IETF Logo Mail Archive

[TLS] make ChangeCipherSpec a handshake message

Hauke Mehrtens <hauke@hauke-m.de> Sun, 28 December 2014 17:06 UTC

Return-Path: <hauke@hauke-m.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3591AD5A6 for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 09:06:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.562
X-Spam-Level:
X-Spam-Status: No, score=-1.562 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dWJ6G834KUQi for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 09:06:46 -0800 (PST)
Received: from hauke-m.de (hauke-m.de [IPv6:2001:41d0:8:b27b::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC02E1A6FF2 for <tls@ietf.org>; Sun, 28 Dec 2014 09:06:45 -0800 (PST)
Received: from [IPv6:2001:67c:20a1:1192:224:d7ff:fe5f:d4e4] (unknown [IPv6:2001:67c:20a1:1192:224:d7ff:fe5f:d4e4]) by hauke-m.de (Postfix) with ESMTPSA id 4CABC20114 for <tls@ietf.org>; Sun, 28 Dec 2014 18:06:40 +0100 (CET)
Message-ID: <54A0389F.2070800@hauke-m.de>
Date: Sun, 28 Dec 2014 18:06:39 +0100
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/nfV4OpDBtT0A53Cu4lA281lfvS8
Subject: [TLS] make ChangeCipherSpec a handshake message
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 17:06:48 -0000

Why is ChangeCipherSpec a special type and not just a handshake message?
It is only send in the handshake and preceded and followed by handshake
messages.

DTLS has some functionality for reordering of handshake messages. All
the handshake messages have a message_seq field which is used to bring
the messages into the right order again and detect duplicates. The
messages can get into the wrong order if they are send independently and
not the hole flight in one turn. This gets even messier when the
packages are getting retransmitted. When packages are getting
retransmitted all packages from a flight are getting retransmitted even
if just one of these packages were not received. With the message_seq
field one can detect if this package was already received and what is
the next package to handle.

The ChangeCipherSpec package does not have a message_seq field, but it
also has to get reordered and retransmitted like the handshake packages.

RFC 6347 already says there is a problem in DTLS:
https://tools.ietf.org/html/rfc6347#section-4.2.5

I worked on a DTLS 1.2 implementation some time ago and there I had to
do some magic to support reordering of the ChangeCipherSpec message.

My proposal for TLS 1.3 is to make ChangeCipherSpec a normal handshake
message. This should make DTLS implementations based on TLS 1.3 easier
and TLS 1.3 gets rid of one special case. When this gets changed the
enum in the ChangeCipherSpec message can get removed as it only contains
one static value. The ChangeCipherSpec message would be similar to the
ServerHelloDone message.

Hauke

v2.23.0 | Report a Bug | By Email