Re: [TLS] Some comments about draft-ietf-tls-applayerprotoneg-01

Yoav Nir <ynir@checkpoint.com> Tue, 02 July 2013 06:40 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CE3B11E830A for <tls@ietfa.amsl.com>; Mon, 1 Jul 2013 23:40:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53VsMpVDLgn2 for <tls@ietfa.amsl.com>; Mon, 1 Jul 2013 23:40:01 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 30BC221F93E5 for <tls@ietf.org>; Mon, 1 Jul 2013 23:40:00 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r626djkq010984; Tue, 2 Jul 2013 09:39:59 +0300
X-CheckPoint: {51D275B0-8-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.48]) by IL-EX10.ad.checkpoint.com ([169.254.2.180]) with mapi id 14.02.0342.003; Tue, 2 Jul 2013 09:39:49 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Thread-Topic: Some comments about draft-ietf-tls-applayerprotoneg-01
Thread-Index: AQHOcXYmoV9GvBkxHECtNVUf6mHhEZlQdzOggABOToA=
Date: Tue, 02 Jul 2013 06:39:49 +0000
Message-ID: <A6965FDF-099E-42AC-A577-B671B6B31E18@checkpoint.com>
References: <279FAAD4-1FF3-4D9D-939A-10D83E0B036E@checkpoint.com> <31987392d2a3412f8e3932dc61264c32@BL2PR03MB194.namprd03.prod.outlook.com>
In-Reply-To: <31987392d2a3412f8e3932dc61264c32@BL2PR03MB194.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.24.134]
x-kse-antivirus-interceptor-info: protection disabled
x-cpdlp: 11319d925e2458a1b08447534db72cb27497aeb610
Content-Type: text/plain; charset="us-ascii"
Content-ID: <33FC4D7E4FC23E43BA16AB1CD983710A@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org list" <tls@ietf.org>
Subject: Re: [TLS] Some comments about draft-ietf-tls-applayerprotoneg-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 06:40:07 -0000

Hi Andrei.

Inline.

On Jul 2, 2013, at 2:30 AM, Andrei Popov <Andrei.Popov@microsoft.com> wrote:

> Hi Yoav,
> 
> Thanks for reviewing the draft.
> 
> Regarding the preference order of the protocol IDs, the language was intended to indicate that most of the time it makes sense for the server to choose according to the server's preferences; however an implementation may have valid reasons to ignore this and go with the client's order of preference (that's why SHOULD is used). We can change the wording, if this is not clear.
> 
> As for returning the protocol selection response, the idea is that an extension is optional, and can be ignored (e.g. when disabled, or for some implementation-specific reasons). I would rather retain this flexibility and keep MAY.

I know some documents specify behavior of implementations that have turned off the feature. But I believe an implementation with the feature disabled is not bound by the RFC. So as long as you support ALPN, you MUST reply.

> The current draft makes a distinction between IANA-registered protocol IDs and those not registered by IANA. The latter can be used privately, for experimentation, etc. We can devise a more elaborate namespace scheme if there is consensus in the WG that this would be desirable. Personally, I would rather keep it simple.

I like the idea to have private space in addition to experimental space. Let's raise this issue in Berlin (and here)

> "hide" protocol ID seems to defeat the very purpose of hiding:). Those who are interested in hiding the negotiated protocol, usually don't want the intermediaries to be able to treat different protocols differently. E.g. proxies could easily filter out traffic which includes "hide" protocol ID.

Doing an immediate renegotiation is as obvious a "tell" as a "hide" protocol. But there are many more fields that people would like to hide besides protocol. In fact, protocol is unlikely to be the secret information. Hiding a client certificate (that might have a user name) is a higher priority. We can't really hide the fact that we *are* hiding a user identity. But we can hide the identity itself, and I think that's a worthy thing to have.

> Does it make sense to include a protocol list in the renegotiation handshake? I believe it is possible that one would want to renegotiate to a different application protocol.

Renegotiation is supposed to be done to replace encryption keys, and it can be done unbeknownst to the application layer (which was the basis for the famous vulnerability from 2009). So negotiating a new protocol would be weird.


> Thanks,
> 
> Andrei