Re: [TLS] Working Group Last Call for draft-ietf-tls-tls13-18

Martin Thomson <martin.thomson@gmail.com> Mon, 21 November 2016 03:27 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 010341296AB for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 19:27:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uuytHCByFnKH for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 19:27:39 -0800 (PST)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BB07129509 for <tls@ietf.org>; Sun, 20 Nov 2016 19:27:39 -0800 (PST)
Received: by mail-qk0-x22e.google.com with SMTP id n21so334819885qka.3 for <tls@ietf.org>; Sun, 20 Nov 2016 19:27:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wLWW2Jpnbb5LoEDVbjgBknYhSFhMnzs5769sljD2TDI=; b=x0Ic9eDxWoDqNen37d68vxyBrL9fQuFZ0AqSP+qDtxXXardH6AU77kKSlD18bj9/Nc MsENZEhQaPmj2ruQfSfm+GB3HLQRb95tfZdw9TDHd9xEhkFs6dmgfTaDpDoqNyAISsUw erfcng3nzIk5fSiyMVUA7WVeJsDTUMBqLGQKcyce+mJfkJfQx9ld+3U+JCxRsUSAdIaO 05puo1JlsjdvdO5tW/i+E9yq7mv0u/17lEdTwFqWqOFJPKBYC/a/JTMeBcc9jyGgIk8x uejPEKaaXiwyA/WEi/PssqmdZfv/4gd+2RULc92sFL5U0nOeQY/c/GoTvC84GKJ13aJ4 W/vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wLWW2Jpnbb5LoEDVbjgBknYhSFhMnzs5769sljD2TDI=; b=FTlz2XZC6ZixTE/271jqsWepHE1Niih0gShZdmkxnQZVJfJudjKVflOKNVO5qR9LUA GAOA1p3WyuQErStdxQ/en3gnjrrj7QsFaxQ3oeH+AUoR0B97QPFKoOUkH/vQTs+MJjYF tygOw6KoZ2CkZ3qUq8w2mZyBZnn+KtZQrCfGrqQBz10s1Zr4qOJ0kSI1vuR5SB23w7PA W5yEnk8Zj0flJ5e4auRyOmDPIu0PysLifUr7+b913bNGHgqN2CJZiXjNMZd4zFLu+2IP oEoCLmJo9ned7ow+QqX5pn9tVdO+5mJLRh984RGnVzQny8l4xuazsPLh+xMHJWGRM1Xp UYBQ==
X-Gm-Message-State: AKaTC03IsF2wn/OLNFWhqZ7F9czzTOJSpeagDeI5L4z3YJkveN2fqpqmhj7R4n5lqMerZLFKdgK53xspST9Qtg==
X-Received: by 10.55.99.141 with SMTP id x135mr12709907qkb.147.1479698858663; Sun, 20 Nov 2016 19:27:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.85.101 with HTTP; Sun, 20 Nov 2016 19:27:37 -0800 (PST)
In-Reply-To: <CABcZeBMipGvbhKFQmYj-7nPFS3BTEJNv9jbA+NjaajLo5BGrog@mail.gmail.com>
References: <CAOgPGoChDnFf-4Vxm1S021MXHhGGpTjniD6+124B7off2RzO6w@mail.gmail.com> <BY2PR18MB0342FBE415ECFFF87B1840ADC3B50@BY2PR18MB0342.namprd18.prod.outlook.com> <CABcZeBMipGvbhKFQmYj-7nPFS3BTEJNv9jbA+NjaajLo5BGrog@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Nov 2016 14:27:37 +1100
Message-ID: <CABkgnnXqD+5ErT27sKfiT0x46mUSoNG+-EHhK1WyfUCXduAshA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jdvWXRBcG3kCv2Pp3TRgFhHgJAc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-tls13-18
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 03:27:41 -0000

On 21 November 2016 at 14:13, Eric Rescorla <ekr@rtfm.com>; wrote:
>> IMO, the compression methods section of ClientHello should be ignored as
>> mentioned by Martin Rex.
>
> I'm not seeing any good reason for this. We don't want anyone to offer
> compression and it's not
> like it's difficult for 1.3 implementations to not offer it.

I understand Martin Rex's rationale: we are effectively mandating a
requirement on implementations of other versions of the protocol.
However, I agree with ekr.  We have - I think - consensus to forbid
compression more broadly than just in TLS 1.3.  It's a foot gun.

And I don't believe that the foot gun is unique to the web case.  For
example, if you don't believe that mail could contain
attacker-controlled data and secrets, then you haven't thought hard
enough about all the ways mail can be used.  Similarly, insert
protocol of choice.  Of course it's definitely true that someone
loaded and cocked the footgun for the web.