Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
Watson Ladd <watsonbladd@gmail.com> Sun, 06 December 2015 02:44 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96C241B2F3D for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 18:44:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVamI_eDd7ME for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 18:44:46 -0800 (PST)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46B3A1B2F3C for <tls@ietf.org>; Sat, 5 Dec 2015 18:44:46 -0800 (PST)
Received: by ykba77 with SMTP id a77so162078844ykb.2 for <tls@ietf.org>; Sat, 05 Dec 2015 18:44:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kpQzMPkUg40D6L6d2riIn28SSpAPkADfRl4Vd1nnsG8=; b=uA3o6UrcIxT0d2T+ueDoRLz3ai8s6TmIgX9X7BmYycOIWXObDbhNpuzXz0R2dITiiV pGQ/3Y7Ff/v+RdhPyVQiHHeEWZlADHr1zPI/425hgagkJHdc0WAne8YUDzsgD4tkv/6I vI7VkGhRjeIILRhYLaZ4k8L+2yKYiFFB+Ytgr77anhUoyFCoAXPzE0CF5W8ysCApmkxH 9O8TsIjUiRV9VeGaFKswXr9qFqHEqKJGEbGhNKgl2FUhw1uIF10SWatwbzltSFBuVOvv VRNJO8LMzn9Dj7B2PMXAjIzAVWB7siZcQgkLzVv60gGcVd3LHeoV4RyVCWWQd6NHKtJN x/RQ==
MIME-Version: 1.0
X-Received: by 10.129.90.85 with SMTP id o82mr17733789ywb.97.1449369885666; Sat, 05 Dec 2015 18:44:45 -0800 (PST)
Received: by 10.129.148.131 with HTTP; Sat, 5 Dec 2015 18:44:45 -0800 (PST)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B9B5C9@uxcn10-5.UoA.auckland.ac.nz>
References: <20151015130040.9F1BB1A2EF@ld9781.wdf.sap.corp> <2977428.j4DNTR9LXR@pintsize.usersys.redhat.com> <20151016203610.GA5596@roeckx.be> <2348468.lpGyMim7ub@pintsize.usersys.redhat.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B3DA@uxcn10-5.UoA.auckland.ac.nz> <CACsn0ckLkgMA2xHphro-a1N3tr+NJAvRV_NvVKP2K-=7zj1OfA@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B509@uxcn10-5.UoA.auckland.ac.nz> <CACsn0cmUzez7zttX+F-axEfCo098FWOWyj2UkBuV2Nc+weoSqQ@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B5C9@uxcn10-5.UoA.auckland.ac.nz>
Date: Sat, 05 Dec 2015 21:44:45 -0500
Message-ID: <CACsn0cmenEcWq-Zzct4rfEyJ_QEp92VNDHiPOnB06ZvWz=twkw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mjCNDXAvUeaQB7M5fMqRA5LY25s>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 02:44:47 -0000
On Sat, Dec 5, 2015 at 9:33 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Watson Ladd <watsonbladd@gmail.com> writes: > >>miTLS did not claim to be consistent with the RFC. Rather it claimed to be >>secure, and to interoperate with most other implementations in circumstances >>tested. The informal nature of the RFC makes it impossible to carry out >>formal verification against it. > > By that argument, you could start accepting SSH messages in the middle of the > TLS handshake. No matter how you colour it, accepting Application Data after > a Client Hello is wrong. Is there any random, non-formally-verified > implementation that would do that? Any implementation where the record layer state is maintained separately from the handshake state will do this automatically. The only security issue is when data is intermingled across authentication boundaries, but once the record layer is told to encrypt at all that doesn't happen. If you disagree, please cite the sentence of the TLS RFC which prohibits accepting application data records during the handshake. > > Peter. -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [TLS] Fwd: Clarification on interleaving app data… Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Ilari Liusvaara
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Clarification on interleaving app data … Short, Todd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Yoav Nir
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Karthikeyan Bhargavan
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario