[TLS] Re: TLS 1.3 early data and TCP resets
Martin Thomson <mt@lowentropy.net> Fri, 23 May 2025 00:47 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EE76F2C16C57 for <tls@mail2.ietf.org>; Thu, 22 May 2025 17:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="TfcA3wjw"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="t6IbK2Mc"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ThG4plkAU4I for <tls@mail2.ietf.org>; Thu, 22 May 2025 17:47:58 -0700 (PDT)
Received: from fout-b2-smtp.messagingengine.com (fout-b2-smtp.messagingengine.com [202.12.124.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 774442C16C52 for <tls@ietf.org>; Thu, 22 May 2025 17:47:58 -0700 (PDT)
Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.stl.internal (Postfix) with ESMTP id 1FE43114013B for <tls@ietf.org>; Thu, 22 May 2025 20:47:58 -0400 (EDT)
Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-06.internal (MEProxy); Thu, 22 May 2025 20:47:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1747961277; x=1748047677; bh=gbqviLUm56QV1Y1ywnqEQhBOB8IiAQwP+geL6bj4zq8=; b= TfcA3wjwbU4xKqXFxlNAPBqDT/yPr1//W95ncA1IpgmBYQgVqUCMxG2slbTXkLdx fFkKO3h3GPwO0MSmJKC1Y777/85jSBGoJ4ergpe3Wx/HkCYLam8GRJykJ/84DbE9 zUejhp1LA0e7pWOOdjWAqQJee5PxQmc+ui72AMDwR/hMr98WuspoWFVHUyUTexJy 0mYWVO2bYQDTLTZEB/G9CQb/yAUEKFj88kCTo5OF1owkc5ZcvZQ7xYrBuF7AgJNp sVDefpC16iUWqf3j90N8z33qpcBQvk1LjVVZdsWdxvve17wjAkqGCmxtuLE3xbkn uwVNYlAeApj1BgRmo17hEg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; t=1747961277; x=1748047677; bh=g bqviLUm56QV1Y1ywnqEQhBOB8IiAQwP+geL6bj4zq8=; b=t6IbK2McjgoQz88uT dxuxBOV884p3hKBO8somSwRodWm0gVtxG9E0DCP4irhLsLPPQ9IJi2EKnb0cez8d cLc237oN3V3BDo8ofEOrXjKjrZSZ5lXyDNmR4TAvQi2OXpApAQjhp0d4l8pcDt/F Rcfp++tQx6qOxqrWWHpednUsRqEXYOvpB2zDAgEDLdkByJbBb/L+5xWiLWDjdsXT zG92X3kELLbssaSHWV3Ry7NRROzo4xDshmu13svsl1/XRErA65SW0USTKB4G8iOW FzLlUuSo1LdeMhVTVkj8g22SwNXQr529c7QcumZETWZ1VvXukfQZzIr+kZyRcV8k LIySg==
X-ME-Sender: <xms:vcUvaJp7mkkd-Lfp2NX_Re3WKl0c72JiFCGoKsV3zodJwUvNH3lBnQ> <xme:vcUvaLoYwefVoiU_DjZ7ey8w_rXMbD5BcBwnFOboFfshbGGVfqZ-hCENSBt6yHFtm BN6iEnryvyD_Hz5XZw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddtgdejgeegucdltddurdegfedvrddttd dmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgf nhhsuhgsshgtrhhisggvpdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttd enucenucfjughrpefoggffhffvkfgjfhfutgfgsehtjeertdertddtnecuhfhrohhmpedf ofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqe enucggtffrrghtthgvrhhnpeeuledugeeflefhkedtffevleeghfetgfdutdefveettedt veeggfefieelffetgfenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtpdhnsggprhgtphhtthhopedu pdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehtlhhssehivghtfhdrohhrgh
X-ME-Proxy: <xmx:vcUvaGP7RjiN6_9rM7mYJtbQA9Q1WEqynsc3l4RclOuqHgq1Q15uzQ> <xmx:vcUvaE5nO5psL4hn9xCkxGpY6b6Y0EZy1g21SxxfbkDAuLPHwJanQg> <xmx:vcUvaI7URiZTmmX0dAaCD8WQzh4AN1KmdPUVh2bZ9lhB4ceDnavn7Q> <xmx:vcUvaMiw7oZiIMOKP16PDK7iUG9BS166mpandR8h1ZpEbW2Syz4RAQ> <xmx:vcUvaFv7ZVIj40nLX_q8zjOOnsXh5VtrQtciBkucoBelEIJxmyE8fDWn>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id B5B6178006C; Thu, 22 May 2025 20:47:57 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T440348256820895a
Date: Fri, 23 May 2025 10:47:37 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Message-Id: <cb240b1e-ec9f-4dfe-a99d-b88551241ed2@betaapp.fastmail.com>
In-Reply-To: <5380104f-de38-4e97-8d5d-4713243d04f7@wizmail.org>
References: <CAF8qwaBxhGiR1fB97x2fh_5xzgb+s+x6Dazj1uU5gBRA86LBQQ@mail.gmail.com> <5380104f-de38-4e97-8d5d-4713243d04f7@wizmail.org>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-ID-Hash: U43IQUVIF4VQLPAIO55QVHNEVAPIWRWG
X-Message-ID-Hash: U43IQUVIF4VQLPAIO55QVHNEVAPIWRWG
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: TLS 1.3 early data and TCP resets
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ilzZxIj3HpCg7xUs2xmmXFoUWZc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Fri, May 23, 2025, at 06:17, Jeremy Harris wrote: > Bad programming. I might not have said this, but I was going to say something approximately like what you said afterwards. I don't think that you can fault the application, but you can interpret the close differently at the TLS layer. That is, as you suggest, that the TLS layer can take the close under advisement and do what is necessary to follow that instruction. Which might involve sticking around long enough to complete the handshake, even if the application doesn't need it. Interestingly, this is exactly what the TCP stack does. David mentioned that a retransmission of already-received data doesn't cause the server to send a RST. Why is that? If the server dropped all state, a PSH really would induce a RST in response. It's because the TCP stack really does maintain some state, so that it can recognize a PSH that can be ignored (one with a sequence number between the initial and final values for the closed connection) from one that does need a RST (one outside of that narrow range). Of course, this presumes a particular architecture, in which the TLS stack is a layer on top of TCP. It's not a model I favor any more. I prefer the SSLEngine one, where TLS is kept to the side, with the application driving the TCP bits. In that case, this gotcha becomes an application problem. Maybe the simple application in the example isn't going to do that, so it's fine to think of this as being strictly layered in software, but it's worth acknowledging our assumptions.
- [TLS] TLS 1.3 early data and TCP resets David Benjamin
- [TLS] Re: TLS 1.3 early data and TCP resets Martin Thomson
- [TLS] Re: TLS 1.3 early data and TCP resets David Benjamin
- [TLS] Re: TLS 1.3 early data and TCP resets Watson Ladd
- [TLS] Re: TLS 1.3 early data and TCP resets Jeremy Harris
- [TLS] Re: TLS 1.3 early data and TCP resets Martin Thomson
- [TLS] Re: TLS 1.3 early data and TCP resets David Benjamin