Re: [TLS] TLS Flags Open Question

Eric Rescorla <ekr@rtfm.com> Sat, 05 December 2020 23:31 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56BF3A0E39 for <tls@ietfa.amsl.com>; Sat, 5 Dec 2020 15:31:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LToc1beu3rY6 for <tls@ietfa.amsl.com>; Sat, 5 Dec 2020 15:31:26 -0800 (PST)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3A423A0C47 for <tls@ietf.org>; Sat, 5 Dec 2020 15:31:25 -0800 (PST)
Received: by mail-lj1-x235.google.com with SMTP id t22so10924843ljk.0 for <tls@ietf.org>; Sat, 05 Dec 2020 15:31:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KXjOzhDPZBgBBHkxIxyQm+AcEd18FjnqM4j3LujL81g=; b=v/6RoQZr+6DXB9nQTxgLOjhO3+iLwlOlRwMWbGufWm8BUhR2l1mZe3+PNvG9iP5iV3 YInAx4U47I+3I60/jo6fiSX3jRroGwRHJauCZbG4YMbbn02MZd8wAzhKMT0WSZM8OuqN gxQOkWNsERpQqeBVVvcNlSMrEeLlRQqBC5uYGLTXhb+AhoQlJL3IBC10KNZCjJVXOAnJ ul/czwGYDPf9tWiytmhqxy+kklXtDfL5l8BP+LbCbAwMDm6MTCbJnpwuIgMkOpf2mVmj DwS6NA0x2D1SAi8rExBD3ktGp8HGszZ/5+AgEJ0Ld/R/oqCJ6K6pjmcEE2P8hLN1+8Ni GFAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KXjOzhDPZBgBBHkxIxyQm+AcEd18FjnqM4j3LujL81g=; b=PZa92IPmZ3EKB2f/FTPRs8LD6T+4ea2bPBfKTwAEXeoCI1OefQiOyMG1liAwsf5CuP 21pJw/ewk9nn8baOsXQBhUSjkT7Yj72GYNoD5xq1L8K8Cj67hpLdtC4mpLCwIyAEBcDz 2aI5KQMS9f/7MeVgvGx5yHkOYs7gITFKOzlSjtVudRozzCDKVMURX+jjLZr/H34kLLVE rrB1KyXZZF+KyVYOMahYEfO6o9YilfG5EtN/DUV2qCCBE/e7XW1AowNeJS0mNR4sNDe6 4CBc3KKBtrYliv/BlDsjA4G3hQgyqgp8CctvXLxnH7YM59yvTuKAoSC0aL5wKjWWAOpd 2aPw==
X-Gm-Message-State: AOAM532LEyJ0djtr3KgKSz01VWI9RGGjAm56ErKZlvz73oDwO+8nnCIE Tj2nnQjUCUulDKLE+gA5cAkLja06E6tMi07avj0BkQ==
X-Google-Smtp-Source: ABdhPJyT4PI1MrN7ec8cwTxx3VNLteQRt2133CDFPDPi9YzwCulKxDcsA66lXABnTRjVgHF2HZAWp9pvTruGIHukOVc=
X-Received: by 2002:a2e:988:: with SMTP id 130mr6066257ljj.409.1607211083802; Sat, 05 Dec 2020 15:31:23 -0800 (PST)
MIME-Version: 1.0
References: <D83A814D-F420-47A2-8F80-BD68988F97F8@gmail.com>
In-Reply-To: <D83A814D-F420-47A2-8F80-BD68988F97F8@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 5 Dec 2020 15:30:47 -0800
Message-ID: <CABcZeBNF1JcWQGtL=D+=yTx8fAqxqisfs4nZxChrTj6SSpikng@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000babfe305b5bffd8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vArkTg-HYCVwPym8oM3paGn7zwk>
Subject: Re: [TLS] TLS Flags Open Question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 23:31:28 -0000

On Sat, Dec 5, 2020 at 7:05 AM Yoav Nir <ynir.ietf@gmail.com> wrote:

> Hi.
>
> At IETF 108 a question was raised about The TLS Flags extension.  What
>  payloads on the server side can include this extension?
>
> The “candidates” are ServerHello, EncryptedExtensions, Certificate, and
> NewSessionTicket.
>
> The only one that is controversial here (I think) is ServerHello, because
> it is not encrypted.  Looking at the current list of extensions, I see that
> only 6 can go in ServerHello:
>
>    - password_salt
>    - tls_cert_with_extern_psk
>    - supported_ekt_ciphers
>    - pre_shared_key
>    - supported_versions
>    - key_share
>
>
> Of those, only one would be (if it hadn’t already been standardized) a
> candidate for the TLS-Flags extension: tls_cert_with_extern_psk.  The RFC
> describes it with “The “tls_cert_with_extern_psk" extension is
> essentially a flag to use the external PSK in the key schedule”.  I don’t
> think it’s unreasonable to think that at some point there’s going to be
> another flag-like extension that will need to be signalled in ServerHello.
>
> So the question for the group is, do we allow the flags extension (and the
> flags themselves) to be in ServerHello, or do we prohibit them for now, and
> if ever an extension does need to signal in ServerHello, it can update the
> TLS-Flags RFC at that time?
>
> My vote would be to allow it in all places, and trust the process not to
> place flags that should be encrypted in payloads that aren’t, but either
> way, we need working group consensus.
>

I agree with you that this is the right outcome.

-Ekr


> Thanks
>
> Yoav
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>