[TLS] Possible TLS 1.3 erratum
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 15 July 2021 10:56 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C98A3A26C1 for <tls@ietfa.amsl.com>; Thu, 15 Jul 2021 03:56:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5dTkkJfPH83 for <tls@ietfa.amsl.com>; Thu, 15 Jul 2021 03:55:59 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 704D33A26BF for <tls@ietf.org>; Thu, 15 Jul 2021 03:55:59 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2241.outbound.protection.outlook.com [104.47.71.241]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-84-_w8G__GLN8qfM7kU3zhUnA-1; Thu, 15 Jul 2021 20:55:54 +1000
X-MC-Unique: _w8G__GLN8qfM7kU3zhUnA-1
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com (2603:10c6:220:104::8) by MEAPR01MB4856.ausprd01.prod.outlook.com (2603:10c6:220:39::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Thu, 15 Jul 2021 10:55:52 +0000
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::e99f:67fb:3295:163e]) by ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::e99f:67fb:3295:163e%6]) with mapi id 15.20.4331.022; Thu, 15 Jul 2021 10:55:51 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Possible TLS 1.3 erratum
Thread-Index: AQHXeWfZVoV1kD9i3UmF8KiMIWESdQ==
Date: Thu, 15 Jul 2021 10:55:50 +0000
Message-ID: <ME3PR01MB624282F25AA6983F9CEFDCD2EE129@ME3PR01MB6242.ausprd01.prod.outlook.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9c5c4c18-f0bc-4f45-05f8-08d9477f1c6c
x-ms-traffictypediagnostic: MEAPR01MB4856:
x-microsoft-antispam-prvs: <MEAPR01MB4856DCFE080E65638549B14EEE129@MEAPR01MB4856.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1247
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: Fh0h/rvt1QMeHHTamuRTWBBAv5L0R8RmawOekdngtqssdZh8Qs2Is0rZpbj+EJYDWzU0a2sfPR+d/J4Qd30cU9ZsEsqQXO7tjh/WQjlMSfTmvXdFd7ycoM2ieCZ7d+JK9/I6j0pn/36TWw36bqst2lvxcOJQncdWxVGu9KTNvnpxmggUn+CRRCA9/ESDrZcmlXlqUIWNE51H80VGQFWalsnCVzPV7O45ZpdxSPvusDHvkH1qlJ5AL+emwGarIrlGy2HatsNR30mzdfuCSzl1waZarfv48aoAvCRCxjaUrO8zXH8lTKz7ysFK4p13Mzne2I7XZi2k+jUYjqgo7v3cxhVGj8TWbS8RUM18YKO6opvyfIrQHdZfdoymtUOPMcnqmWn9dM+XyiXAhSo4St1M0Kv76O/69PdOmWNLGtjXbuvUAQdPWgssP7HfamnF/c1t7BKhafi6FkIoSfNPi+K7/ww3Ivxs7zrW6GR0aReCZ3svm91ciBGxmAzfEQmO7gS7aw10GtZFKWyBuWaxzi8Vg0KRclu6dI9Ebf/YmdbTRs/8/dsSAjb+vWXnTpuvZIznf10BhcCBXFN+u3EWiqF5U3yxBOHoBXrE07mlmxzgpAOa85zF+fnqK801dr3SojAEtzD6eDsSa0quIr8nO9VdLbVQB35M7oGjAl2ZBEOr/03qLbbx5fB5dri/IVqIITA1gBzPSlBmu5OIwM20Ne2huA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME3PR01MB6242.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(366004)(396003)(376002)(39860400002)(5660300002)(786003)(55016002)(52536014)(2906002)(6506007)(86362001)(478600001)(26005)(66556008)(66446008)(8676002)(66476007)(186003)(7696005)(66946007)(76116006)(122000001)(316002)(38100700002)(64756008)(8936002)(33656002)(7116003)(6916009)(71200400001)(9686003)(38070700004); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Mhp9Tj4Pk5IBOHjb6zvRy+SNAoJrzzpwwLvFle+p8Yyn3wyCkIFVwC/7eOp7N9i9V3UdfBEAdHw4nbZXeWrwUyylGvAkcRpy63ZdnaByv/zmE+7YPgO0vJMs8ezusYkZ5DGZUdXWm+Ejk7/g5UZDkQz5p4rS3U4jjnAvnfomfTrRw3gx7MJHg8QyROVgcn3U9GDjKQrVkUPG7CSh/Fxylo6rshB2Kq/qbTeulRmo2gP0VbCy9+qzBsPAUJOaB45eTt/96ou/FNODA0KvicVT30IJ6M7E1+z3Lta7V3jz3AzZFOGLtrbwVOhs44OS7Di06PhjLVTjPHQY0U/m1W3yGWQ8kPciAjBKgeNU390LdcAr2/RvMNWfOvz3j4iRAPkABPihn9S9J7gDeF0kNoiM+J3tis1Tmy+G6kxWDcPli0qgIcBTGixvb8E6BvFVsB8RtuuFlJEDSbG9uYh96Y11YGJq8+Y5fOap3jA6JGM5OYHn+Ig4uQO9up5MofDiIIFoX0VcVNsS/DThOeTh/3M3DRbSAq0r9/zIaZHTymYY2oqK7D7DaaXzsNWbgWxDOuHH0E0g7MgWGuE4wLHbuwlo4xSsADQOJ1KTWG+m4Vf/5naLeLUOasQ6OWv9AkXsm6iKREo4OBAxtTqB82XQfSXIpyN0A93UpFOl0xy/wruYqS4tywKn7zBxmXxGwM8E4xNeDAlYsoYf+a1wjxFDzpCz+PxxzlGxqABL65NdvNIPkX730Ny9pdDCHPBjl49mlSBue8U9vpsa+uRWTj9YFhSJYW9AU2tIN/jE7MhIHQW2lnLK2kSNsGCjnVgSiTb3GwN+woBFsVCCn5AW/gDmsG7TfRcmJCzFNz5XMONdDDg/+GDoS7xXKK8hXcb5TDGeKPiw/Ucn9Ogz33bIawrxqQjK+BB90WEu+i0Ub9KDJvDbQOjp8beSvz15fooeClAZwpTfYh9j+YFl8i03RdvGZhgzdmRO7b4tsW90s5BD8/jhg7yv5myF8mgUDnjYPg2TXq8Xs9uAlFZhnTnive64gVP4D8uOmB276zbW3XH0WAB1wsvwR3goHuSbbg6zs1trfZ6cdV7O+mdFjuGOiSfdhrFAx8VwZ9iSy2ifw0ZUU8ak0gzwx6jaT7gHQNrg9hxGdi+kfONFCiQQhD2/j4LJruXKg4rRzFL2qlwAeto06ZNTAJDTRJKlylpVQ1/EFFu6njzOcTKe+4Ew0Q3MY/w1LSsndBIVip4u87ECw901Fb3g5gEIZ/ctYq8u6Ty9vo/oLu6uT/OA/LruTZWcXVqBp5LuXylzr6NowyP5DlBIrXHL5Wc=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3PR01MB6242.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c5c4c18-f0bc-4f45-05f8-08d9477f1c6c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2021 10:55:50.8146 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1LODosZxDTB02RRb6nQy5WtJuLo8wzaQ1m4WfpAGtQ+pGb1GfcDrdQtwfGkPgaoyXpwCs5bN3p+Adej708OoY/mDuDxCF1x+C0btK/4TFUc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB4856
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gmmZSTNxtZa87RQQgpBhcdVfkBY>
Subject: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 10:56:05 -0000
I've got some code that dumps TLS diagnostic info and realised it was displaying garbage values for some signature_algorithms entries. Section 4.2.3 of the RFC says: In TLS 1.2, the extension contained hash/signature pairs. The pairs are encoded in two octets, so SignatureScheme values have been allocated to align with TLS 1.2's encoding. However, they don't align with TLS 1.2's encoding (apart from being 16-bit values), the values are encoded backwards compared to TLS 1.2, so where 1.2 uses { hash, sig } 1.3 uses values equivalent to { sig, hash }. In particular to decode them you need to know whether you're looking at a 1.2 value or a 1.3 value, and a 1.2-compliant decoder that's looking at what it thinks are { hash, sig } pairs will get very confused. Should I submit an erratum changing the above text to point out that the encoding is incompatible and signature_algorithms needs to be decoded differently depending on whether it's coming from a 1.2 or 1.3 client? At the moment the text is misleading since it implies that it's possible to process the extension with a 1.2-compliant decoder when in fact all the 1.3 ones can't be decoded like that. Peter.
- [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Eric Rescorla
- Re: [TLS] Possible TLS 1.3 erratum David Benjamin
- Re: [TLS] Possible TLS 1.3 erratum Nick Harper
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ilari Liusvaara
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario
- Re: [TLS] Possible TLS 1.3 erratum Martin Thomson
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ryan Sleevi
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ryan Sleevi
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario