IETF Logo Mail Archive

Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

David-Sarah Hopwood <david-sarah@jacaranda.org> Thu, 12 November 2009 00:14 UTC

Return-Path: <djhopwood@googlemail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 993B43A6808 for <tls@core3.amsl.com>; Wed, 11 Nov 2009 16:14:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCB+ymJ7Rji9 for <tls@core3.amsl.com>; Wed, 11 Nov 2009 16:14:40 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by core3.amsl.com (Postfix) with ESMTP id E337B3A67D1 for <tls@ietf.org>; Wed, 11 Nov 2009 16:14:39 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 9so401025eyd.51 for <tls@ietf.org>; Wed, 11 Nov 2009 16:15:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=pD6SWsrzyOVbymUAg9nx46/U76SmhH5ekaoqTxtkYBU=; b=At6fKW+YCGWdHGzjeVCKk0PelvmkdLZ/PNHC+DpP4JSTyCgkKt74zSavTPVMzGY1qS jouB50LLHCcyB66af4D5ztqzGadTbbeugTBb18tHfiJaODZhwpOKEn/v3GZ6RSSmnvZ8 gUeWT5+i/2pNjdevc2G8r8S1pntoF9+uuZOs8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=bBE/rixe6lhVfT7v/TGQtgKL64EI+0BPmUcMpcXdfn0LSK+lCRkRe/qB8doIfPMilM DBEcn3V/xOhsQKLMbbLgkYNxQwC7FonSHHn9cBw6CUsXekHLvrWUtiIXJlCbPnXE71PD 6SfzZVSrx8btYbygSIk0gDLB1n2rfLeDBT+ZQ=
Received: by 10.213.0.135 with SMTP id 7mr2829767ebb.64.1257984903163; Wed, 11 Nov 2009 16:15:03 -0800 (PST)
Received: from ?192.168.0.2? (5e057cdf.bb.sky.com [94.5.124.223]) by mx.google.com with ESMTPS id 23sm1753478eya.12.2009.11.11.16.15.01 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 11 Nov 2009 16:15:02 -0800 (PST)
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4AFB5380.50908@jacaranda.org>
Date: Thu, 12 Nov 2009 00:14:56 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <1b587cab0911080935m64eabca8t6f7f6dfb9a666d06@mail.gmail.com> <p06240806c71ce60888e1@[133.93.128.35]> <4AF73817.4080802@extendedsubset.com> <20091108231234.4A72569E39E@kilo.networkresonance.com> <4AF83FB9.9060302@drh-consultancy.demon.co.uk> <20091109175954.8DF8F69E5CB@kilo.networkresonance.com> <808FD6E27AD4884E94820BC333B2DB774F30DD16F6@NOK-EUMSG-01.mgdnok.nokia.com> <4AFB0995.8060504@drh-consultancy.demon.co.uk>
In-Reply-To: <4AFB0995.8060504@drh-consultancy.demon.co.uk>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enig8FB7171F7B40D9019DC2D8B2"
Subject: Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2009 00:14:43 -0000

Dr Stephen Henson wrote:
> Pasi.Eronen@nokia.com wrote:
>> Eric Rescorla wrote:
>>
>>> I don't think the problem here is really the code point assignment.
>>>
>>> I would imagine the IESG and IANA to be pretty good about doing
>>> advance assignments once the WG has converged on the exact contents
>>> of the extension. I know we had pretty good consensus within a
>>> smaller group, but if when we run it by some cryptographers they say
>>> it's insecure we'll need to change it, at which point it won't
>>> really help to have deployed code with the "early" code point.
>> <wearing area director hat>
>>
>> I think this is one of those cases where an exception to the usual
>> procedures might be in order, but the "once the WG has converged on
>> the exact contents" is an important point here. It's relatively rare
>> that the -00 version of some internet draft and the final RFC are
>> actually interoperable.

It's rare for typical RFCs, but this is a very simple extension. The
discussion so far has been about when clients and servers MUST or SHOULD
send the extension; not about changes to its contents or meaning that
would affect interoperability. If no such changes in fact occur, then I
would hope that the existing extension number (0xFF01) could be assigned,
rather than assigning a new number for the sake of it.

>> Using the same extension number for multiple incompatible versions of
>> the draft is probably not a good idea (and probably not very secure,
>> either -- if the handshake fails, you don't know if it's due to an
>> attack or just interoperability problem, and the latter might be much
>> more likely), and I'd like to avoid allocating multiple extension
>> numbers for different versions of the draft, too.
> 
> Would including a version number in the extension help? Then if the format does
> change implementations can indicate that it is a version they don't support or
> decide they are willing to support an older version.

I don't see any advantage of that over using a different extension number,
*if* the format changes.

In any case, the current draft is -00, and no changes that would not
be interoperable have yet been proposed. So let's avoid prematurely
adding complication where it may not be needed.

> This would also cover the case where some cryptographic attack is found against
> the current form later. We keep the extension number but bump up the version.

Adding a new extension would have the same effect.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

v2.23.0 | Report a Bug | By Email