IETF Logo Mail Archive

Re: [TLS] Feedback on draft-ietf-tls-tlsflags

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 31 January 2020 15:37 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C89FC120105 for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 07:37:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnRbnJcmRGGm for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 07:36:58 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C1551200FE for <TLS@ietf.org>; Fri, 31 Jan 2020 07:36:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 4C58812178 for <TLS@ietf.org>; Fri, 31 Jan 2020 17:36:55 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id x0RWByyCKMPs for <TLS@ietf.org>; Fri, 31 Jan 2020 17:36:54 +0200 (EET)
Received: from LK-Perkele-VII (87-100-246-37.bb.dnainternet.fi [87.100.246.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id EB8FF287 for <TLS@ietf.org>; Fri, 31 Jan 2020 17:36:52 +0200 (EET)
Date: Fri, 31 Jan 2020 17:36:52 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Message-ID: <20200131153652.GA1156990@LK-Perkele-VII>
References: <6d2a87a9-6d9a-4a39-913b-e9f620275cec@www.fastmail.com> <6F2B5A29-E7EF-4F83-A5F7-A40484D319FB@gmail.com> <a92e4269-cc35-9ecc-6c38-b62f9cecd626@cs.tcd.ie> <2C73A60D-2870-4AD3-A506-CB1FCC6B60FD@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2C73A60D-2870-4AD3-A506-CB1FCC6B60FD@gmail.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kCuLGHts6RKm9pvu9Vv3Wwf5vPc>
Subject: Re: [TLS] Feedback on draft-ietf-tls-tlsflags
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 15:37:01 -0000

On Fri, Jan 31, 2020 at 04:00:39PM +0200, Yoav Nir wrote:
> 
> 
> > On 30 Jan 2020, at 22:08, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> > 
> > 
> > 
> > On 30/01/2020 17:57, Yoav Nir wrote:
> >> Hi folks.
> >> 
> >> In case you’re not following GitHub, there was an issue with a brief
> >> discussion ([1]) and a resulting pull request ([2]).
> >> 
> >> If there are no objections by late next week, I will merge the PR.
> > 
> > Allowing 2040 flags seems a bit mad and a possible
> > foot-gun - with a specification required rule that
> > could end up worse than the ciphersuites registry!

Well, TLS allows tens of thoursands of extensions, and the extension
registry does not look even nearly as bad as ciphersuite registry.

This has multiple possible reasons:

- Much harder to specify extensions.
- Less "vanity" stuff with extensions.
- No bad combinatorics (ciphersuites were horrible combinatorics-wise
  before being reworked in TLS 1.3).


> > Given it's possible to define a tls_flags2 extension
> > if this one runs out, I'd argue to constrain this to a
> > much smaller number of flags - 63 should be plenty
> > I'd say.

One would not want any high-numbered flags, so splitting to multiple
extensions if there would be many flags would likely be benefical
size-wise.

One could support 64 flags with size bound of 12 bytes (8 bytes plus
4 byte extension overhead). Note that 64 is more than number of all
TLS extensions ever registered (let alone number of flaglike TLS
extensions).

> > That said, it's not that huge a deal since I have
> > a hard time seeing implementers even trying to code
> > for 2040 flags and specification required is the
> > same rule as for extensions.

Note that it would not be much harder to make an extension than a flag.
It would pretty much just specifying the extension as blank. One needs
to specify the semantics anyway.

> The format allows 2040 bits. I think we should never define that many
> bits. I think we should never define even 60 bits. But I also think
> it should be left up to the TLS chairs and the IANA experts to serve
> as gatekeepers rather than tying their hands in the specification.

Note that the length field is completely redundant and could be
removed, saving 1 byte.

And I think that even defining 16 flags (to exceed 6 bytes) will take a
while (that is more than all flag-type extensions that exist to date).

And probably there should not be any reserved entries, just all
"specification required". Or maybe some low number entries (0-7?) for
"standards action" (mostly to be used for any possible security fix
extensions)?


-Ilari

v2.23.0 | Report a Bug | By Email