[TLS] RFC7627 - 5.3 - inconsistent behavior of client and server?

Achim Kraus <achimkraus@gmx.net> Wed, 27 January 2021 20:32 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63CAB3A02BC for <tls@ietfa.amsl.com>; Wed, 27 Jan 2021 12:32:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.118
X-Spam-Level:
X-Spam-Status: No, score=-2.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzoBSEiwF6Xn for <tls@ietfa.amsl.com>; Wed, 27 Jan 2021 12:32:05 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355FF3A0147 for <tls@ietf.org>; Wed, 27 Jan 2021 12:32:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1611779520; bh=mlbnfms5HcnOoxF7YMj8+xqshwTOINva+hGkUQE4OeQ=; h=X-UI-Sender-Class:To:From:Subject:Date; b=iPhPbStgEvKZO7Ft/WfUJwq/TWKR7Ogg8Ln9tJKRSQwYfBHVZak9zHg95sWy2bNCg IFYnesAkZBCbO+2hHZySIGcpBacUzMnNHVxlg8FxvNvMWTebGNukgozBVtCSGIwnTw 9DamTwJp28yUDfgCSdCJH6ehKGItpTodgqXpKSFI=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.100] ([88.65.151.248]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MLzBj-1lM7DV2h2f-00Hu8L for <tls@ietf.org>; Wed, 27 Jan 2021 21:32:00 +0100
To: "tls@ietf.org" <tls@ietf.org>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <91f6681d-f7f6-cf9a-3b90-f0cf97f37536@gmx.net>
Date: Wed, 27 Jan 2021 21:31:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:CwhoA/SeJlit2FiWByKHCxWtQqt1LIBw7jRAlctY/bb2uwsMtwZ nPlisiPKnUUlk7j4Nwzwh9gBXmMSua11BAZUWv3gcdBcfkT+T9GCXIS0f8VAI7e11gmRDYc CdslFUqX5lDe54XwjHGvT5pDO0sUGRxMVoR9M/5iee9boemrhB3xvzz5rVwgFMkq/yNMp7v M9EsOQ3tDf5Sz5Xb4onEA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:Y2Bsa7GLOCk=:wAWg+A5c4zEiMQstzd8MK6 vO3bFJ33P37g4w/BFjUXfFhTgxLjrmI2PxFSXZe2vSFGTNHcgSydnSfiMCuiCCbnw+ftQ5V2Q LVH5uMnX1MVksG/W/UkKeOpqb/F+L+oCFYJwayGc2JkphJYImV42P0Ikfa3vyAusIbedRWQ/v 07aVddz+Sf+40f02VLHJcFfYtop/k26mOb3CBSm0WySkUXkJuum/kvgbnno02ga8TGgrZKNvU 4urY1VdskT4lOsKWX50Uk/4bIpWLKS0mLwmAvVq4OJhoTr4qmazLGC+hKPTDXrpUygr3HzRnc nME14W8Q9vf9kNJiVGT9o8397NwoFH0ji0s13ywpVTBRJX+whgE8/oH2eAqFSDCEsrYjtLYIC 9ShPBpB2HBm/XKNqaDKagQeBnwvMX4nvYLSX+zxaTTH49e/Bw+hJpB6vmURRJPrg5aDo6R5pI BTDgZCdYb6dYnBwXrgVneAuvrKcWDGEw78Ln+LRTBMfNAmyvISOkIHGFVsCHDw01d3QLRgfLf MJ7WLYdDwckScnncjfoFkZZ110J3tnAbmlJ57WAl7vaR1CWh8FiWn6dual6Nitfos+5mb4oTP OGvmHmOq6XhBe7WbSap4O0bQJaHsCAel6h6NqvwgK/ZkrMmkz9myYkadd3CAFiHmWFNVTm2JC VJRFdLp/zu9cAIQMgHWrL4rkiXxspeghDMHL+dyqUyh3AHwD4rdcztvpOv622UDWOJh56l+B9 CtiFcfqm8oDma8SFHwEDUuX7r4VMoEjWjHVRuh5ov0tCnWcGI77yRS+s4fCoX6FbJMS+ZMpEO ZLercZSkj/lvNEINAHt6tz7gaELHyiosWzk7jK5Z1xLHwtZmJKcKAI3uFSn3tHdla8mmHEAs2 uI7s9c/OJKWYm/ZfLAfw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gjBFHWwp1k-w1KdBkotp496zaf8>
Subject: [TLS] RFC7627 - 5.3 - inconsistent behavior of client and server?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2021 20:32:07 -0000

Dear List,

according

https://tools.ietf.org/html/rfc7627#section-5.3

5.3 Client and Server Behavior: Abbreviated Handshake

"The client SHOULD NOT offer an abbreviated handshake to resume a
session that does not use an extended master secret.  Instead, it
SHOULD offer a full handshake."
...
"If neither the original session nor the new ClientHello uses the
extension, the server SHOULD abort the handshake.  If it continues
with an abbreviated handshake in order to support legacy insecure
resumption, the connection is no longer protected by the
mechanisms in this document, and the server should follow the
guidelines in Section 5.4."

If the original session doesn't use an extended master secret:
- the client SHOULD offer a full handshake.
- the server SHOULD abort

If the client follows this guide, it falls-back to use a full handshake.
If the client doesn't follow this (maybe, the client is not aware of RFC
7627), the server SHOULD aborts.

Why SHOULD the server not (also) just fall-back to use a full handshake?

best regards
Achim Kraus