IETF Logo Mail Archive

Re: [TLS] Server-side missing_extension MUSTs

Eric Rescorla <ekr@rtfm.com> Wed, 13 July 2016 02:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3982112B057 for <tls@ietfa.amsl.com>; Tue, 12 Jul 2016 19:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ytm_9QIkMpx2 for <tls@ietfa.amsl.com>; Tue, 12 Jul 2016 19:52:02 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C485B12D7BC for <tls@ietf.org>; Tue, 12 Jul 2016 19:52:02 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id i12so31236610ywa.1 for <tls@ietf.org>; Tue, 12 Jul 2016 19:52:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Al0OSPBQav96AGQPnmDID+SIPUZh5A1CJifNETv4esI=; b=p0qmCgcoFS8OX5d8f+HBbtyRzpgty6ewkbHv9b6oX/ybJJcfeeGVJGSG1GsqgkpAAs zyNmH19Fz/4cJGjD8HmqS9P+C65dYFBw6bMUi1jaDX2j64Ji1EOfjNzW85hE0Ut9k3Gc KAw0Uu5mvUvp2MScuObbpvIscmBjMv4y2xDLCHX8tmzPHvTog2VVqyaf9unl2fayK+YN lh1XNC3qkcBEjHS/AkoFQQKiuVlMZJr8UbS2KPgKhNoJxq10tUjd2UW+95Zsn5wyx2Uy nLHA7dKK598AB3fa4IUC8fwvBA/ijBHAQ8n/MA4Ye28qS7HRVO6z2EsHUJfTGecNH0gU 47Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Al0OSPBQav96AGQPnmDID+SIPUZh5A1CJifNETv4esI=; b=R/4BEbBgfbpVFfQkFXVz70TREIPLITQNpAHj0FOXqNh993uaNggMsQdjksbG6szQOb HPBPcLUKFen+9Y/ISIvFlgVTS8XsFsOPTlTxZim6y9aRKygMSvUU14pEhg3ylWG6l0Bl x5JrvVRg4NCNRCzvN60f8JD70U814h++UTO41gOSpt5iKzIkvz5vTDmcuysaD7R59SGR ExZsSB2/+WzMIP0gIUaEkNpYwU5Nlelp80PmDmXm44u/ITxkIgiRejMK/0yeAFkirWOo VSVHifstUY8cMUKztcJlL65g/qtUfw+ptxqNsj9rawXwdDmRRqlIvt9Jq2vdX72r9Awc 0OeA==
X-Gm-Message-State: ALyK8tKV0lOG9Ae1ngVTRy1/C0rIYT0c0N7+FphIHQKK0OAg2bl/icsbZWy+2nbROZZjCsTDBxBmw+WVJpvstg==
X-Received: by 10.129.161.129 with SMTP id y123mr4597518ywg.214.1468378322037; Tue, 12 Jul 2016 19:52:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.152.13 with HTTP; Tue, 12 Jul 2016 19:51:22 -0700 (PDT)
In-Reply-To: <CAF8qwaAAw6zA9jRPMQ5MXqHptBtsarhNPcH6KJzzSE-h1XiFDg@mail.gmail.com>
References: <CAF8qwaAAw6zA9jRPMQ5MXqHptBtsarhNPcH6KJzzSE-h1XiFDg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 12 Jul 2016 19:51:22 -0700
Message-ID: <CABcZeBM=gN1wdnU4owWQ=kp-EJ5RNE2kcdyn4NCEy4w91yqhMg@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="001a114f8db2482c2d05377b7835"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iUdfClNUOawLL0ZYHQfREardmHM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Server-side missing_extension MUSTs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2016 02:52:04 -0000

I generally agree with David here.


-Ekr

P.S. Back in Seattle, we had rough consensus to change the alert
requirements [0] so that
you didn't have to send alerts, but if you sent an alert, you had to send
alert X. That's been
on the TODO list for a while but expect a PR soon.

[0] https://github.com/tlswg/tls13-spec/issues/254

On Tue, Jul 12, 2016 at 6:58 PM, David Benjamin <davidben@chromium.org>
wrote:

> Hey folks,
>
> I would like to remove the missing_extension MUSTs on the server side.
> Full justification in the PR.
> https://github.com/tlswg/tls13-spec/pull/544
>
> On the client, it is perfectly feasible to mandate a particular alert
> value. The check is very straight-forward. On the server, however, this is
> a mistake. Servers do not necessarily have full information if not all
> advertised ciphers are known, and a natural implementation of the
> negotiation algorithm will not output this case. Even without this clause,
> the handshake is already required to fail, so there is no risk of invalid
> clients being deployed.
>
> Adding more complexity to an already hairy negotiation algorithm (the
> pseudocode I mentioned is incomplete) just to diagnose what is an invalid
> ClientHello anyway is not worth it. It buys too little for the complexity
> cost.
>
> David
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email