b:b3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.26; Mon, 20 Apr 2020 11:10:23 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2921.027; Mon, 20 Apr 2020 11:10:23 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Epochs for ACKs
Thread-Index: AQHWEjKVvSYAqKGPhk+YiefphRO+/KiBAZqAgADicsM=
Date: Mon, 20 Apr 2020 11:10:23 +0000
Message-ID: <AM6PR08MB33186638A32A0AD2D30FF8C79BD40@AM6PR08MB3318.eurprd08.prod.outlook.com>
References: <AM6PR08MB331888C090D386EBC440A0A99BDA0@AM6PR08MB3318.eurprd08.prod.outlook.com>, <CABcZeBOJ7apV2u-WE5Nn91i6-MMhQHditXYXprf59=YOpM2qxQ@mail.gmail.com>
In-Reply-To: <CABcZeBOJ7apV2u-WE5Nn91i6-MMhQHditXYXprf59=YOpM2qxQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [86.177.220.146]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 7adef2c0-5c24-4ff9-d95b-08d7e51b7097
x-ms-traffictypediagnostic: AM6PR08MB4360:|VI1PR08MB3902:
X-Microsoft-Antispam-PRVS: <VI1PR08MB3902525BBB8827BDC2C39C619BD40@VI1PR08MB3902.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 03793408BA
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(478600001)(55016002)(52536014)(53546011)(9686003)(6916009)(8676002)(6506007)(186003)(316002)(26005)(81156014)(66446008)(64756008)(66476007)(7696005)(71200400001)(5660300002)(2906002)(19627405001)(66556008)(4326008)(33656002)(966005)(8936002)(86362001)(76116006)(66946007); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: n3MQ9ai/Xg0d6Kiapcy0K26Tnic/t2QUho9AXQnLXtD0fJQDE7fq1NdvUvcnzMsKUCYtuMmGCjWnXgHj5Vjv93VOnK7wqYVlS4aPbiQk/n4oELjchSSdRsTHdQbl1AmBn9hmBFAC1RXyfAiivokceT2tr9umQdAeGW6/DftrCQAh3ssZ3LDVv44mvlRJqEXxSisBpYMoRrs351BzbgfOSob8iGbnZPzK/DLtEu9kMFgVpesTWB4988tYWqUWEDqXsbRDt5UNcj2A6Lo2TivsCuMR9dO0dPh4Ro+VtBi0sIYA7WrsmOZwbvrdUy9MjTp4e1XxwJF/e/BdCLYEmXiIrVsCeQuDFiGtz1VjrThP3xZ9TLCTlmqj/OKICvsqrDz/QQOt6E0hMHL6Np5fr08DQPRnDrnUZM67rI0EtslfhJ1KQA5KzrH3ztoByfk8s6de/ck83mOJh5MJXpshvfoE3y/SLditUWKBTHhHxGomIKV+ann7UgWBSvmpdfO0gEF65lc0gJnxwVK8sfUeAZB5xg==
x-ms-exchange-antispam-messagedata: 5EfpyuWiaLJ48JcxRlQjnQbKSjy5nWj0HCMB5vG5LxD6UeTZ8c+rPQXncIsm8knlJamkFprkLhqJ2jIdH+/bZzvdU9LK1KHtrwXngO+eC16kiKEb8vgzrYa/k6xZb/k3yCP1fjYy5K0b8kl+NNWVVA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB33186638A32A0AD2D30FF8C79BD40AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4360
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(376002)(346002)(136003)(39860400002)(46966005)(82740400003)(47076004)(4326008)(7696005)(6862004)(26005)(316002)(86362001)(81166007)(336012)(356005)(6506007)(53546011)(186003)(9686003)(70586007)(55016002)(52536014)(8936002)(19627405001)(8676002)(5660300002)(70206006)(478600001)(966005)(33656002)(2906002)(81156014); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: ff67cf61-b37a-41e1-144d-08d7e51b6c2a
X-Forefront-PRVS: 03793408BA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nUZsK1wixAxWzrLFHrPUCExu2Jht10wtQ7PsgMaQJv45wfyDyImNvAQkmKJ2mC4eKrPqdEVu5mCCdzGxwGIl6wmN9kR43uSeJNIGfkR9Clt/kNyEPBQxbBBVh4XrNUWP8djx0vBdxIOio3YHU/92VoWoyR7WqBQVcPY5GzxT2c681KIyfQLhBpX0OaI0oaXUokiETq+/qIZ4B6z/VfI7a0yWzMullwJVjFpDUK7S4Phm7E7prZCP0NcwfxDQlxuFlBb5sCKPuQfN79nQ/6m/DLC0AJFdTWmDXzTbEA39+Pu4K2RDAOzPLheHZBpauiX491Wk6hmMkdiZrbTZgK6QoDGMqSC3+RQ+4kVTCtNks8I0/jI2Lsy7C7DhAjh4JDoixoH5WX3zv8kDpaGp2U73a4cLXwFxWnx029iUiD9k12rj9IcXN0vnv+SEm7FfiCzCmcOdB2hyNCz9mwGxl+GzkwB0yx6MJe0hrxa45RVsb2AeIWJcmiPi8X99tWq0/y1iB4gWevAiZSLQeMb9OJrD/xYa35qV1Mg7Ozor3j7E53OLHAnsB+PqSjztd9kN4nru7VC+jgwKOFp+SxmQ5emQrg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2020 11:10:31.2021 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7adef2c0-5c24-4ff9-d95b-08d7e51b7097
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3902
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zdWMUGlPjbZGdsfHgbdnoy_qpNE>
Subject: Re: [TLS] Epochs for ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 11:10:50 -0000
Hi Ekr, Great, thanks, I left comments on that PR. Cheers, Hano ________________________________ From: Eric Rescorla <ekr@rtfm.com> Sent: Sunday, April 19, 2020 10:39 PM To: Hanno Becker <Hanno.Becker@arm.com> Cc: tls@ietf.org <tls@ietf.org> Subject: Re: [TLS] Epochs for ACKs I have posted a PR to clarify this: https://github.com/tlswg/dtls13-spec/pull/142 On Tue, Apr 14, 2020 at 1:13 AM Hanno Becker <Hanno.Becker@arm.com<mailto:Hanno.Becker@arm.com>> wrote: Hi all, On ACK protection, DTLS 1.3 Draft 37 says in Section 7: ACK records MUST be sent with an epoch that is equal to or higher than the record which is being acknowledged. Implementations SHOULD simply use the current key. Since the update of incoming and outgoing keying material is independent, I don't know how this can be enforced: After a sequence of key updates, the incoming epoch might be 42 while the outgoing epoch is 17. What problems arise if one replaces the paragraph by the following: ACK records MUST be sent with the current key, irrespective of the epoch that is used to protect the record that is being acknowledged. It appears that the paragraph is particularly relevant for the case of ACKing a ServerHello, which as far as I understand shall happen with epoch 1. Since 'current key' doesn't appear unambiguously defined at the point of the client processing the ServerHello, it might be worth spelling out this case explicitly. Best, Hanno IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [TLS] Epochs for ACKs Hanno Becker
- Re: [TLS] Epochs for ACKs Eric Rescorla
- Re: [TLS] Epochs for ACKs Hanno Becker