IETF Logo Mail Archive

Re: [TLS] Next Protocol Negotiation 03

Nikos Mavrogiannopoulos <nmav@gnutls.org> Wed, 25 April 2012 15:16 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E33421F8656 for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 08:16:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4S2uLzDjZ9yR for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 08:16:04 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id BC76821F864D for <tls@ietf.org>; Wed, 25 Apr 2012 08:16:03 -0700 (PDT)
Received: by eeke51 with SMTP id e51so349081eek.31 for <tls@ietf.org>; Wed, 25 Apr 2012 08:16:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=gyWeNp77oOY6haY4BElIwk+5IzCc1quX/MMBMGJcWLU=; b=cBAZp23b7v7mDBbSQsma7W00nvCERPOGkX6Nh34NmmFFYOfy+mEsLLS531MxN5/g9N 6MEyueBm6utgAdcbl6UaO3XWuBNiXkybQ5peHWv1CEK3xwU2PuADnWwuivn5mxWxDJsO r5yM238jsaZLNQ0+tvfoLiYbRFbKYDCPcGoS+tpgubsmdv4hNpTecNm+qTkwXCEF9cTO jH9sG3kQ0WN1rLguHQ/9sXwPz5bVRXqh0MwKGjZ71wc9NzSJb2PXl19jyw2VWk5kF28N 7wt/n29HolOFS8Z3Z0QgzRODyUoLUogkNMwC/pzbLeT5lz0M5za6LoJ28ZJfUnFvqiFd gAxw==
Received: by 10.213.17.5 with SMTP id q5mr304896eba.242.1335366962769; Wed, 25 Apr 2012 08:16:02 -0700 (PDT)
Received: from [10.100.2.14] (d51A49E78.access.telenet.be. [81.164.158.120]) by mx.google.com with ESMTPS id m42sm105016133eef.0.2012.04.25.08.15.58 (version=SSLv3 cipher=OTHER); Wed, 25 Apr 2012 08:16:00 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4F981528.9010903@gnutls.org>
Date: Wed, 25 Apr 2012 17:15:52 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3
MIME-Version: 1.0
To: tls@ietf.org
References: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com>
In-Reply-To: <CAL9PXLy31VzxLidgOy64MnDAyRE=HU=hxyBXW1rgB+Xnd0vKjA@mail.gmail.com>
X-Enigmail-Version: 1.4
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Next Protocol Negotiation 03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 15:16:05 -0000

On 04/24/2012 10:56 PM, Adam Langley wrote:


> Perforce, it includes the current extension and handshake message
> numbers. I understand that using these numbers without permission has
> upset some people. However, we stand up, evaluate and tear down TLS
> work at a rate far in excess of what the WG could usefully process.
> Standardising every experiment before testing it would waste RFCs and
> allocations, not to mention years. Therefore the extension and
> handshake numbers were randomly generated.


Some comments on the current draft. It is quite a complex negotiation.
My understanding is, that instead of having a simple:
ClientHello: I want protocols A, or B.
ServerHello: Let's talk A.

We have
ClientHello: I want to negotiate a protocol
ServerHello: I have A or B.
...
Client NPN message: Let's talk A.

That's really different from any other negotiation in TLS.
I understand that you might want to hide the protocol that
they are actually talking, but is this the way to do it?

Say that B is TOR. Wouldn't a middleware terminate the connection anyway
if the server supports tor? So that complication doesn't
really buy privacy or protection against middlewares.

I'd suggest that you define NPN using the simple ClientHello/ServerHello
methods, and then for privacy add a new extension NegotiatePrivate or so
that would exchange after Client ChangeCipherSpec:
ClientPrivateExtensions: client_hello_extension_list<0..2^16-1>;

and after the server Changecipherspec:
ServerPrivateExtensions: server_hello_extension_list<0..2^16-1>;

and this format is not NPN specific. Any extension
can be negotiated like that.


regards,
Nikos

v2.23.0 | Report a Bug | By Email