Re: [TLS] Server-side missing_extension MUSTs
Hubert Kario <hkario@redhat.com> Thu, 14 July 2016 11:37 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB74A12D753 for <tls@ietfa.amsl.com>; Thu, 14 Jul 2016 04:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.209
X-Spam-Level:
X-Spam-Status: No, score=-8.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tu6J2ALaFBZu for <tls@ietfa.amsl.com>; Thu, 14 Jul 2016 04:37:11 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ADDF12D549 for <tls@ietf.org>; Thu, 14 Jul 2016 04:37:11 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DB83F4883F; Thu, 14 Jul 2016 11:37:10 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-107.brq.redhat.com [10.34.0.107]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u6EBb9GL027849 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Jul 2016 07:37:10 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Thu, 14 Jul 2016 13:37:08 +0200
Message-ID: <4869007.FHLngpRvOx@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.10 (Linux/4.6.3-300.fc24.x86_64; KDE/4.14.20; x86_64; ; )
In-Reply-To: <CABkgnnUTv84ha=0vc=JSdXmDSK-XHi0SrRUWv+n504emUnYb6A@mail.gmail.com>
References: <CAF8qwaAAw6zA9jRPMQ5MXqHptBtsarhNPcH6KJzzSE-h1XiFDg@mail.gmail.com> <CABcZeBOCD6hx4913r8JwXnpqbbrzA2t5CxTSf6PWkD27a=GoOQ@mail.gmail.com> <CABkgnnUTv84ha=0vc=JSdXmDSK-XHi0SrRUWv+n504emUnYb6A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart6578271.a0n0SpiqmN"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 14 Jul 2016 11:37:10 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oeBKTvARIyQxwFQ9WnxQkFwnmiI>
Subject: Re: [TLS] Server-side missing_extension MUSTs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2016 11:37:13 -0000
On Thursday 14 July 2016 09:17:06 Martin Thomson wrote: > On 14 July 2016 at 03:01, Eric Rescorla <ekr@rtfm.com> wrote: > > > > Obviously, you could add a check that said that if an EC cipher suite was > > advertised, then you had to look for key shares even if you picked one, but > > it's not a check you otherwise need. > > Though you would miss an EC cipher suite that you didn't know about. > And as far as the client is concerned, any cipher suite that the > server didn't pick is potentially one that it didn't know about. yes, but it's also a ciphersuite no other client will negotiate with that server and that's why we don't say that server should complain that an extension it does know about was sent despite there are no EC ciphers from its point of view you, as server, act on what you know and understand, and you check it fastidiously, everything else you MUST completely ignore ie. if you know about supported_groups extension you MUST check that the length of extension matches exactly the length of array (minus the 2 bytes for length), and that length is an even number but you MUST ignore any identifiers you don't know about if they appear in the array so server should check if, and only if, there are EC ciphers it knows about* in the client hello, then it should check for the presence of the extension and abort if it is missing * either ones it can negotiate now, or in general, but that's unimportant (I'd say the latter solution would be "cleaner") -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- Re: [TLS] Server-side missing_extension MUSTs Hubert Kario
- Re: [TLS] Server-side missing_extension MUSTs Martin Thomson
- Re: [TLS] Server-side missing_extension MUSTs Dave Garrett
- Re: [TLS] Server-side missing_extension MUSTs Eric Rescorla
- Re: [TLS] Server-side missing_extension MUSTs Hubert Kario
- Re: [TLS] Server-side missing_extension MUSTs David Benjamin
- Re: [TLS] Server-side missing_extension MUSTs Hubert Kario
- Re: [TLS] Server-side missing_extension MUSTs David Benjamin
- Re: [TLS] Server-side missing_extension MUSTs David Benjamin
- Re: [TLS] Server-side missing_extension MUSTs Hubert Kario
- Re: [TLS] Server-side missing_extension MUSTs Dave Garrett
- Re: [TLS] Server-side missing_extension MUSTs David Benjamin
- Re: [TLS] Server-side missing_extension MUSTs Martin Thomson
- Re: [TLS] Server-side missing_extension MUSTs Dave Garrett
- Re: [TLS] Server-side missing_extension MUSTs Dave Garrett
- Re: [TLS] Server-side missing_extension MUSTs Eric Rescorla
- [TLS] Server-side missing_extension MUSTs David Benjamin