IETF Logo Mail Archive

Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 01 February 2021 06:21 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9681F3A09F6 for <tls@ietfa.amsl.com>; Sun, 31 Jan 2021 22:21:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NJIGy9EUaLLo for <tls@ietfa.amsl.com>; Sun, 31 Jan 2021 22:21:30 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 867743A09EF for <tls@ietf.org>; Sun, 31 Jan 2021 22:21:29 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2176.outbound.protection.outlook.com [104.47.71.176]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-26-2pk6tMp7PL2PsKDbQb1ziw-1; Mon, 01 Feb 2021 17:21:23 +1100
X-MC-Unique: 2pk6tMp7PL2PsKDbQb1ziw-1
Received: from PS2PR02CA0046.apcprd02.prod.outlook.com (2603:1096:300:59::34) by SYAPR01MB2656.ausprd01.prod.outlook.com (2603:10c6:1:c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.24; Mon, 1 Feb 2021 06:21:21 +0000
Received: from PU1APC01FT061.eop-APC01.prod.protection.outlook.com (2603:1096:300:59:cafe::36) by PS2PR02CA0046.outlook.office365.com (2603:1096:300:59::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16 via Frontend Transport; Mon, 1 Feb 2021 06:21:19 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-ogg-e.UoA.auckland.ac.nz (130.216.95.208) by PU1APC01FT061.mail.protection.outlook.com (10.152.253.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3784.11 via Frontend Transport; Mon, 1 Feb 2021 06:21:17 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 1 Feb 2021 19:21:17 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.010; Mon, 1 Feb 2021 19:21:16 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Alan DeKok <aland@deployingradius.com>, Jorge Vergara <jovergar@microsoft.com>
CC: "<tls@ietf.org>" <tls@ietf.org>, EMU WG <emu@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Thread-Topic: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
Thread-Index: AQHW6PbdWpIQrOLJTkGpJ5aX/YuYBao1AjMAgAksGQCAABi7gIAAIVqAgAAJ+ACAAp0SAIAB42po
Date: Mon, 01 Feb 2021 06:21:16 +0000
Message-ID: <1612160476669.16911@cs.auckland.ac.nz>
References: <e669002f-caff-1e6e-e28b-d09157eb0c07@ericsson.com> <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com> <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com> <3CB58153-8CCA-4B1E-B530-BA67A6035310@deployingradius.com> <CAOgPGoA3U+XpZMY7J+KGovNx6MtAdEzRaGW33xVJdQNWSi4LVg@mail.gmail.com> <770e6a49-52fc-4e8b-91af-48f85e581fbb@www.fastmail.com> <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com> <ca4c526e-79a0-4fa7-abda-2b626795f068@www.fastmail.com> <3409F71E-4CE4-46BB-8079-BFBE9BE83C9A@deployingradius.com> <66157321-55DC-4831-8EF2-D75934D9024C@deployingradius.com> <20210129183220.GI21@kduck.mit.edu> <1A830492-3404-4BCC-844B-D7D950458BD9@deployingradius.com> <CAOgPGoAoFL0aL8-g2waWny=BCod4tN9R==jR_N3kuLPFzvNGOg@mail.gmail.com> <MW2PR2101MB092355019C6248626D2CEF96D1B99@MW2PR2101MB0923.namprd21.prod.outlook.com>, <F0FBEFD6-E46C-4824-BBE6-33FFC93CB356@deployingradius.com>
In-Reply-To: <F0FBEFD6-E46C-4824-BBE6-33FFC93CB356@deployingradius.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 31eb69db-3dfd-4d65-cb64-08d8c67995c8
X-MS-TrafficTypeDiagnostic: SYAPR01MB2656:
X-Microsoft-Antispam-PRVS: <SYAPR01MB2656C0AA1DC97BCD329A9D93EEB69@SYAPR01MB2656.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:5516
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: U9BlXg0mNGY5BwQRG+IjqntvDHVeA1VtsKVN3CO886trAJOln+BoB55s6IYPGlkIfbNJPMWfMHC0UEGH4YNI15V1HSD1xz88xLL4bHBSxb9uCv9Hc4pnNkupkGRftb+OT5DzxzwW0QRxnEIiTPgOFhtd+oysZenepjf7OSdi9OeutZd86uzycL+xwEio92KaBZp2Z6hTfkqQXFaIZLjqmoMTRud5GZV2cYg2d8zUqXpgVDzzZglq/0PRHsGYY3NvE4/ZW+kpiMfCbZ9yn1o5XyJ2Px01iYjPUnkLosc6kmiqJl8fgurmGGF8ccbCZkwasXlOIdvHDm/YI2lNTu5oU/vaY1WTgGgQW+LA1Zuoob5glIVZNL2nxmEFHQ7jJdtG4iUpzLC46Z8VKohXd+oSb8Y098oudTyivUeas3384HiPXkwaW0V68NbdfzPdwDyV7wT5UW4Lldn95yoXAozHmVhYv+XhcELbzOBgWWgasqYR5p+xTgkV4jWRByZvHXkAPQvP816w8uocY2W+O/lrOm9cUX90IFKRxyAHAY4hFt4Rki+TqnJV7HM1aqq0F5iKqg/5GduUH6XuezUjIzh0DPHpjXQfsiLfWdvECoUMg9A=
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-e.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(46966006)(336012)(82310400003)(2616005)(4326008)(316002)(786003)(36906005)(26005)(186003)(8676002)(5660300002)(47076005)(86362001)(4744005)(7636003)(82740400003)(110136005)(70206006)(356005)(8936002)(70586007)(2906002)(83380400001)(478600001); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Feb 2021 06:21:17.5269 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 31eb69db-3dfd-4d65-cb64-08d8c67995c8
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-ogg-e.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: PU1APC01FT061.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYAPR01MB2656
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gPi5a3kSfDamQ8kDp0KFHgO90ZQ>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 06:21:32 -0000

Alan DeKok <aland@deployingradius.com> writes:

>OpenSSL has a feature SSL_MODE_AUTO_RETRY which makes it process TLS messages
>*after* the Finished message. i.e. the Session Ticket, etc. When an
>application calls SSL_Read(), all of the TLS data is processed, instead of
>just the "TLS finished" message. They've made this the default, because most
>applications get it wrong.

Asking as the author of a TLS library that has always done this, why would you
stop immediately after the Finished and leave metadata messages sitting unread
in the input stream?  Was it just some arbitrary implementation decision, or
is there a technical reason for it?

Peter.

v2.23.0 | Report a Bug | By Email