Re: [TLS] MUST <x> or what?

Dave Garrett <davemgarrett@gmail.com> Thu, 27 August 2015 19:19 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5C771B2DC0 for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 12:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLM7qHo5Di6Q for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 12:19:53 -0700 (PDT)
Received: from mail-qg0-x22f.google.com (mail-qg0-x22f.google.com [IPv6:2607:f8b0:400d:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55F101B2CCC for <tls@ietf.org>; Thu, 27 Aug 2015 12:19:53 -0700 (PDT)
Received: by qgdu11 with SMTP id u11so2165181qgd.1 for <tls@ietf.org>; Thu, 27 Aug 2015 12:19:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; bh=t7stsPbpCsaPA2OgJJLVgHsTTk2LcNwEteYauapB+5Q=; b=b/c68eX0c7/AmxrdZ9VB9RvviSHCjN34c+q4OEEYemmbGlOjsI2v7KOYvtAvp6yAX9 0+ZU4lTxL64ntJRujhGe8xr3ctVfYIjEK33IGbyEtqyX8eA9tW0AskMK6aincWgvFgvj NI7e615AkdtOcAFi/A+aX4XwGzciRlSpwH+z3FGM8WReVfhwCB4YTRo1EwosrJTQqMBU eL2BlO2LU8bsRNS9CZGX1dp0Y2z1z5ZWv/2+lmh7TDW3/uxApHPJa5cpT/ucBrrSU8Xw 172zbTaj2HFSIkw10mdWpKCma6zMv+LDiKITZhooVZvpvdUWNGgT/Bs9AifNtfGuU2ig O+Gg==
X-Received: by 10.140.195.141 with SMTP id q135mr9982564qha.75.1440703191926; Thu, 27 Aug 2015 12:19:51 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id b82sm1786628qhc.46.2015.08.27.12.19.51 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 27 Aug 2015 12:19:51 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 27 Aug 2015 15:19:49 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABkgnnXFyuf_3pPs8ByJpbOGgPDb2XMfVOZAUA42bmJEB_Vynw@mail.gmail.com>
In-Reply-To: <CABkgnnXFyuf_3pPs8ByJpbOGgPDb2XMfVOZAUA42bmJEB_Vynw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201508271519.49848.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/hCny2sXY-Q-xmPbGpAEsqUrIMhw>
Subject: Re: [TLS] MUST <x> or what?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 19:19:55 -0000

On Thursday, August 27, 2015 02:48:15 pm Martin Thomson wrote:
> I've been looking at the latest TLS 1.3 spec and there are a lot of
> MUSTs that are completely toothless.  To pick on a recent changeset:
> 
> > The signature algorithm and hash algorithm MUST be a pair offered in the
> "signature_algorithms" extension (see {{signature-algorithms}}).

Some changes to this are now in this PR:
https://github.com/tlswg/tls13-spec/pull/231/files
(language based on list discussion)

> > All implementations MUST use the "signature_algorithms" extension when
> offering and negotiating certificate authenticated cipher suites.

Actually, I did get a strict requirement in there for that one:

https://github.com/tlswg/tls13-spec/blob/master/draft-ietf-tls-tls13.md#signature-algorithms
> All clients MUST send a valid "signature_algorithms" extension in their ClientHello when offering certificate authenticated cipher suites. Servers receiving a TLS 1.3 ClientHello offering certificate authenticated cipher suites without this extension MUST send a "missing_extension" alert message and close the connection.

I think it warrants repeating in the MTI section as well.

> > All implementations MUST use the "supported_groups" extension when
> offering and negotiating DHE or ECDHE cipher suites.

My initial draft had similar language, however ekr says the WG doesn't have consensus to be more strict. I would like to consider all of these extensions as mandatory to send, and malformed if not present when offering/negotiating any applicable cipher suites:
signature_algorithms, supported_groups, client_key_share, pre_shared_key, server_name (though, I'm fine with a SHOULD error on lack of SNI when applicable)


Dave