Re: [TLS] CH padding extension

Kyle Nekritz <knekritz@fb.com> Tue, 12 June 2018 17:55 UTC

Return-Path: <prvs=9701a8a445=knekritz@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD819130F7F for <tls@ietfa.amsl.com>; Tue, 12 Jun 2018 10:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=dfZehhH7; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=X0lfcV/5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vxWy-KlhHBFe for <tls@ietfa.amsl.com>; Tue, 12 Jun 2018 10:55:32 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9E13130F94 for <tls@ietf.org>; Tue, 12 Jun 2018 10:55:32 -0700 (PDT)
Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5CHgenk014849; Tue, 12 Jun 2018 10:55:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=facebook; bh=msyoaN3oI8h14ZbbF4M/GxHLoeGjibPyaLRxC1Nv1P4=; b=dfZehhH78jB02+/7trbeUXilaamnoAndy3m0Mvukkj/3wXdw5vAXuht6/5UJCsSqQRwb lVsW/Q9loPgDkKpilEFMTxC/be4djnCzqWWutDbds6PQdbwNsPJaiWz3h6qctRRXuX+/ 2/cHj+i9QYpS7xyc1LnFQrSs9D4eOzdpsjQ=
Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2jjj2y06qx-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 12 Jun 2018 10:55:30 -0700
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.26) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 12 Jun 2018 13:55:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=msyoaN3oI8h14ZbbF4M/GxHLoeGjibPyaLRxC1Nv1P4=; b=X0lfcV/5pxqcULQZBnN9glVMTmPQcwYl6l3ZNbF5jQuQ5eTKDONWTm4OTiacXw+4N/a6u8ewo+Nrsslol8x2lieUCeYB728Z2zfFEW2mxIHVk9B5xar7BT4wgzw2pwsTclRejQl3btg/6x3iw8TFYjLAhC2BF963wei7jmvCP8c=
Received: from MWHPR15MB1504.namprd15.prod.outlook.com (10.173.235.13) by MWHPR15MB1584.namprd15.prod.outlook.com (10.173.235.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.14; Tue, 12 Jun 2018 17:55:26 +0000
Received: from MWHPR15MB1504.namprd15.prod.outlook.com ([fe80::d0b7:5e1e:5350:41d2]) by MWHPR15MB1504.namprd15.prod.outlook.com ([fe80::d0b7:5e1e:5350:41d2%3]) with mapi id 15.20.0841.019; Tue, 12 Jun 2018 17:55:26 +0000
From: Kyle Nekritz <knekritz@fb.com>
To: Christopher Wood <christopherwood07@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] CH padding extension
Thread-Index: AQHUAnS4tmF+Dsy0E0SDfsL2VX4VzqRc53Fw
Date: Tue, 12 Jun 2018 17:55:26 +0000
Message-ID: <MWHPR15MB1504272D9A44F7D361DF54D2AF7F0@MWHPR15MB1504.namprd15.prod.outlook.com>
References: <CAO8oSXmMY6JzKrbBqqRp2KvW1qET9qTjfNhwNQ_M3PAFSBbeuQ@mail.gmail.com>
In-Reply-To: <CAO8oSXmMY6JzKrbBqqRp2KvW1qET9qTjfNhwNQ_M3PAFSBbeuQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:10d:c091:200::b3dd]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1584; 7:aktPlUooCgSLueyQ1+8L+pWdxo1xwKFZRIyZEwFMN/Y1NsL9r5AGfiyEaNn2CZxDILg2YWK2oMw4dQV8ti1t3BsFnl6FV15D2vC/rfY/vEAd7RY7RTzZBBRdnldm//H46yZgQhJxRMQLUotVLBvB093ei97iazPIc3SsKyxs+AfX+u+QYckaOAKh5+L+yPJOuy6OZ3DIc5iC/v4mBPINBOT+Ppd5rGTukc88tUv/hDALMoCzUpNhd+O0fsFqTJbs; 20:MfNmXXDL4/QutvVtIk5q74nps/jyvX9Vu8b4IKb5EsBra8YbfYljjFvDDBBxEXmRP2WTvdxuuHJum+1i04lW9lUSDNOycZjGDOzTV3yzkMluKpk2kR9rJNMR9WyX3AUdvbQBdh5W/PEOU6V8QsrFGZVfnPPakGwzvikxflGnoY0=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MWHPR15MB1584;
x-ms-traffictypediagnostic: MWHPR15MB1584:
x-microsoft-antispam-prvs: <MWHPR15MB15846744AB37C07158EA5F58AF7F0@MWHPR15MB1584.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(10436049006162);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(11241501184)(944501410)(52105095)(10201501046)(93006095)(93001095)(3002001)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:MWHPR15MB1584; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1584;
x-forefront-prvs: 07013D7479
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(366004)(376002)(396003)(346002)(189003)(199004)(13464003)(446003)(3280700002)(2906002)(86362001)(486006)(5660300001)(11346002)(3660700001)(6246003)(6116002)(76176011)(7696005)(966005)(105586002)(7736002)(9686003)(68736007)(305945005)(476003)(14454004)(53936002)(229853002)(186003)(39060400002)(575784001)(74316002)(59450400001)(97736004)(102836004)(106356001)(6506007)(478600001)(53546011)(6306002)(25786009)(110136005)(6436002)(8936002)(33656002)(55016002)(5250100002)(316002)(81156014)(8676002)(46003)(99286004)(81166006)(2900100001)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1584; H:MWHPR15MB1504.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: DGxbrTSMSvH3kKWaVo29wRuJYi6UM89UGfF/1/G5LxDbWbZInfPkW7UENK4VBg1CqoUSgEVsf75qMXoHBcdLOyeD+wDPM13y5HV7hX/C5uUq15cA9cZd40uXrCr/7UlpRe6kqXLSROP85InKRLH7elo3xCT2vQZilu0ON7ExZPvlSCUY14N4SOuMk5RYzAyy
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: a3e85d6d-9e9d-40e5-4aa0-08d5d08dadda
X-MS-Exchange-CrossTenant-Network-Message-Id: a3e85d6d-9e9d-40e5-4aa0-08d5d08dadda
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2018 17:55:26.6802 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1584
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-12_01:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qy0iICBFc3v9mvuY65Jl2DFr88U>
Subject: Re: [TLS] CH padding extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 17:55:41 -0000

Since the Certificate message is sent in an encrypted record, the normal record padding mechanism (section 5.4) can be used, rather than sending the padding as actual handshake data.

-----Original Message-----
From: TLS <tls-bounces@ietf.org>; On Behalf Of Christopher Wood
Sent: Tuesday, June 12, 2018 1:41 PM
To: <tls@ietf.org>; <tls@ietf.org>;
Subject: [TLS] CH padding extension

Hi folks,

In Section 4.2 of the latest TLS 1.3 draft [1], the padding(21) extension is restricted to the CH and no other handshake messages.
Another plausible spot for this extension is in the Certificate message. Specifically, although we're encrypting this message, we may not want to reveal its length. Adding a padding extension seems to address that problem. Granted, RFC7685 [2] clearly indicates that this padding is for the CH, and that server "MUST NOT echo the extension."
However, I don't think that rules out server-chosen padding for the Certificate.

What do others think? Is this worth a change?

Best,
Chris

[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtls-2Dtls13-2D28-23section-2D4.2&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=NoLDoqqN97BKYlmPkPtLv4JlT3y32nA2pmpAcfRDGDc&s=ULkmSYAHjmTYA-5NcfzbLoiexbGrO9m-LTuTZoMz_T8&e=
[2] https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7685&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=NoLDoqqN97BKYlmPkPtLv4JlT3y32nA2pmpAcfRDGDc&s=DCiLNYn2n-dm1n-a96cwNup4Yrm8jxj66ynWdfUIzOY&e=

_______________________________________________
TLS mailing list
TLS@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=NoLDoqqN97BKYlmPkPtLv4JlT3y32nA2pmpAcfRDGDc&s=gqkkU78PTKoxJ2uHr1YonppiXHwkRP3SRTPlEnP4iE8&e=