[TLS] make ChangeCipherSpec a handshake message
Hauke Mehrtens <hauke@hauke-m.de> Sun, 28 December 2014 17:06 UTC
Return-Path: <hauke@hauke-m.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3591AD5A6 for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 09:06:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.562
X-Spam-Level:
X-Spam-Status: No, score=-1.562 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWJ6G834KUQi for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 09:06:46 -0800 (PST)
Received: from hauke-m.de (hauke-m.de [IPv6:2001:41d0:8:b27b::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC02E1A6FF2 for <tls@ietf.org>; Sun, 28 Dec 2014 09:06:45 -0800 (PST)
Received: from [IPv6:2001:67c:20a1:1192:224:d7ff:fe5f:d4e4] (unknown [IPv6:2001:67c:20a1:1192:224:d7ff:fe5f:d4e4]) by hauke-m.de (Postfix) with ESMTPSA id 4CABC20114 for <tls@ietf.org>; Sun, 28 Dec 2014 18:06:40 +0100 (CET)
Message-ID: <54A0389F.2070800@hauke-m.de>
Date: Sun, 28 Dec 2014 18:06:39 +0100
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/nfV4OpDBtT0A53Cu4lA281lfvS8
Subject: [TLS] make ChangeCipherSpec a handshake message
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 17:06:48 -0000
Why is ChangeCipherSpec a special type and not just a handshake message? It is only send in the handshake and preceded and followed by handshake messages. DTLS has some functionality for reordering of handshake messages. All the handshake messages have a message_seq field which is used to bring the messages into the right order again and detect duplicates. The messages can get into the wrong order if they are send independently and not the hole flight in one turn. This gets even messier when the packages are getting retransmitted. When packages are getting retransmitted all packages from a flight are getting retransmitted even if just one of these packages were not received. With the message_seq field one can detect if this package was already received and what is the next package to handle. The ChangeCipherSpec package does not have a message_seq field, but it also has to get reordered and retransmitted like the handshake packages. RFC 6347 already says there is a problem in DTLS: https://tools.ietf.org/html/rfc6347#section-4.2.5 I worked on a DTLS 1.2 implementation some time ago and there I had to do some magic to support reordering of the ChangeCipherSpec message. My proposal for TLS 1.3 is to make ChangeCipherSpec a normal handshake message. This should make DTLS implementations based on TLS 1.3 easier and TLS 1.3 gets rid of one special case. When this gets changed the enum in the ChangeCipherSpec message can get removed as it only contains one static value. The ChangeCipherSpec message would be similar to the ServerHelloDone message. Hauke
- [TLS] make ChangeCipherSpec a handshake message Hauke Mehrtens
- Re: [TLS] make ChangeCipherSpec a handshake messa… Ilari Liusvaara
- Re: [TLS] make ChangeCipherSpec a handshake messa… Hauke Mehrtens