IETF Logo Mail Archive

Re: [TLS] Connection ID Draft

Martin Thomson <martin.thomson@gmail.com> Thu, 12 October 2017 23:33 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549ED132D17 for <tls@ietfa.amsl.com>; Thu, 12 Oct 2017 16:33:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fn_M6RNkbTYz for <tls@ietfa.amsl.com>; Thu, 12 Oct 2017 16:33:08 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE441132403 for <tls@ietf.org>; Thu, 12 Oct 2017 16:33:07 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id m198so10962869oig.5 for <tls@ietf.org>; Thu, 12 Oct 2017 16:33:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6r+cmQXt0Vi9Z6qTH3KgG/wYtH/Z3uo9Mni6npuV71A=; b=Rv8arvElspwvX/VRLtsaRl3XhJWqVqy5yMaehLwjOTl7nK9uxY2V93R2Wq1ZWfDiRJ 0YQ8PKuJSbEsS84hQ/m2MrLd8iB0e1VHYUxirG064bUHvZAyAND8e6+16DMYQxmYg+SH GvBUQP7bDt247kqs6PTC1tmtTLmYacRH4pjJkhQMtGJ9zrsvv6rvAvYhY8Rd5fUJE+Pb SRTsoXO/VprXlY4RvFf9i2wc6g88RUCZ/8WObSUfNtTKanCB5ggas5hqr4exc6aUca74 a9JIjpG346gKbHf5KcfvPbhvYrD1IR66Oi1TiuKq16THW2W5tQCvuuYoJ1kdBQSA3EYM fohA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6r+cmQXt0Vi9Z6qTH3KgG/wYtH/Z3uo9Mni6npuV71A=; b=V+NK5sxXDQvSOERAkpCzGqNrlBfG5Op1HcmZzcf7meNsoooBDNhtO68RfwC+5ZpPy/ rITUPKqrJVY+NK9v/ASX89MkuWIFUat8elF+Re7EcQloixXw/2MCDk8BogJdmbG488n2 I+QYB1jlPR1DfgGRWDOAP1cyhjckaaGIqQwV3Vfa6rC/3PrMwG9oQpc2G4YE2tf9brcv DXcoT1lSL6SvwXo61F/uVEM+twN34RevYX6xXbmwjASVrIwCPPr+BzUK4BdqbOyhvwdM u6B1oY8Z4/JKIBTJT2wFaIVNtLj7ttEADfMzndZAvIfWF06n+pjNbeczYNKm2JbVPkgX duRQ==
X-Gm-Message-State: AMCzsaXbHYqqmyTJkPfuZ/FNnTq3jGSgOjkfyd5BVmPpZhEvXBCe7i5T G/LyEoOPZVidAEUapvWGEoR4Iwe0R2Nfz0dRRW19Uw==
X-Google-Smtp-Source: AOwi7QCw3nTk3hZpuUwDPa7ZIjlBEVDnmi20dXh7K2kLXngWF1W4OK0eQOUz9Lfuf8uMOkeJg4k2ls6jpq9+mLFlXm8=
X-Received: by 10.202.75.140 with SMTP id y134mr1922680oia.3.1507851187250; Thu, 12 Oct 2017 16:33:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Thu, 12 Oct 2017 16:33:06 -0700 (PDT)
In-Reply-To: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 13 Oct 2017 10:33:06 +1100
Message-ID: <CABkgnnXsBZz5PAvQOfYBgB6HHzH0RuQgO8DuAeZ9X2+R02QP_A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/upv2L8fCexaw2GTzz1naDWwIj68>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2017 23:33:09 -0000

This seems like a pretty solid design.  (Better in many ways to the
QUIC design, but then I might concede that the constraints are
different.)

The example shows the connection ID only being used after the
handshake completes (that is, on epoch=3), but handshake records
(epoch=2) use the same record format and we already know the
preference of the peer when sending them.  I can see why you opted for
this design (there is no way for the server to signal that it intends
to use the connection ID before it starts to send it), but that could
be addressed by moving the extension to the ServerHello.  The value is
sent on every subsequent record, so there is no real gain in having
the extension in EncryptedExtensions.  There is value in having record
construction be consistent.

The design for new connection IDs is clearly to handle the linkability
issue, but the draft doesn't propose a solution for linking based on
the monotonic increase of sequence numbers, or acknowledge the
problem.

We had comments about the length of the connection ID and the value
being used as a covert channel.  That issue should at least be
addressed in the security considerations.


On Fri, Oct 13, 2017 at 10:13 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> Hi folks,
>
> I have just posted a first cut at a connection ID draft.
> https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00
>
> Comments welcome.
>
> -Ekr
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email