Re: [TLS] More clarity on resumption and session hash

David Benjamin <davidben@chromium.org> Fri, 29 May 2015 18:16 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 367621B2BB4 for <tls@ietfa.amsl.com>; Fri, 29 May 2015 11:16:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2M1iL0Rcmzu for <tls@ietfa.amsl.com>; Fri, 29 May 2015 11:16:24 -0700 (PDT)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137D31B2BB0 for <tls@ietf.org>; Fri, 29 May 2015 11:16:24 -0700 (PDT)
Received: by igbhj9 with SMTP id hj9so21157010igb.1 for <tls@ietf.org>; Fri, 29 May 2015 11:16:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=9MC9RJFjoZVz19+kxG6rjxwhM+8izAYxOpEJkBylBl0=; b=h5kOI9XW9SA6d08H04Ca1vm5wtWrV+K+Mqf2Wdsb067PPYvUEZ4dMmI4Dnxk96Np0x qfLqfRzhXMr1KA7ZHUqCkuNWsnSLOFjGkIm1nK8ax96T0WFlJC+9TLwoIlMKlg5gdaY+ 8/ctTWHVQKiiue9Nv/hYb6qZjsALMkHMjLzZk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=9MC9RJFjoZVz19+kxG6rjxwhM+8izAYxOpEJkBylBl0=; b=Arl4sgmVrtHmY7RDxyjr8JiJX2JY6CttCjD8mdrU7WfgWos+RhcguIdTtEbxsClkF1 HrBri9Mon2H/Qn6hIjVIt7+8XeXUlmQaerNKV2I47tPfM923u4uE1Y49DRjpPi/klRVf 6uJBWFUt3ERz+k1wo8qg2kk4Rjw2FcnU8OSSsJBmwqOuDLfJJgoVLZqaXKbR4QebRtOU CkXQFanJHQvlkfTlshE0ii7jHaHQmmtR1DAVxMs/CN34w/f3N0787gk/pmZLetNMBQ+c szKHIhav/QVoD7tJtHPmD+iK5r5n4Ni1/Ngdx96a2oyDGw8yJeZDJ0m0SzYBg33UWE9E hTIg==
X-Gm-Message-State: ALoCoQlVpodmODX5/z7755qVG91lv3qt0bdGqq356yQhplsqT0pY0ei/B/ud5e9TYEocLpDSROPX
X-Received: by 10.43.84.73 with SMTP id aj9mr16548001icc.69.1432923383531; Fri, 29 May 2015 11:16:23 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBM9UGZoifzDZZ3METMJJHa1ueX9CdHiccYTDW5UVC3RrA@mail.gmail.com> <20150527172329.GI27628@localhost> <CABkgnnUb5jDMMchxDxun_Kp9hYJ8_YFK_URrE=bXE8oej=zYCA@mail.gmail.com> <CABcZeBO6=V8HFTnr82_tt63HQiwSjeSJ-o-hS3sr_tUnO-Jy5g@mail.gmail.com> <CAF8qwaBori2QARe4Xz0aoV2OnQoyXvxGYT03YFvSwGeC9eRZUw@mail.gmail.com> <f7a4a15a0d5d4c859be1193ce5dcd313@ustx2ex-dag1mb2.msg.corp.akamai.com> <CAF8qwaB5dqfgvzNduDtjerBKf2Uk=YMcoy+m0nW2zp-idmcj+g@mail.gmail.com>
In-Reply-To: <CAF8qwaB5dqfgvzNduDtjerBKf2Uk=YMcoy+m0nW2zp-idmcj+g@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Fri, 29 May 2015 18:16:13 +0000
Message-ID: <CAF8qwaAU9VXuBPTgffJ+7VHLspGCi8Jp6h6-4+Rk2zyF9p8R-A@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=bcaec51824c6443a4c05173c796d
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nZ5UGuw050i3gLgFAGJG1g0d428>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] More clarity on resumption and session hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2015 18:16:25 -0000

On Fri, May 29, 2015 at 2:14 PM David Benjamin <davidben@chromium.org>
wrote:

> On Fri, May 29, 2015 at 2:09 PM Salz, Rich <rsalz@akamai.com> wrote:
>
>> > I poked a bit more and I was mistaken about OpenSSL's d2i_SSL_SESSION
>> behavior: Although it does ignore the structure version, it will fail the
>> parse if it sees elements at the end of the structure it doesn't understand.
>>
>> We'd like to change this.  Allow applications to append their own data to
>> a session is very useful.
>>
>> (We is probably my employer submitting patches to OpenSSL which someone
>> on the dev team like me will review.()
>>
>
> This is somewhat tangential, but this seems a bad idea. Having
> applications squat the same namespace of tag numbers as OpenSSL will break
> when OpenSSL internally adds more fields to the end. If you want
> applications-specific data in the session, either the application should
> serialize and deserialize a wrapper structure that happens to contain a
> serialized SSL_SESSION, or explicitly introduce an OCTET STRING hole to
> stuff opaque application-specific data into.
>

(Not to mention the obvious bad consequences, such as the one discussed in
this thread, if an older OpenSSL happily parses an SSL_SESSION with fields
it doesn't understand from a new OpenSSL.)

David