IETF Logo Mail Archive

Re: [TLS] comment on draft-kinnear-tls-client-net-address

"Martin Thomson" <mt@lowentropy.net> Tue, 26 March 2019 08:07 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4427512029B for <tls@ietfa.amsl.com>; Tue, 26 Mar 2019 01:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=PC70iMmG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=2Pq8ta0I
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9W_HyXhCDqm for <tls@ietfa.amsl.com>; Tue, 26 Mar 2019 01:07:53 -0700 (PDT)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01DE1202C0 for <tls@ietf.org>; Tue, 26 Mar 2019 01:07:52 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id ED6386330 for <tls@ietf.org>; Tue, 26 Mar 2019 04:07:51 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Tue, 26 Mar 2019 04:07:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=VWsOp iV6ff/5kChdccg8gB0gmI6JSEH4p9SQ5+oZ4SY=; b=PC70iMmGNiF7JSWpz12lR 7Vp/r6rJxdB+o1DTmM6qYMfjeXo38vAAQtuzT4qdEMBiFjrfA8D+/JBpENvGAOi6 jH3Y7WjGztT0YcHFn6PLNW210ZmN7z3NmZ+IW+7yuWhniGfjm19UXkiQmsCcUu+O igVyRO68sIwwOAo3E2ZO7bT6+hu70nHYFxlQwrbm9DrygxSj7pIDB/ff1bgbFNrJ Sek4Qsg245zOKvMPdCvKqx8pfXfgJWFWQVtcKOjmYmfeLs9S2aCTQcgotmOV/K9q Hf+jEdmIuXZ6QZIhpRnaCclRd5xGYt3YOFcFj8/tgdNIaAKHV5uJFpXE00Dald28 Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=VWsOpiV6ff/5kChdccg8gB0gmI6JSEH4p9SQ5+oZ4 SY=; b=2Pq8ta0IZojCncgWqpZsIkFW3qbtu3BllJArmfH+Kil+eARidEKexnVrL +ITX4rcQg8uVvnIWQjDdYNx4Fbj7vSrjY/qxnZqc3zlrVY6EXJ2K4DE4EHxWkr9B 2pJBtfvLPb2v+Rlu58VeiOfEsyXng2WAoia3HNcqeo+xG17TVaTMbNeEXO//bHn5 ggcr4Zbwf0eYJTL3DtjFy5fwYU6G7TEwnMa1loSIDdD1a6xVpwjGLcZYn1qyCTCx dh4n5snoGBYjJkLUeugDBZqBD0SNvG9ilXOcJmE4Xdi7ELxaxRJlMzkxbPwlPIbF j3aobBMhmK3rHdaiK+DXtW/vRSBlQ==
X-ME-Sender: <xms:192ZXEw_xWPeKeaKZKAI2DJjQE0ZAXQizEkrrxOZqFEc7iBed_W7pQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrjeelgdduudejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehrvgguhhgrthdrtghomhdpih gvthhfrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhho phihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:192ZXM--mhPyPZtiUI0xveB2lZldCqRCAkN1cH8zjdK8XRlleeoylg> <xmx:192ZXGmgEywYhaQ_chF2mAOzNwlc7vSGMESNnjgeMtyrYVpp-7v4hA> <xmx:192ZXGrfBWAcLiUPzKKsP8v0213_daMQ5KOfSe0fWQF-YEaFiE2A9A> <xmx:192ZXMeZtllks7pQzpUjVHJ9PkD-PnfFwhLjDtCF3u55wwl-Ixb-Gw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9CE8E7C1B7; Tue, 26 Mar 2019 04:07:51 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-976-g376b1f3-fmstable-20190314v3
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <80242775-4f36-4421-8756-5edd179e868e@www.fastmail.com>
In-Reply-To: <2062204.Nc9QnJUuNR@pintsize.usersys.redhat.com>
References: <1635428.JdYyXqVr20@pintsize.usersys.redhat.com> <6818263.BvhrVINyQd@pintsize.usersys.redhat.com> <CAPDSy+5=RuSZ5n+hAdQdkaArfM1Zap4Ngz8LZkMy3seb7iwXYw@mail.gmail.com> <2062204.Nc9QnJUuNR@pintsize.usersys.redhat.com>
Date: Tue, 26 Mar 2019 04:07:51 -0400
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kREfXuhhmYLXf3ppHPkCsMNn8wM>
Subject: Re: [TLS] comment on draft-kinnear-tls-client-net-address
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 08:08:03 -0000

We don't trust that the key share or certificate is good either, but once we have a Finished message, that is retroactively authenticated and can be used.  We rely on this property for a bunch of things.

On Mon, Mar 25, 2019, at 19:12, Hubert Kario wrote:
> On Monday, 25 March 2019 17:02:34 CET David Schinazi wrote:
> > Ah, I see - thanks. In other words, the proposal requires trusting the
> > server and the reply comes before the identity of the server has been
> > authenticated.
> 
> exactly
> 
> > David
> > 
> > On Mon, Mar 25, 2019 at 4:54 PM Hubert Kario <hkario@redhat.com> wrote:
> > > On Monday, 25 March 2019 15:09:21 CET David Schinazi wrote:
> > > > Hi Hubert,
> > > > 
> > > > Can you elaborate on how "TLS is a providing integrity and authenticity
> > > 
> > > to
> > > 
> > > > the IP address information"? In my understanding, TLS only provides
> > > > integrity and authenticity to a byte stream, not to how your byte stream
> > > 
> > > is
> > > 
> > > > being transported over the network.
> > > 
> > > my point is that EncryptedExtensions, while encrypted and integrity
> > > protected
> > > on record layer level, are _not yet_ bound to any identity, so an attacker
> > > can
> > > trivially reply to any non-PSK ClientHello with a ServerHello of its own
> > > and
> > > then he'll be able to generate arbitrary encrypted EncryptedExtensions
> > > message
> > > 
> > > the forgery will be noticed only after the CertificateVerify is processed
> > > 
> > > > Thanks,
> > > > David
> > > > 
> > > > On Mon, Mar 25, 2019 at 12:31 PM Hubert Kario <hkario@redhat.com> wrote:
> > > > > I wanted to rise one comment on the IETF session, but we ran out of
> > > 
> > > time:
> > > > > given that TLS is a providing integrity and authenticity to the IP
> > > 
> > > address
> > > 
> > > > > information, shouldn't the protocol require the client to perform the
> > > 
> > > full
> > > 
> > > > > handshake and only then request information from the server? I.e. make
> > > 
> > > it
> > > 
> > > > > a
> > > > > post-handshake messages, like KeyUpdate, rather than an extension.
> > > > > 
> > > > > I worry that some clients may short-circuit processing and do the
> > > > > handshake
> > > > > only up to EncryptedExtensions, without processing CertificateVerify
> > > > > or
> > > > > Finished (in case of PSK), and in result expose themselves to MitM
> > > > > attacks.
> > > > > --
> > > > > Regards,
> > > > > Hubert Kario
> > > > > Senior Quality Engineer, QE BaseOS Security team
> > > > > Web: www.cz.redhat.com
> > > > > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech
> > > > > Republic_______________________________________________
> > > > > TLS mailing list
> > > > > TLS@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/tls
> > > 
> > > --
> > > Regards,
> > > Hubert Kario
> > > Senior Quality Engineer, QE BaseOS Security team
> > > Web: www.cz.redhat.com
> > > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
> 
> 
> -- 
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> Attachments:
> * signature.asc

v2.23.0 | Report a Bug | By Email