Re: [TLS] Integrity bounds in DTLS

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 15 May 2020 10:29 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C42DF3A08AD for <tls@ietfa.amsl.com>; Fri, 15 May 2020 03:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Q4j7YO96; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Q4j7YO96
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEChTX0iOUhr for <tls@ietfa.amsl.com>; Fri, 15 May 2020 03:29:14 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2047.outbound.protection.outlook.com [40.107.20.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75EF93A08A9 for <tls@ietf.org>; Fri, 15 May 2020 03:29:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=627cgEyGSL/yKh1V0JdRRKBCCaprqESBbPppzP9qYUE=; b=Q4j7YO96yK0K6JDf/04qOEQP0awnY+ivd+EyZUEBHlvbPCh5ZmF3nrzf6Yyecw1t9KMkvBhFa9FI6u0GVORT4FiNFAEfI9VoUqNi6SJPrkcp5kIv890lGjP7KtUuHNFjdnfhdWJz/pQWSzxgVHnd6yimV8ge8rp4I7dVx6I+iEE=
Received: from AM0PR10CA0058.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:150::38) by DBBPR08MB4869.eurprd08.prod.outlook.com (2603:10a6:10:de::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.24; Fri, 15 May 2020 10:29:09 +0000
Received: from AM5EUR03FT034.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:150:cafe::f0) by AM0PR10CA0058.outlook.office365.com (2603:10a6:20b:150::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20 via Frontend Transport; Fri, 15 May 2020 10:29:09 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT034.mail.protection.outlook.com (10.152.16.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.19 via Frontend Transport; Fri, 15 May 2020 10:29:08 +0000
Received: ("Tessian outbound 11763d234d54:v54"); Fri, 15 May 2020 10:29:08 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 7558b2a8e4cc2d45
X-CR-MTA-TID: 64aa7808
Received: from d990baa8d1d0.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 09CA8695-0FD6-43D0-A581-D47A247A17AB.1; Fri, 15 May 2020 10:29:03 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d990baa8d1d0.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 15 May 2020 10:29:03 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JQuCizswjSkKDt2+35SiVw+zt3EB+/XWQGaakDhG37jOBUvI1Us0RZmcjUiTzxO3qknCzqGZ5TOmcUsqT4Pvz+V+eYhPTcixUEk+O/DBqJPlTwhTLH5BK7I9iDcr2u7JCNnLzkJ04mhcnqH+dUOlvV1czc8tCJlwObCZ/6IYI9uhb3Y3B29H5Io4tst3l/amfjMmBzh3El4/wWZAWh13D3GjAPmx9AH1HgdJBG0jS22RFrymJ3XGy4ZzgwVN9qbQPH4tSWN++ZINQsJpPF/uz2LUUcT9qZItooC0aCZVVxY9ww/U/2n6cpYFXRv8vt0uYCnDsRd8ClH49AaH7J7jYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=627cgEyGSL/yKh1V0JdRRKBCCaprqESBbPppzP9qYUE=; b=bctkKFFrD8F38wq18TRCzsk2byggeh6jPaX1kCMOZJ1ipZYK6GKTshPT4BDcJRrRnzvalLwL7ty2b9EPYyFJyb1qwl3KyAwIhk7yDtqsNy/mwXsfigJlkSgMKe+ftKBzHqTR2CDW3TaAjPDWxNNw+lL+yrcH0KFkqBg+r0AKVN9oTIOqDesoGkk+IZRnRTDD6+mplMHU0sPYxl4BvtbJwRuX1IgDjjiWXO2Jur7j9tnNpP2f+DqEHkSmX7NJ9Q5+mVbUP7qYM9j7nupVQNsuOx6/jyf4ZjL8nSUwACd26b4Fh18pM/SDvFaw3EAAYGFsdhCJQfVEZHUAeSHWIUnriA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=627cgEyGSL/yKh1V0JdRRKBCCaprqESBbPppzP9qYUE=; b=Q4j7YO96yK0K6JDf/04qOEQP0awnY+ivd+EyZUEBHlvbPCh5ZmF3nrzf6Yyecw1t9KMkvBhFa9FI6u0GVORT4FiNFAEfI9VoUqNi6SJPrkcp5kIv890lGjP7KtUuHNFjdnfhdWJz/pQWSzxgVHnd6yimV8ge8rp4I7dVx6I+iEE=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (2603:10a6:20b:73::23) by AM6PR08MB4294.eurprd08.prod.outlook.com (2603:10a6:20b:bd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27; Fri, 15 May 2020 10:29:00 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d%6]) with mapi id 15.20.2979.033; Fri, 15 May 2020 10:29:00 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Martin Thomson <mt@lowentropy.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Integrity bounds in DTLS
Thread-Index: AQHWH3Q+28AJtbzAZkuwzrqD1G3GRqicPrYAgAwoNgCAALI5gA==
Date: Fri, 15 May 2020 10:29:00 +0000
Message-ID: <DC178CFB-BE24-4F05-8FEC-9984F7C2AB47@arm.com>
References: <0a9e740f-c20a-4def-9a61-d256cbcbf07c@www.fastmail.com> <cb6dab6a-54dc-484d-80a4-ec16a25fcdea@www.fastmail.com> <c1097fbc-40aa-493b-9857-992fecc48107@www.fastmail.com>
In-Reply-To: <c1097fbc-40aa-493b-9857-992fecc48107@www.fastmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
Authentication-Results-Original: lowentropy.net; dkim=none (message not signed) header.d=none;lowentropy.net; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 6a980cdd-3ee0-4351-ab4e-08d7f8bacd30
x-ms-traffictypediagnostic: AM6PR08MB4294:|AM6PR08MB4294:|DBBPR08MB4869:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DBBPR08MB4869189C192929C0048E746F9CBD0@DBBPR08MB4869.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:9508;
x-forefront-prvs: 04041A2886
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: gdn5nxDjQj+pB+KVbVYJDn7B1wLt3sY9xE0znblPZ8MiTSuiq4M0LZ7vdgMTrtxTNGJYmwcTXROUGHCCG0YgS1DPZgsmteI43YshhNK8YujOUoOJyxAzpHXsgWuqoKDfPLyRcm+AJcAtsepMG96rndz7W3/he0S9outRfWfJs5k9BcuBmRsL5X6oAP3YwOkeKHP+h+naEi0ZVxih9n5QLH30jQCKdbz0nxkB8h6b36ijhUC5IQJM7VZOOnRAYQ1O64vwk0WqcoCq7wd0galGYRKkmd8uay+R/hjKL7x8x6+kNXUZ2CAQbgeXvA7H84hgqOoOLTZEQM1E32zRGodTlBSaq1kejwNydBEDaN1XZuZ8tCNNZ6QAFRswWbvxZVONjC3c9fve0IkFqGbwTDx3UtAGdVBr3dPFC1qn88ecvy/vqyM/Bbwaf/mlzSU+jfy2n94b2p23dToe+6C8A4o+W7JgLiY+8qPFKNJPlt6CwTRUXGzUnNXB5je8U0F5OyLPmvbdv2taao8NZX3KPh3dvg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(346002)(376002)(39860400002)(366004)(136003)(2906002)(6506007)(26005)(33656002)(186003)(6486002)(6512007)(4326008)(478600001)(316002)(110136005)(966005)(86362001)(66946007)(71200400001)(8676002)(53546011)(91956017)(76116006)(66476007)(36756003)(5660300002)(66556008)(8936002)(2616005)(64756008)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 0AdrBfESMR4O8DfPpEOvb0wK84yZE7Yj0HHwYwwk0NTGlf4CFd4F1dRlgLsEmmwuaH8UV3a2gH/rTehxjLRl1/NHWUorAFPtnCtuar6wSVE1oo+Am24d1sUSxcWZFEXA1QLN3e27eGH0jfEL5s4ex1IMmX0lXgI8yonBHoMmjEA+k7o4lQAdomO4An3lKLLgHiAtcPufCIG4xBYOUIKHmowot3NDyYVVA1dNp8kHCI9M6k2C/6Pdh6DKWloL1kp4MOTKXpUx4d3MWiFsBcuR6jew8jKpTGI3JtaqWgh1H3j6f1tVCh2GEg/Gmo48is6CtXD/tIuZpHSmy5wLvSZfaFA/MhQDj4QcDPh/EUlRNX7yAGpWXZj28gDDBeEDeS3DH9Rwpz5cDs/2NecT+j/YgEFdNz76FjI8e/PA3w7bECyvkaFRllrhUI4WjxiejmRviiFk2rC26oPZS8X3hzUOYyB9BsEXyxGlfcHARFCo9qU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <761DC0C36D0A6D499852F36464EB72F5@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4294
Original-Authentication-Results: lowentropy.net; dkim=none (message not signed) header.d=none; lowentropy.net; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT034.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(39860400002)(376002)(46966005)(53546011)(4326008)(5660300002)(82740400003)(2906002)(2616005)(26005)(6486002)(47076004)(33656002)(86362001)(966005)(8936002)(36756003)(6506007)(478600001)(70206006)(81166007)(82310400002)(356005)(8676002)(36906005)(110136005)(186003)(6512007)(70586007)(336012)(316002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 983b19cc-f2f5-4847-2fc6-08d7f8bac86f
X-Forefront-PRVS: 04041A2886
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Az8ii2XspmBLeJKO145oBIX+rp0PNKCsKyhar1RDUeKdCzs9K/SFZRO36tbMikfEkiLfmD7nN3dh2uZS2w+uUN+xwVpR7Gem0ieGXSZyNZQxo3DDJcARtU8mKpVY9ittKIMnRLogxTvXHbPj7Yjg8tTi4/jghOUR/OrJeS/jL+1NwEYTDzg4EwVhse3qIrrPBCLjC11Ppk6xccd6lqhZRDQfVDQZQoV9765yhScUBE4hJksTslcqLDqVv0k3REehFeMO/5j5u5q0hi4PBRa2/lqhqagx3icfd8hqAwMfE8NsqO43j40ppPIsc4b+fYla7S4VFmdqDZlOWXzWO55PHYkqjs/8xdl9E/DVP6mh1mSg66h0qlOiQ2KKGwWEbhSq4eUybfsacjxmZL635NsYwc9dKlLrgno8Nzj/Lh2isNM4WpU8ozCiOvIeZySWAjSFwFqaT6UW0J03I6MqNzLJN7KD285vpy3oayOpwUgW7whf9yl0NvscPsCRXccH4HldggQzwAG6wryHMjKsBPpvvY1hvLfj0S4JGuzXWshcn53bXqUCC1vNzur9ZZN+2U7+Z3JYj8Kt5R8/5+n07z0oog==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2020 10:29:08.5369 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a980cdd-3ee0-4351-ab4e-08d7f8bacd30
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4869
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tKf3G8_UNlVMNC60aAhpHh4E4k0>
Subject: Re: [TLS] Integrity bounds in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 10:29:17 -0000

On 15/05/2020, 01:51, "Martin Thomson" <mt@lowentropy.net> wrote:
> Continuing the trend where I am the only one to post to this thread...
>
> I just posted a proposal:
>
> https://github.com/tlswg/dtls13-spec/pull/147

Looks good, thanks!

While the specific behaviours might more or less differ, the same
considerations apply to 1.2.  How do we make sure that the message
doesn't get ignored?  Would it be worth drafting this separately to
cover both versions (+ an explicit "Updates: 6347" label)?

> So I see two paths and one maybe option:
>
> 1. Prohibit use of TLS_AES_128_CCM_8_SHA256 in DTLS.
> 2. Allow TLS_AES_128_CCM_8_SHA256 in DTLS under special circumstances
>    (the PR).
> 3. An unspecified proposal that allows TLS_AES_128_CCM_8_SHA256 more
>    generally somehow.

While I'd personally prefer path 1, I think we need to factor in
existing deployments somehow.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.