Re: [TLS] RFC5746: Renegotiation Indication for minimal servers

"Bauer Johannes (HOME/EFS)" <Johannes.Bauer@bosch.com> Wed, 03 August 2016 14:07 UTC

Return-Path: <Johannes.Bauer@bosch.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E69E12DCBD for <tls@ietfa.amsl.com>; Wed, 3 Aug 2016 07:07:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.02
X-Spam-Level:
X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bosch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGCJr-QgRAvM for <tls@ietfa.amsl.com>; Wed, 3 Aug 2016 07:07:20 -0700 (PDT)
Received: from smtp6-v.fe.bosch.de (smtp6-v.fe.bosch.de [139.15.237.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89CB812DC4F for <tls@ietf.org>; Wed, 3 Aug 2016 06:59:32 -0700 (PDT)
Received: from vsmta14.fe.internet.bosch.com (unknown [10.4.98.54]) by imta24.fe.bosch.de (Postfix) with ESMTP id 6761BD8022E; Wed, 3 Aug 2016 15:59:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bosch.com; s=2015-01-21; t=1470232755; bh=F+T+Gjt514oySXduPX5cWBKh2s+Y6w3R8Na8gipRQUc=; l=10; h=From:From:Reply-To:Sender; b=VKeNlgJuLhwUH0l7eqL5P4WnWAyPDtLy80V+uPkNLXdJiQ5J2hEOa5x+Yp+oX8/hh aP00Rf/74jPgesPm9HcY8731/i19bYJAZDfVK9Zvm90LyI4LcFv7XGw9l0p8ijqASg Y2eTZqXwXkHRu6OpGKiT1x1ju127JhoLlJQvPqns=
Received: from SI-MBX1015.de.bosch.com (vsgw22.fe.internet.bosch.com [10.4.98.11]) by vsmta14.fe.internet.bosch.com (Postfix) with ESMTP id 2C89EA40310; Wed, 3 Aug 2016 15:59:15 +0200 (CEST)
Received: from FE-MBX1015.de.bosch.com (10.3.230.73) by SI-MBX1015.de.bosch.com (10.3.230.37) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 3 Aug 2016 15:59:14 +0200
Received: from FE-MBX1015.de.bosch.com ([fe80::256d:ef59:31f1:323f]) by FE-MBX1015.de.bosch.com ([fe80::256d:ef59:31f1:323f%16]) with mapi id 15.00.1178.000; Wed, 3 Aug 2016 15:59:14 +0200
From: "Bauer Johannes (HOME/EFS)" <Johannes.Bauer@bosch.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Thread-Topic: [TLS] RFC5746: Renegotiation Indication for minimal servers
Thread-Index: AQHR7MJvU2wvbTQxuUivvvKs9ZJJXKA1khQAgAAp0U7//+VmgIABowJM
Date: Wed, 3 Aug 2016 13:59:14 +0000
Message-ID: <1470232754152.68803@bosch.com>
References: <9edc2222b4e141538875ff62ca3be22e@FE-MBX1015.de.bosch.com> <CACsn0c=GN_f1UhoyzbRATgn_+C-0nK_aqx_MSaY2PnSuKeXcog@mail.gmail.com> <1470148363699.24362@bosch.com>, <4ff68fa1-0d8e-ed1e-064c-8bb5bbf5935a@akamai.com>
In-Reply-To: <4ff68fa1-0d8e-ed1e-064c-8bb5bbf5935a@akamai.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.35.28.73]
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.0.0.1202-22490.006
x-tm-as-result: No--36.812700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/alternative; boundary="_000_147023275415268803boschcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
X-TMASE-MatchedRID: ufrcWL8w4aRJJDuM6qazTt35+5/2RxqmzJmqByfAaS2rzPs85fwUk8+c wCLpvDnEyLM3fIW7EpPqls0VZLxwO8U9PLpBsUYW6Zzj+kMRBrYlBKvI9NWIX2yZJ8/t392lkqO 2AbVSuPwjS7ssOLM5LyWyEfCJu9vRKmzIo+yV5o9tD1qg9KZYkVAI6wCVrE3vI/wYF6KKoMPaj9 /xSaV+b6mbwieu8yiCVrG6IYC9CcIHtbzbuedXjVPjo7D4SFg4EQn/YzVoovedYFRaUAqcE9Srq PZHzcuEy4iz7RMbp/FDZSkBhDFqipqyd2+pD08T547kEFZFT02+CP3vLx6KVqIiUozBB8xrDWI1 DnlsVGsPjcygpUCE8B3Ju+pmIrzGmNrlAIQG7r+WPQ9PzUcaKnzIY7d2+Tz9StFk/81wIJKY2sp SGP3t2CqO1+vEcPReZs76viGG3wGpvxu3mLBTOyI9MxSOQ6CSXgqwd9ijktAUtdRZTmEaIQLVL/ qx/ph44ACDWfJ2QnAjSorByreWzDe/ugX/fMWnOU88jCSC5MYtlZY1WAfRjQLO3+bb7Ofo4J/B1 ev1TO0nlz+21M/WjIAy6p60ZV62HRcIXG0b6Kij/IVP6PIDIpx+7GyJjhAUANfm9zN31SVUs5dT ObL2s6fUqLdl9YnWCc8vBJN6mFs82cpqSFYk4LJQof7Tc9NZFNApWWqrSUWiNvVt9DoQS3HC8sm oAuSHwL6SxPpr1/I=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lT2nXL95mN3O2gkTsQhcDz2-BV0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RFC5746: Renegotiation Indication for minimal servers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 14:07:24 -0000

Hi Ben,

On Tue, Aug 2, 2016 at 17:05, Benjamin Kaduk wrote:
> The next step is for someone to write proposed text that would be more clear.
> Maybe you have thoughts about how things could change?

Sure, I can give it a shot. Below is my proposal. Curious to hear your
thoughts on it. I propose slight wording changes in three parts and a new
Sect. 4.6 which sums up what is to do for minimal implementations.

Cheers,
Johannes



Sect. 3.4 (Client Behavior: Initial Handshake)

   o  When the handshake has completed, the client needs to save the
      client_verify_data and server_verify_data values for future use.

could be clarified as follows:

   o  When the handshake has completed, a client that supports renegotiation
      needs to save the client_verify_data and server_verify_data values for
      future use.



Sect. 3.6 (Server Behavior: Initial Handshake)

   o  When the handshake has completed, the server needs to save the
      client_verify_data and server_verify_data values for future use.

could be clarified as follows:

   o  When the handshake has completed, a server that supports renegotiation
      needs to save the client_verify_data and server_verify_data values for
      future use.



Sect 4.3 (Server Considerations)

   In order to enable clients to probe, even servers that do not support
   renegotiation MUST implement the minimal version of the extension
   described in this document for initial handshakes, thus signaling
   that they have been upgraded.

could be clarified as follows:

   In order to enable clients to probe, even servers that do not support
   renegotiation MUST implement the minimal version of the extension
   described in this document for initial handshakes, thus signaling
   that they do not suffer from an insecure renegotiation vulnerability.



New Sect 4.6 (Minimal Implementation)

   Signaling that insecure renegotiation is not supported is a useful effect
   of the adaptation of this RFC regardless of whether or not a specific
   implementation supports renegotation or not. Since minimal implementations
   typically do not support renegotation, they also are implicitly not
   vulnerable to the attacks described in the beginning of this document.

   Therefore it is sufficient for clients that do not support any kind of
   renegotation to simply include the TLS_EMPTY_RENEGOTIATION_INFO_SCSV
   signaling cipher suite value in the ClientHello, as described in Sect. 3.4.

   For TLS servers which do not support renegotiation, it is sufficient to
   parse ClientHello messages for either the
   TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value or an empty
   renegotiation_info TLS extension. In either cases, the server MUST respond
   with an empty renegotation_info TLS extension, as described in Sect. 3.6.

   Neither servers nor clients which do not support renegotiation will
   therefore have the need to store additional variable data in memory during

   runtime.


--
Johannes Bauer

Engineering Field Services (HOME/EFS)
Robert Bosch Smart Home GmbH | Schockenriedstr. 17 | 70565 Stuttgart-Vaihingen | GERMANY | www.bosch-smarthome.com<http://www.bosch-smarthome.com>
Tel. +49(711)81112906 | johannes.bauer@bosch.com
Registergericht: Amtsgericht Stuttgart, HRB 754585;
Geschäftsführung: Dr. Peter Schnaebele, Veronika Danner