Re: [TLS] Connection ID Draft

"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Wed, 18 October 2017 06:43 UTC

Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A5A1320CF for <tls@ietfa.amsl.com>; Tue, 17 Oct 2017 23:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zYCeCs5ZKXC for <tls@ietfa.amsl.com>; Tue, 17 Oct 2017 23:43:57 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0090.outbound.protection.outlook.com [104.47.1.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C2C132026 for <tls@ietf.org>; Tue, 17 Oct 2017 23:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E+YIZtU3YZ2yleZcuduc7Bu4dtx5Lpk6e1af2/6Q/FU=; b=lvyJdRq+BRoGqTYZOrvmkKCGTcJItRQ/Py5gLJeNpLK4hYsjOHjA4PS9ntboSE7t3TVAWK+FLVMle/BGqSVPorT69SfJg4FmwPdOYOtj0a1K3YIjKKmtUpXMMBuxb/MHRkjzY+j++1PfSkwa0hI4OPpNfmgwVZy2YEAdZ0PZGG8=
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) by VI1PR07MB1103.eurprd07.prod.outlook.com (10.163.168.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Wed, 18 Oct 2017 06:43:53 +0000
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::e157:80bf:7ba7:b2ed]) by VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::e157:80bf:7ba7:b2ed%13]) with mapi id 15.20.0156.004; Wed, 18 Oct 2017 06:43:53 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Connection ID Draft
Thread-Index: AQHTQ6/ei1Eh6DPTUUK7WLQddJSSYqLhT4aAgAfyyQA=
Date: Wed, 18 Oct 2017 06:43:52 +0000
Message-ID: <12771800-934C-4542-9F26-2E07B2C8D684@nokia.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <1507875665.3178.19.camel@redhat.com>
In-Reply-To: <1507875665.3178.19.camel@redhat.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.109.173.195]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1103; 6:6/0IvKfigbFanrx163xjYnZyPHrb1TfTDEj8JbkZROcTv7U41/Hn8y+nM2egrbNBLCZpWIs3VUDYUmr9CkZjzMrdkna876F9kpBIiMkCnYONsvErX2wqzTgzJ3ct/vpPtfW7XGJKyYPT/149v83/Qny8BCnuVjt/zs67A6/7S75b1Nb217SZFDuiao2RG8DRkQcOLr0TGWMxj8JQ9vJGZLS9p/XRA29KoCLP34w80wOWBCS2gYLDuw2zwaOjIS0kT+c7pydeCh5C+SpS8hJ8BOgIvXaNFzaDx/zrGTnlTVGbf23yG1V9gpZu/4XL7Sc72pxTLCvSfBCYhrFYFAWQWA==; 5:Pbo50boyNFIHb1AxwNijHGKNOtccseiPMyDnKGGC91Rb5vJvwMBJYxWSaGsIq9l3gD/s2ciSF3RfX/IQHGF1D6G9Eoavhidr9e8kc4txMxzfKR811Jo40cvF3RLwuVcxygkQazZO1ZWl5pyBju3xpw==; 24:JZniTSas1A0FnQ+bL/CV5KzPUd/wEavxGmAZqie9F6xwWUKKtaEQZ0+xZdfe23BbuoF6LogGUcmj6cLlijSP3t9d3wf/IlOhij3Hoh7o3Xs=; 7:mRZ2TVc/X6V5EMXeMNkeQFd7pUve/4QM1afkQmPi7YRWrLTjjqMqs9fBxYuVNAlotfKaP7bkRZj2p/g05/XITWytuzjZ/O7vyj8QCkDQwnLbOtu3KA7etUkbLjlcbTlUSdPTJj2lrGs+HyS10iM8son7zpfXnR0kZtOT1DsxYIAveN53Ke0IId8LMg+ZghGxVIlPLtlL0JSZPsj8in+UTBhueai3bDgfUXiZabyO/3o=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(24454002)(50986999)(2950100002)(7736002)(53936002)(6116002)(4326008)(68736007)(102836003)(305945005)(105586002)(106356001)(2900100001)(66066001)(6512007)(316002)(83716003)(82746002)(99286003)(58126008)(83506001)(36756003)(110136005)(81156014)(54356999)(8936002)(8676002)(76176999)(229853002)(53546010)(6436002)(2906002)(3660700001)(6506006)(86362001)(5250100002)(6486002)(97736004)(5660300001)(6246003)(107886003)(478600001)(3280700002)(189998001)(3846002)(101416001)(25786009)(2501003)(33656002)(81166006)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1103; H:VI1PR07MB1102.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 47d969c9-cc35-4367-28d3-08d515f398fe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR07MB1103;
x-ms-traffictypediagnostic: VI1PR07MB1103:
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-microsoft-antispam-prvs: <VI1PR07MB11032DAED36C6D869D06A79A804D0@VI1PR07MB1103.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR07MB1103; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR07MB1103;
x-forefront-prvs: 0464DBBBC4
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A22D6B7D95F78240A69BACB518F52E5C@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2017 06:43:52.9221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1103
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/l6OylBJCD7Nv392Ay8SKyFGmAPY>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 06:43:59 -0000

Hi Nikos,

On 13/10/2017, 07:21, "TLS on behalf of Nikos Mavrogiannopoulos" <tls-bounces@ietf.org on behalf of nmav@redhat.com> wrote:
> Another worrying feature is that the client can make the server send
> up to 255 verbatim bytes on the wire of his choice. Why was this
> feature added? Are there use cases related with it (intro doesn't
> mention any), or it was only thought as a make it as generic as
> possible approach? If it is the latter, I'd recommend to provide a
> simple approach that covers the described use cases.
> 
> The same argument applies to the server being able to set such a long
> sequence of verbatim bytes to each of the client packets.

I'd like to get a better understanding of your concern here.

Is it size?

Or is that it creates a potential sub-channel for sending identifying
information?

If the latter, it doesn't look much different from Random (except it's
larger)?  And then it gets hashed in the finished message, so, the room
for a third party to fiddle with it seems really limited.

Exactly, what risk do you foresee?