Re: [TLS] Spec issue with RFC 7627 (EMS) and resumption
Achim Kraus <achimkraus@gmx.net> Fri, 29 October 2021 05:46 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA84D3A0A8D for <tls@ietfa.amsl.com>; Thu, 28 Oct 2021 22:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.429
X-Spam-Level:
X-Spam-Status: No, score=-5.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-3.33, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuFlzSH_hplm for <tls@ietfa.amsl.com>; Thu, 28 Oct 2021 22:46:38 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 310773A0A88 for <tls@ietf.org>; Thu, 28 Oct 2021 22:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1635486394; bh=97D0jX3yfJWkvDap4j0v/7aGYqm0Zwu1fBW8PirnouQ=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=JX/KehXJdsStDOOHAo5LP/turSePXG2igWWJ/QIU+2oSs9ag1SC1D0wVcxAUnMhZN gNVtANkbbOS9UJjt8s6XTZ1RCnS14OieyBbidyfsSkPtatr4pC+eRvl6EEyZuZ5JX7 SIV+L8IOVEx7IRiOBaxf+iDYol7ZWnRH7ZoQTjFI=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.10] ([5.146.193.130]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MD9T1-1mXIIS3Sz3-009Csj; Fri, 29 Oct 2021 07:46:33 +0200
To: David Benjamin <davidben@chromium.org>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <CAF8qwaDi19sp_hg0mTySRGEf46kHfc1bCKee4bH+98QQmxtjog@mail.gmail.com> <CAF8qwaBW_MMJNjP5cQbFvgTgu8hEXAGDpoTjiKWgPzbAeG7O2A@mail.gmail.com> <b2731682-e3a1-6f5d-c692-9d9234e15757@gmx.net> <CAF8qwaBbGUOJEf9rYCzEZzbOy9WN+cHQ8wwP9GY5XcA3vygL6Q@mail.gmail.com> <85e45c6c-4df0-c73c-a39c-b31b78443a0c@gmx.net> <CAF8qwaD=SHxnb2sWdfnsMY=ztskyjZ8YvC2Us0ogrpckfx2wFA@mail.gmail.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <946b50ae-6750-6ea6-ac68-ce08866bd3fd@gmx.net>
Date: Fri, 29 Oct 2021 07:46:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <CAF8qwaD=SHxnb2sWdfnsMY=ztskyjZ8YvC2Us0ogrpckfx2wFA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:6pkA/mqfKTKCPOFQf5YfUZQJGR9rK94gJWLBHpCxY/4TQkwh3on qFZ221JPwSsyPs4WWMJX5rfR7a6hOEWqWTJU8cqN2H0kBXYj4Qu+6DxPUKxFyn3TdtC5FeX 4HNFSXR8/1k0p+IgaemAZf2ancHA4fdLTYJdAzQQhNVFwgMzPAYgWzXdKuCOGES9DdTdzXO WDtW5d+HNJPyz6GX9+9rg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:/tnMiHe6hYA=:i75shO0W/iR/UP34eLUh8f UKnsqdDdOe//7A0V2tqUhbhVeuol8Hssil4gbKwVViL7j6Q6rfzwoyVdyITxnPCOKQXRL4iV3 O7SsLTF04Sd695Ee9fPO9HIy13MoMaJSaN/XzO9WNEbHPKc928/CDS0hcEDA6+Wc1vsDshT2p nPPG76cKWvTUNYWwPkWb07qkYvRG6oU9P5MLycCJo9Cs7cnVcavlhIjVLJdQi1mgpeky5E1jp /5eclpQhaAMBALij24uAInNx9HXZ65uXibMxC8A0/o/I1YriZPLe1cf/+ehbnhR4u5QuDmKU+ fKKVPJVTjyM5BY0gTWb9VAqI8wdgTam9t9u3AQFy/BfAFmxr38kCgF1T/K4xoqJKIcjSiVYsh Oihwj/ROtXtbmhaNUfXT5bxdmmO7me+2KCDygYwpj5Aq+9zJOnogNEZPr9aSrvzghYXYuUYBu lonZrCxXbQb2BvSBgOKdBshnVRXAvX4751nxxT6Oecs0Mr+ygEv3nWJlzTCzqKqx/7Jk5J0Ey QTf+iAJwUYZH4zXKu9CCILf0+e0F1FZjY+1iTHe/ZHrIwc/9aS92rznAEKtQCpsN/tO8OTMAI eAGRfm2L4HObQV93du+8WMrI8reuMoDgt7SJXnlTyVjdIyfjd/zuoIKBJzNLhDzEEaDOrlLYt Gxofdmg2t6rN13XDkmsa7iSyaVpq3cfnLDjQ+bjGCzUFTwXnmd0rsGOHKWZAdwzqBe4rA5lPT fJFd20ZMKmBNc8LjM4qBO5WjDEf6hrfZ8m5RXJQbt//SuDbbAHJeCS2DaFnuRL1p8BWww7M84 VkuqfbaOp3ShFcmC7w7+8N5fIHBkTNhBkzHNNkIbqz76mKxISKyUEbRbAj3cJzN32gZzQ6fwP +G8x7HeqL9XEuueMBmDvGrFIUf01EuXhDFyt5X9zvdEGCPJZgBSP8UFpZlRHp5mlR32h3BZtT 8eeaaGPO6sIA5C51daWHmbEPwky62tASrlFui4yIbipHj4B2tUIoChfCzla+rgw5kBxuMQcbP y0MV5THLYRJZ5C4AbgHOf+XJJBpnd/lTHnY1fvlUe07uUZIaWpnsqF8LTPprqBPau3iPjVD// N9vkER/jhchXTs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jhChHD_JieNWJqyjsjw_i5pedmk>
Subject: Re: [TLS] Spec issue with RFC 7627 (EMS) and resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 05:46:43 -0000
Hi David, I'm still not sure, if there is just a misunderstanding: For me, case 2, the support of legacy peers comes with using only full-handshakes, and no abbreviated handshakes. For the client the consequence is, to use full-handshakes with legacy servers. So, I would assume, that just the same applies for servers as well. If a legacy client tries to execute a resumption handshake, the server in mode 2 has two options to support such a legacy client according the general rule to only use "full-handshakes" and not "abbreviated" ones. - abort the client initiated abbreviated handshake in order to make the client restart with a full-handshake (that's what the RFC defines) - the server chose to fallback to a full-handshake directly in the same way, that the server would do, if no matching session id is available. https://datatracker.ietf.org/doc/html/rfc5246#page-36 "The client sends a ClientHello using the Session ID of the session to be resumed. The server then checks its session cache for a match. ... If a Session ID match is not found, the server generates a new session ID, and the TLS client and server perform a full handshake." With such a fallback by the server, the general rule, to only use "full-handshakes", will be also full filled. And the benefit would be, that the client doesn't need to send a second handshake. best regards Achim Kraus Am 28.10.21 um 19:44 schrieb David Benjamin: > It depends on what the server is trying to do. If the server is trying > to mandate EMS, aborting the connection is correct. E.g. the full > handshake section then says: > > If the server receives a ClientHello without the extension, it SHOULD > abort the handshake if it does not wish to interoperate with legacy > clients. > > Though I suppose the abbreviated handshake version is missing a "if it > does not wish to interoperate with legacy clients". Yeah, okay, this > probably also needs an erratum to add the right qualifier. Gosh this > document is confusingly organized. >
- [TLS] Spec issue with RFC 7627 (EMS) and resumpti… David Benjamin
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… David Benjamin
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… Achim Kraus
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… David Benjamin
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… Achim Kraus
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… David Benjamin
- Re: [TLS] Spec issue with RFC 7627 (EMS) and resu… Achim Kraus