IETF Logo Mail Archive

Re: [TLS] 回复: A TLS extension transfering service indication information

Eric Rescorla <ekr@rtfm.com> Thu, 31 March 2016 13:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EEBA12D153 for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 06:56:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.618
X-Spam-Level:
X-Spam-Status: No, score=-1.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHuop_vxPQUO for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 06:56:09 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 251BE12D6C1 for <tls@ietf.org>; Thu, 31 Mar 2016 06:55:33 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id h65so98187798ywe.0 for <tls@ietf.org>; Thu, 31 Mar 2016 06:55:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=v3t2zlhYTVxsIIvq4TqdwppLiKvBc6FNs1I7uHm/2g8=; b=AJsBqcMkOW/YjthE84QY8C2Z+dPlljMybXz4frTb7Kgbq/nFg2hXpcLVQ6TMykRTnE 8D0xaMQZjnb2WfYDJ5ovNlulFpYriHQ1L4yF11N4Tj8Vk5Dg3t5ZpzmzM6o4w7Z3Flpo SXqmeEtsHrKiMczw51l2KhbHqq4LcrrutokgS2d3+YN7Rusx0haI8l+jOWJNnK0a1JDx uipC1bfN0VEs4YDSct/KavMSdCuGYSyRViEkMkmt+VSgd9vxzbiKd5k0nx2dOExtSUnK 56lI5AfaJwkMoa2iUlYbgSlbtguACdGOIo8dhr7+1GmLVp+YjBUY/oKSmZB9E6dGyvNs /t9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=v3t2zlhYTVxsIIvq4TqdwppLiKvBc6FNs1I7uHm/2g8=; b=bLpl6nWltxtd/7el1hguGTfA9jKA+msqXmOdU1WYMmO3ZNIVlDcpVWDRvsZ1HMH6Ps iNtdoJFHpZDSBDsLPMaWP7PZ26tvhNr8MDWURxcOdvL27bCQ7rdpwuO+P7Bd0cEPNn8F HaRSFpfm4e9yRDrF0gHfhAoKTzqS6w08NaUW5tH5PDV8drF8snPNmORqyBIMVUbda5AB 8qdFm6mIEBnhE3IIoryR+BtIbzvixvemd1bpt90tc99AvHNhiuZIaghL0RPSq4SAonGB aVMP7NMmePej0XKL6u1EyB9KjeE99gUQelO6domDpXWQI0fywhwP0FFYTTQjZWsov5KA LMcw==
X-Gm-Message-State: AD7BkJL2lkh/Z+/mfaDlddN/1/6Pshwem4ezGzvuNvTGeW1ZbqH4NSDAdmIMl85lrPrJvRFU+e7FeBRaZJt/hA==
X-Received: by 10.37.231.216 with SMTP id e207mr7858610ybh.130.1459432532374; Thu, 31 Mar 2016 06:55:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Thu, 31 Mar 2016 06:54:52 -0700 (PDT)
In-Reply-To: <D322AED6.3CCC8%dacheng.zdc@alibaba-inc.com>
References: <D3200011.3C31B%dacheng.zdc@alibaba-inc.com> <201603290113.08796.davemgarrett@gmail.com> <CANBOYLWke2=Wk-TmYkGdbxoD4BU9So0MRzaJTLQZyXeVXxpt4g@mail.gmail.com> <6bd0acd9-9567-4e0b-91f1-9e48dee15d1c.dacheng.zdc@alibaba-inc.com> <CABcZeBOYJ9TU+Ws7CqSMD2OncpcRwF6hcrbHc7cUhntqkiuQEw@mail.gmail.com> <D321482F.3C983%dacheng.zdc@alibaba-inc.com> <CABcZeBN1-Sp3xaLTOjwNkAQ4ASaPUdrhkyG+S98dc1me6ovBCw@mail.gmail.com> <D3216F3C.3CA68%dacheng.zdc@alibaba-inc.com> <CABcZeBP684-o14URrNixAtXtANAUmQrYjK7ac=ReGtNw050Y9A@mail.gmail.com> <D322AED6.3CCC8%dacheng.zdc@alibaba-inc.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 31 Mar 2016 06:54:52 -0700
Message-ID: <CABcZeBOnjzDOjy4j0k1ZkOE2jZiLq_0bgjSbKuDivytvTTfsnQ@mail.gmail.com>
To: Dacheng Zhang <dacheng.zdc@alibaba-inc.com>
Content-Type: multipart/alternative; boundary="94eb2c0b11d0aaa4f0052f589d60"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/grNfiXTNGpUJpQbIZD4zxfAWvCQ>
Cc: tls <tls@ietf.org>, "刘大鹏(鹏成)" <max.ldp@alibaba-inc.com>
Subject: Re: [TLS] 回复: A TLS extension transfering service indication information
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 13:56:16 -0000

On Wed, Mar 30, 2016 at 10:40 PM, Dacheng Zhang <dacheng.zdc@alibaba-inc.com
> wrote:

> Thanks again for your comments. See my reply inline please. ^_^
>
>>
>> I'm not following. If you trust the device, then why do you need any kind
>> of cryptographic
>> authentication on the token.
>>
>> Dacheng:Let assume we trust the device. But the APP use a SNI to indicate
>> the service that the APP intends to access. Because the SNI is static which
>> may not be changed for months, it is easier for attackers who monitor the
>> network to get the SNI and use it to gain benefit. We need a securer
>> solution. As I have mentioned in my previous email, this solution will make
>> such attacks more difficult. By the way, SNI is not designed for this
>> purpose, we need to do some additional work to address this issue, right?
>>
>
> Again, you need a threat model. It sounds like you both do and do not
> trust the client
>
> Dacheng: Threat model will be provided. Actually,we don’t try to protect
> against the compromise of client. Or the scenario where an APP against
> another one on the same device. This solution is used to protect against
> the attackers who are able to monitoring the communication between the
> client and the server
>

I'll await this.



>
>
>> Hmm... I'm not at all sure that TLS should address this problem. However,
>> my review
>> was directed to whether your proposed solution even works on its own
>> terms.
>>
>> Dacheng: That is why we need to raise the discussion here. It would be
>> great if this issue could be considered by TLS WG.
>>
>
> I don't find this to be a very compelling use case and I don't think it's
> really appropriate to
> try to solve it at the TLS layer. If you want to have secure flow
> identification you should
> do it at the IP or TCP layers.
>
> Dacheng:Ok, this requirement is quite strong. We need a solution to
> address this issue if we want to use TLS to secure our APPs deployed on
> hundreds o millions o mobile devices.  Also,China mobile and Huawei are working
> with us on this issue.
>

No, you only need it if you want to use a specific charging model.


Could you please tell me why it is better to address this issue at the IP
> or TCP layer. To the best of my knowledge. There is no space in IPv4
> herders to insert any extensions. There are length limit in TCP options. In
> addition, TCP is implemented in kernel mode. It will cost more if we try to
> address this issue at the TCP or IP layer.
>

I think the architectural reasons here are pretty clear. IP is the common
network transport
layer, not TLS. Also, IPv6 has extension headers.

-Ekr


Look forward to more discussions. ^_^
>
> Cheers
>
> Dacheng
>
>>
>>>>
>>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email