Re: [TLS] WG last call of draft-ietf-avtcore-rfc5764-mux-fixes-05

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 02 March 2016 15:32 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EEF31A88D3; Wed, 2 Mar 2016 07:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.6
X-Spam-Level:
X-Spam-Status: No, score=-3.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_84=0.6, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1X8NhhSTmXzN; Wed, 2 Mar 2016 07:31:58 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 526A01A88C6; Wed, 2 Mar 2016 07:31:57 -0800 (PST)
X-AuditID: c1b4fb2d-f79836d000006396-46-56d7076afd64
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.183.57]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id A8.FB.25494.A6707D65; Wed, 2 Mar 2016 16:31:55 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.59) with Microsoft SMTP Server id 14.3.248.2; Wed, 2 Mar 2016 16:31:54 +0100
To: Marc Petit-Huguenin <petithug@acm.org>, Dave Garrett <davemgarrett@gmail.com>, <tls@ietf.org>
References: <56A8904D.10307@ericsson.com> <CAOgPGoBU+h6cA9RDxBX2m1AR-3-GnC7OYcfDLTpDepX00g73dA@mail.gmail.com> <201602080117.57742.davemgarrett@gmail.com> <56CA239F.6010107@acm.org>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <56D7076A.1020703@ericsson.com>
Date: Wed, 2 Mar 2016 16:31:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56CA239F.6010107@acm.org>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsUyM2K7pW42+/Uwg/8XWSxe9qxkt1j+p4vR 4sKau0wWn853MTqweFy+4u2xc9Zddo8lS34yBTBHcdmkpOZklqUW6dslcGW0XLvKVtCsWfHk xWv2BsbNSl2MnBwSAiYSz87PYoSwxSQu3FvP1sXIxSEkcJhRor1vIiuEs4xRYsvaayxdjBwc wgJeEiv2ZIM0iAgkS9ydvRqsWUhgJ6PEyX5xEJtZQEji9JxvrCA2m4CFxM0fjWwgNq+AtsTq 5l1g9SwCKhIf759jAbFFBWIkjr87xwhRIyhxcuYTsDingLrE8nn3GUHWMgvYSzzYWgYxXl6i eetsZoi12hINTR2sExgFZyHpnoXQMQtJxwJG5lWMosWpxcW56UbGeqlFmcnFxfl5enmpJZsY gWF8cMtv3R2Mq187HmIU4GBU4uH9IHctTIg1say4MvcQowQHs5IIbzzL9TAh3pTEyqrUovz4 otKc1OJDjNIcLErivGyfLocJCaQnlqRmp6YWpBbBZJk4OKUaGOfbWLpMmRzKzOA2y2BOp6OJ TIDawcrElozVWbIehl8mOnF0ryqe8rewXGP10zOHJ7A4xslWz62ZofqleOqtcr05Tu+3+Ms+ 8Pv7VoQ9liV9BcsHudN874w3HJ2iHJU8Qer6rxkCcY01cgvS1f0u7rwkZ/Po14XVdZNDXdtf bzliKts19dTsJCWW4oxEQy3mouJEAINYWm1fAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mb8M6jLMRqB_2iBlqeADpUgPbC8>
Cc: avt@ietf.org
Subject: Re: [TLS] WG last call of draft-ietf-avtcore-rfc5764-mux-fixes-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 15:32:00 -0000

Hi Dave and TLS WG,

To my understanding the changes proposed by the 
draft-ietf-avtcore-rfc5764-mux-fixes is not an issue if any TLS 1.3+ 
extension, i.e. any TLS extension that is not to be used in 1.0-1.2 can 
safely be allocated in the reserved range as they will not be externally 
visible. Such a simple motivation fulfil the coordination requirement as 
I see it.

As the AVTCORE WG chair and document shepherd I will continue with a 
publication request as soon as I done the paper work for it. If you have 
any additional feedback on this, then please provide it now.

Cheers

Magnus Westerlund
AVTCORE WG chair



Den 2016-02-21 kl. 21:52, skrev Marc Petit-Huguenin:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 02/07/2016 11:17 PM, Dave Garrett wrote:
>> Permanently gobbling up the majority of the codespace feels like
>> excessive force here.
>
> This is not what the RFC-to-be is proposing.  We are just marking the values that can create an issue when used with RFC 5764 as reserved, with a note in the IANA registry that ask to read the RFC-to-be to understand the problem.  If a new proposed ContentType codepoint will never ever be used in the context of RTCWeb, then it can be allocated in the reserved range.
>
>> For TLS 1.3, the first byte will always be one
>> of alert(21), handshake(22), or application_data(23), even for custom
>> types. The stated type for TLSCiphertext has been frozen to
>> application_data(23) with the actual type for the payload now in the
>> encrypted fragment. (this is of course assuming we don't eventually
>> drop the frozen type & version here, which now sounds unlikely if
>> we're having to deal with design flaws like this) Even handshake
>> records after the hellos will have an opaque_type of
>> application_data(23), with the encrypted fragment.type containing the
>> actual handshake(22) designation. All TLS 1.3+ packets will be
>> detected with the RFC 5764 Section 5.1.2 algorithm even if new types
>> are allocated in the proposed reserved ranges.
>>
>> Locking down the <1.2 registry seems fine, however 1.3+ should be
>> able to do whatever it needs as its encrypted type is not going to
>> get accidentally read & misinterpreted by anything.
>>
>> https://tools.ietf.org/html/draft-ietf-tls-tls13-11#section-5.2.2
>> https://tools.ietf.org/html/rfc5764#section-5.1.2
>> https://tools.ietf.org/html/draft-ietf-avtcore-rfc5764-mux-fixes-05#section-4
>>
>>
>>
>> Dave
>>
>>
>> On Monday, February 08, 2016 12:21:02 am Joseph Salowey wrote:
>>> This document is relevant to the TLS working because it reserves a
>>> large portion of the TLS content type space.  The values 0-19 and
>>> 64-255 cannot be used without checking for conflicts with
>>> SRTP-DTLS's wacky demultiplexing scheme.   In TLS 1.3 we will move
>>> more encrypted content types which should limit the impact this
>>> unfortunate design on TLS evolution, but the working group should
>>> be aware of this.
>>>
>>>
>>> On Wed, Jan 27, 2016 at 1:39 AM, Magnus Westerlund
>>> <magnus.westerlund@ericsson.com> wrote:
>>>
>>>> AVTCORE and TLS,
>>>>
>>>> TLS WG, you are included in this WG last call, as this document
>>>> affects the TLS ContentType IANA registry.
>>>>
>>>> This email starts a two week WG last call, that ends on the 10th
>>>> of February. The intended status of this document is standards
>>>> track (Proposed Standard).
>>>>
>>>> The document can be retrieved here:
>>>> https://datatracker.ietf.org/doc/draft-ietf-avtcore-rfc5764-mux-fixes/
>
> - --
>>>>
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: http://blog.marc.petit-huguenin.org
> Profile: http://www.linkedin.com/in/petithug
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWyiOZAAoJECnERZXWan7EpAwQALT42q+uWbjk9qfPZmJI4dzU
> EKhNuQw+yJZ6Pk0TO5EbLtbLb0U9huWIXfL/qnMhoZKmtyBI05yL08KIIucJQJ74
> Y/vTcVuYhminD4Ug8p4ytu9v5RotexQFbomFKqZP3TC0hCISrrWbbg+LU0EEPpZM
> jT+D8pYdzAXGEYQvZ8k9xq/rjZfksYLjQOUPLHgoCC1L3wzr3xvswKQ7c0NEoSC8
> rDbVxTp4f+q15W3/HG29+wFN6npgapFK49bXPzAR2LYTHO8yw6mHpHMEd3zq9Kd/
> HsdOWH2ETqFiLOaszFO+rzQPx+/OsEwZWDTf2tcKLamogCoKfRJKICmFWAvHSf9G
> 56aiBiwL6kdKZHIcOJ4zQZqG7UdZ1pVy78czPfkjSwB8TD1RMFXNwS6WTgF9RmYy
> Ixe1lrvzOdfrL02NvGz2DdEAM7ETS9ujIxbrOUTEg6d7IDJ7FQdT97zHxvCUfjLY
> kDd4RtVqIr825+78uJxeXCJ5fZfXOG0VbwpwlC2smyxHUUVwTWQMCJ32EvZynuFo
> f7yNMkdSolr3C2Bkt5ELwnKxUtiTqFMZj52rtBzhqAN6iDt289JSvO1e87EORBin
> N1ingAw1bEJz1raNF0uA8u7N12QUtAsPrc9hYpmYjxl6I3+d/lFevvmWne/YbWbU
> UduqXpPezcNInD7bMDOD
> =J64B
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>


-- 

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------