Re: [TLS] Extensions "supported_groups" and "key_share" in TLS 1.3
Xuelei Fan <xuelei.fan@vimino.com> Fri, 27 November 2015 13:55 UTC
Return-Path: <xuelei.fan@vimino.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA671A1A98 for <tls@ietfa.amsl.com>; Fri, 27 Nov 2015 05:55:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7WFYupNjJg3i for <tls@ietfa.amsl.com>; Fri, 27 Nov 2015 05:55:34 -0800 (PST)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B283D1A1A97 for <tls@ietf.org>; Fri, 27 Nov 2015 05:55:34 -0800 (PST)
Received: by obbnk6 with SMTP id nk6so82923290obb.2 for <tls@ietf.org>; Fri, 27 Nov 2015 05:55:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vimino-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=E5f6reIkKyiCvNYptpWm56hU0qLrblnXbsFw3DIhal4=; b=w7rsvztAo7Z1KFaEULQcZ3p7Q/oL+aigkjrYZ26MQ/hmVNrpDnSJT1pVOWV168GsYt lRG2BrutMq83eGBLYUQ1xWjWDojDOStMKd3BUteBSXQ5ogiaNuVCDIMZz3gyE0/iXBLK amYr1vdECzgXSDT2Wdfq9nugvDLbSIMTl8ERE2OdhYTn4a5X89TAMllhZQgt7ldk/ZId B6FLmE1BMNGrNLJDcozHH+LOf/l2/ZkfwuiQE8c54Xhptx7PRsuGi7nRNBo+2wpH2hRd KiH+MYz1240EV7/y5D3Be8pGRq/khvZng3QuZVXuofhBslMnZbgogTboCIn+e88xbjnO BOgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=E5f6reIkKyiCvNYptpWm56hU0qLrblnXbsFw3DIhal4=; b=RxJMAY0Z/l2cki8kmRHNBSqBxodSTR529D4d3c+Zl8IJHNUHNwHxEltmIOv6KmUydG KwgsbhPGQA1bLX0cym1X6GBU9GTYwsUDEjXDcCd4Ieqs7MdrM64pl6439xk8z3UpeeVA GC3CO/5F+mUGcelz25m6kgiU1IqAvt83+ZtX8as40Yc462vGWZOqV/Uq4iaK8nh+0M+u fURoSHW5eDpv2kQh6qHG85zpEWAWwdA3TKbLcbeQ6XXmzTo3I7ieX34z9bluG3eR8M0c 2n4thnarTE4R4aLcryay+ZcWSvhG4+dRKLqUEkJb8K0QTMkXUd20VAOR0Mc+Rx3NhL4a pXMA==
X-Gm-Message-State: ALoCoQl6LpwZEgiCOsNq/TSZ+cAHnEn3GZSyAYMIAXAgbnikwYU3/ytF321h/O1ItkbOWxu7H7S2
MIME-Version: 1.0
X-Received: by 10.182.251.170 with SMTP id zl10mr32226905obc.8.1448632534175; Fri, 27 Nov 2015 05:55:34 -0800 (PST)
Received: by 10.76.171.103 with HTTP; Fri, 27 Nov 2015 05:55:34 -0800 (PST)
X-Originating-IP: [148.87.19.214]
In-Reply-To: <2070739.hCTgo4e1DJ@pintsize.usersys.redhat.com>
References: <CAAgBOhuOPB=jxO=WWHmy_y7ARY5qfdK2x4xC9t-Z-vn0UU5Paw@mail.gmail.com> <1786049.OYDTVEIchY@pintsize.usersys.redhat.com> <CAAgBOhuOSrxHfvfCHiLHSjfDxGihXh2=-f1PMmSjLhNytTppug@mail.gmail.com> <2070739.hCTgo4e1DJ@pintsize.usersys.redhat.com>
Date: Fri, 27 Nov 2015 21:55:34 +0800
Message-ID: <CAAgBOhtM0O2mOV0End=CFE69WH50KAH9ZYcz8-utSjqAkjs-tQ@mail.gmail.com>
From: Xuelei Fan <xuelei.fan@vimino.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a11c2003e9c2bd30525860bd0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nCuyG7Hu-U2nBy5R8IxvzcVsv0o>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Extensions "supported_groups" and "key_share" in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 13:55:36 -0000
On Fri, Nov 27, 2015 at 9:28 PM, Hubert Kario <hkario@redhat.com> wrote: > On Friday 27 November 2015 21:20:24 Xuelei Fan wrote: > > > > > I think that specifying *both* in preference order, and > > > > > recommending > > > > > the servers to first inspect key shares and then > > > > > supported_groups > > > > > (if no intersect between what server supports and what key > > > > > shares > > > > > client provided) would end up with more predictable behaviour > > > > > and > > > > > cleaner code. > > > > > > > > But if the orders are not consistent, the logic get annoyed. It's > > > > a > > > > good > > > > practice to keep the order consistent, but it would be better if > > > > the > > > > preference order is unique and specified in one place. > > > > > > that means that the code needs to keep references to two arrays at > > > the same time and either create a hash table for lookups in key > > > shares or iterate over key shares for every try - this makes code > > > and logic more complex, not less > > > > I did not get the idea, can the complex above be avoided if keeping > > both? Does one preference order just get ignored? > > the idea is that if there is a key share acceptable for the server, the > supported_groups can be ignored > > but to make sure that clients don't start putting complete garbage > there, we need to tell servers to check key shares against > supported_groups > > As the check needs additional effort, and the client code also needs additional effort to keep the order consistent, I think the logic may be more complex. Anyway, not a big concern to me. Personally, I prefer one logic one place. > > If the orders are not consistent, if I can choose from two options: > > continue or alter, I would choose the continue option. > > alter what? > > If the preference orders in key_share and supported_groups are not consistent, I think an alert message is expected. > > Alert message > > is expensive in practice. > > Note that this alert will never be sent to a client that is behaving > according to specification unless the packets were modified by the > network. It's a sanity check. > > Sure, if both peer strict follow the spec. But implementation may be not correct. Conner case, of course. Thanks & Regards, Xuelei
- [TLS] Extensions "supported_groups" and "key_shar… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Ilari Liusvaara
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Ilari Liusvaara
- Re: [TLS] Extensions "supported_groups" and "key_… Dave Garrett
- Re: [TLS] Extensions "supported_groups" and "key_… Eric Rescorla
- Re: [TLS] Extensions "supported_groups" and "key_… Dave Garrett
- Re: [TLS] Extensions "supported_groups" and "key_… Eric Rescorla
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Eric Rescorla
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Dave Garrett
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Dave Garrett
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Hubert Kario
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Hubert Kario
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan
- Re: [TLS] Extensions "supported_groups" and "key_… Hubert Kario
- Re: [TLS] Extensions "supported_groups" and "key_… Xuelei Fan