Re: [TLS] A question for TLS middle-box/middleware vendors/implementers
Yoav Nir <ynir.ietf@gmail.com> Sat, 27 January 2018 19:31 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 306CA126BF0 for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 11:31:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2fE6_178vg5 for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 11:31:41 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC631200B9 for <tls@ietf.org>; Sat, 27 Jan 2018 11:31:41 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id v71so26855148wmv.2 for <tls@ietf.org>; Sat, 27 Jan 2018 11:31:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=rYbsruFfmPIC59fot+xuzlUVRreS8wVlw9i3nSdVzBw=; b=aWGiORy18cE6DaJrP4TIHz2zV3w5HXuUSWjLaHxGFtEvZnrlyj5x8osK0tK0Nu/BpI jcqKRvfpynUlzQjmFLUxBJHgi2TrG19I8oQcwvvZ0KqOq4Q1fVP3cipDNvWQBkhMUbvI +RCtTPlKdkA6kXTkdYSlZeawYDDz71la0xoUVDNb4kGSwbgkzmfypXYT5Ko834/Beq59 OctQgYhv6Xoe0lbPC+UzFIR1RJQpVRdlE+pmmI8IIaU3jpT3ewK5wLjQcFwqoh85Nm3R T5DJqINxEP23TUSwwilHf+/a5RirQ5trPga2kULXT87L/twC+/PARCDekRVHQpBxdsAi bFhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=rYbsruFfmPIC59fot+xuzlUVRreS8wVlw9i3nSdVzBw=; b=g9Z9qlPRMPvx52eNfLES5CDtq1HH1WhTrTgoq2SZ7QIcW58Fxd4fr5uo+RjrC7RYbI RAoz+j/QkoJ/pI7W5zWeUSDWyc7mdlNF1vbp/EuJWAQK45GAgJhreLCo6WieVrwmbHVc vn1HoQLJV/simX0XU0PUtKRZH2MUeF+augSCiOo8nmlekwr5Lm5MUT/ITQi2RUSmncM7 FKPeOwC0WXIUE+52vCG+Zb2v1l0qEvHFHSMuQfAUOwcSUTAc6ZJQpuDE/GWG3UNAJ4AK /MzIFodpNRx6tc0m+W7XfBU9hqHFGU9s6JJdK2CMHO5DtjpykjwCSjupFLat1G/Vyhl+ CQXQ==
X-Gm-Message-State: AKwxytdh//D5v5zpjQoW+NOg/y+8kvssP1j9ZkJ91WdRr407bWT0bj5K HD4qOc+qUfJ0wxK3XpJYs08=
X-Google-Smtp-Source: AH8x224rfibpF1L9fSOxRNcubBAVlvMeOacfpE4fYwiYHkDAqtweZ5NUvfegk4h4+TwOeE2BqndTBw==
X-Received: by 10.28.154.141 with SMTP id c135mr15442707wme.82.1517081499947; Sat, 27 Jan 2018 11:31:39 -0800 (PST)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id w7sm9535846wra.90.2018.01.27.11.31.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 27 Jan 2018 11:31:38 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <AC31F5BD-A6CA-4F56-A181-BE84F9EF3F4E@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0600F6A7-46B0-407B-A768-D184B7EAC801"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Sat, 27 Jan 2018 21:31:36 +0200
In-Reply-To: <7CC4F5F0-DCC1-420E-B91A-A4D5B9FC5D53@nokia.com>
Cc: "tls@ietf.org" <tls@ietf.org>
To: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
References: <7CC4F5F0-DCC1-420E-B91A-A4D5B9FC5D53@nokia.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nfp-QzKHiLl7hj3btYShArnJRC4>
Subject: Re: [TLS] A question for TLS middle-box/middleware vendors/implementers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jan 2018 19:31:44 -0000
> On 27 Jan 2018, at 18:30, Fossati, Thomas (Nokia - GB/Cambridge, UK) <thomas.fossati@nokia.com> wrote: > > Hi TLS middle-box/middleware folks, > > If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is > set, how does your software react? > > Is it going to drop the session/record or not bothering at all? > > I'm trying to understand a bit better whether and when it'd be safe to > grab that bit and give it new semantics (e.g., for signalling the > presence of a DTLS connection-id, an ext-header, or anything else > really) and your answers would help shedding some (*) light on the > matter. > > Based on previous experience on similar (but not identical) changes to > the record format, Adam ([1], [2]) suggested that this bit is likely to > have already ossified in TLS, whereas DTLS might be still OK. So, I'm > curious to hear from those who own the boxes' logics if they share the > same opinion - in particular if DTLS is in better shape than TLS? > > Thanks in advance for your time. > > (*) I'm pretty sure not every TLS middle-box vendor on earth is > subscribed to this list and, even among those who are, not everyone > might be willing or able to share this information with the wider > community. This is to say that I'm aware of the limited value a poll > like this has, but I'm not in a position to do a large-scale measurement > campaign at the moment, so better start from somewhere... OTOH, I think > there is a valuable discussion to be had in cases like this with folks > that don't own the endpoints but are going to (or have already) put > their logics on the e2e path, so hopefully I'm not wasting everyone's > time :-) > > cheers, t > > [1] https://www.ietf.org/mail-archive/web/tls/current/msg25299.html > [2] https://www.ietf.org/mail-archive/web/tls/current/msg25304.html <https://www.ietf.org/mail-archive/web/tls/current/msg25304.html> Hi, Thomas. I don’t work for a middlebox vendor anymore, although I did only 8 months ago. This answer is not based on recently looking at code. The length field is byte-aligned. So any implementation of a TLS parser or TLS proxy will do one of two things: 1. Consider the MSB to be a must-be-zero bit and drop any length field that has it set as faulty. 2. Ignore text about limits on length and assume the record is that big. Depending on what field that is, this may cause a drop on some other sanity check. As always there’s option #3 (crash), but the industry is getting better at avoiding that. You seem to want the behaviour that the middlebox masks out the must-be-zero bits and considers only the relevant length bits. I don’t think that would pass code review at my former employer. HTH Yoav
- [TLS] A question for TLS middle-box/middleware ve… Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] A question for TLS middle-box/middlewar… Yoav Nir
- Re: [TLS] A question for TLS middle-box/middlewar… Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] A question for TLS middle-box/middlewar… Yoav Nir
- Re: [TLS] A question for TLS middle-box/middlewar… Fossati, Thomas (Nokia - GB/Cambridge, UK)