Re: [TLS] Interaction between cookies and middlebox compat mode
Matt Caswell <matt@openssl.org> Thu, 28 December 2017 16:12 UTC
Return-Path: <matt@openssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EBBC12AF83 for <tls@ietfa.amsl.com>; Thu, 28 Dec 2017 08:12:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.575
X-Spam-Level:
X-Spam-Status: No, score=-3.575 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SBL_CSS=3.335, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3moxvcPnmnxI for <tls@ietfa.amsl.com>; Thu, 28 Dec 2017 08:12:57 -0800 (PST)
Received: from mta.openssl.org (mta.openssl.org [IPv6:2001:608:c00:180::1:e6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04151120721 for <tls@ietf.org>; Thu, 28 Dec 2017 08:12:56 -0800 (PST)
Received: from [10.75.10.6] (unknown [104.238.169.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta.openssl.org (Postfix) with ESMTPSA id 955AEE3685; Thu, 28 Dec 2017 16:12:54 +0000 (UTC)
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <9a7b1178-f856-ec63-c4b7-e2b29993e133@openssl.org> <CABcZeBMS9TeR-kFem4xHiWGVyKn5LbvDomdzL6vV_3XrKkravQ@mail.gmail.com> <37a087f4-efbe-7eae-5539-d220ff67e243@openssl.org> <CABcZeBOfcKTDnc+FcTPutMazSEhg3V8_tWqzeqpv=N6ki9jN9g@mail.gmail.com>
From: Matt Caswell <matt@openssl.org>
Message-ID: <4c37d15e-7375-d4d0-62d1-c6d295fb7080@openssl.org>
Date: Thu, 28 Dec 2017 16:12:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOfcKTDnc+FcTPutMazSEhg3V8_tWqzeqpv=N6ki9jN9g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gFNdXTzpJIzlJkTPbhVIUt1obMk>
Subject: Re: [TLS] Interaction between cookies and middlebox compat mode
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Dec 2017 16:12:59 -0000
On 28/12/17 12:28, Eric Rescorla wrote: > I think it would be helpful > to be more explicit in the text if that is the case, i.e. identify the > first point in the handshake and the last point in the handshake where > CCS is valid. There probably should also be some words about how servers > implementing older TLS versions should handle a CCS that comes first. > > > I could add those. > > > However, I'm concerned about the added complexity of interpreting things > that way. Suddenly a CCS arriving is no longer handled by just dropping > it and forgetting it - you now have to store state about that and > remember it later on in the process in other TLS versions. The CCS > workaround was supposed to be a simple no-op to implement and it no > longer appears that way in this interpretation. > > > Well, it seems like the issue here is you want the client to send CH1, > CCS, CH2 > so we need the server to accept that. Am I missing something? The point is a stateless server will not know about CH1 at the point that it receives CCS. Actually, as Ilari points out, there could be any junk (including partial records) arriving between CH1 and CH2. So this feels more like a special case for stateless servers. In other words I would prefer to say that a CCS that arrives first is not allowed. That simplifies the general case and requires no special coding for servers implementing older versions of TLS. However, we add additional words around what stateless servers do with "junk" they receive that doesn't look like a ClientHello (i.e. they ditch it). That "junk" would include a CCS. That seems like a much cleaner solution. Matt
- [TLS] Interaction between cookies and middlebox c… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Eric Rescorla
- Re: [TLS] Interaction between cookies and middleb… Matt Caswell
- Re: [TLS] Interaction between cookies and middleb… Ilari Liusvaara