IETF Logo Mail Archive

Re: [TLS] Fwd: Clarification on interleaving app data and handshake records

Watson Ladd <watsonbladd@gmail.com> Sun, 06 December 2015 02:44 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96C241B2F3D for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 18:44:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVamI_eDd7ME for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 18:44:46 -0800 (PST)
Received: from mail-yk0-x22b.google.com (mail-yk0-x22b.google.com [IPv6:2607:f8b0:4002:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46B3A1B2F3C for <tls@ietf.org>; Sat, 5 Dec 2015 18:44:46 -0800 (PST)
Received: by ykba77 with SMTP id a77so162078844ykb.2 for <tls@ietf.org>; Sat, 05 Dec 2015 18:44:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kpQzMPkUg40D6L6d2riIn28SSpAPkADfRl4Vd1nnsG8=; b=uA3o6UrcIxT0d2T+ueDoRLz3ai8s6TmIgX9X7BmYycOIWXObDbhNpuzXz0R2dITiiV pGQ/3Y7Ff/v+RdhPyVQiHHeEWZlADHr1zPI/425hgagkJHdc0WAne8YUDzsgD4tkv/6I vI7VkGhRjeIILRhYLaZ4k8L+2yKYiFFB+Ytgr77anhUoyFCoAXPzE0CF5W8ysCApmkxH 9O8TsIjUiRV9VeGaFKswXr9qFqHEqKJGEbGhNKgl2FUhw1uIF10SWatwbzltSFBuVOvv VRNJO8LMzn9Dj7B2PMXAjIzAVWB7siZcQgkLzVv60gGcVd3LHeoV4RyVCWWQd6NHKtJN x/RQ==
MIME-Version: 1.0
X-Received: by 10.129.90.85 with SMTP id o82mr17733789ywb.97.1449369885666; Sat, 05 Dec 2015 18:44:45 -0800 (PST)
Received: by 10.129.148.131 with HTTP; Sat, 5 Dec 2015 18:44:45 -0800 (PST)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B9B5C9@uxcn10-5.UoA.auckland.ac.nz>
References: <20151015130040.9F1BB1A2EF@ld9781.wdf.sap.corp> <2977428.j4DNTR9LXR@pintsize.usersys.redhat.com> <20151016203610.GA5596@roeckx.be> <2348468.lpGyMim7ub@pintsize.usersys.redhat.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B3DA@uxcn10-5.UoA.auckland.ac.nz> <CACsn0ckLkgMA2xHphro-a1N3tr+NJAvRV_NvVKP2K-=7zj1OfA@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B509@uxcn10-5.UoA.auckland.ac.nz> <CACsn0cmUzez7zttX+F-axEfCo098FWOWyj2UkBuV2Nc+weoSqQ@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9B5C9@uxcn10-5.UoA.auckland.ac.nz>
Date: Sat, 05 Dec 2015 21:44:45 -0500
Message-ID: <CACsn0cmenEcWq-Zzct4rfEyJ_QEp92VNDHiPOnB06ZvWz=twkw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mjCNDXAvUeaQB7M5fMqRA5LY25s>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 02:44:47 -0000

On Sat, Dec 5, 2015 at 9:33 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> Watson Ladd <watsonbladd@gmail.com> writes:
>
>>miTLS did not claim to be consistent with the RFC. Rather it claimed to be
>>secure, and to interoperate with most other implementations in circumstances
>>tested. The informal nature of the RFC makes it impossible to carry out
>>formal verification against it.
>
> By that argument, you could start accepting SSH messages in the middle of the
> TLS handshake.  No matter how you colour it, accepting Application Data after
> a Client Hello is wrong.  Is there any random, non-formally-verified
> implementation that would do that?

Any implementation where the record layer state is maintained
separately from the handshake state will do this automatically. The
only security issue is when data is intermingled across authentication
boundaries, but once the record layer is told to encrypt at all that
doesn't happen. If you disagree, please cite the sentence of the TLS
RFC which prohibits accepting application data records during the
handshake.

>
> Peter.



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email