Re: [TLS] MUST <x> or what?
Eric Rescorla <ekr@rtfm.com> Thu, 27 August 2015 19:13 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5CE81B3758 for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 12:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flBLMCHjo7I8 for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 12:13:19 -0700 (PDT)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D89841B340B for <tls@ietf.org>; Thu, 27 Aug 2015 12:13:18 -0700 (PDT)
Received: by widdq5 with SMTP id dq5so2306398wid.1 for <tls@ietf.org>; Thu, 27 Aug 2015 12:13:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=DNEisSLeJjGGNCXkHyuoP6uHJF1de3If8i7M7VDeIGg=; b=kpB5wzd9NDUCqGhalWGy9K6Hom1TzSVlFxpfigYe/8IxiUYN5xSv0Oj6UfMmnU6TDt /rk8CDl9CtnE9jueUmogh8DU2k8Or5QZXk5mkfkdp87E7I4lizhrkVT1WhWEMywV7wYF zmX343mArwFVhnMfJn8vP8v9AneNFw6f3Yn2hMvPCCryJnaIlqZ9Bj0jdrbGdRP0NFu6 d44zuZULHp2ddfG3RQku11a66U7vQDcAjvMMLhf42lBb/aGbI5KzMwzuukvK59zsIAqy npEgeY26PBgr/AK9ecHGKugXuh/4rOFGcWy7LMdQ0dRLrmxSskR/I4bWaxnoQ2wC5qWa SudA==
X-Gm-Message-State: ALoCoQkDZm6HLXChFlhVZVpjKr5yEMRahVvYnB13n6L+8vjT4kj5f4zNVHC15zq3OS2T1YJ6sHjb
X-Received: by 10.194.216.68 with SMTP id oo4mr6509497wjc.81.1440702797552; Thu, 27 Aug 2015 12:13:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.179.221 with HTTP; Thu, 27 Aug 2015 12:12:37 -0700 (PDT)
In-Reply-To: <CABkgnnXFyuf_3pPs8ByJpbOGgPDb2XMfVOZAUA42bmJEB_Vynw@mail.gmail.com>
References: <CABkgnnXFyuf_3pPs8ByJpbOGgPDb2XMfVOZAUA42bmJEB_Vynw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 27 Aug 2015 12:12:37 -0700
Message-ID: <CABcZeBMBUP-RP4PxO+f2te-6heKJ7DmotxcyxATgpJYYPfcJRw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="089e0141a09279b897051e4fc2a6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vibrHAGdKRP7cHNrq3Ae9AvL2XE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MUST <x> or what?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 19:13:20 -0000
On Thu, Aug 27, 2015 at 11:48 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > I've been looking at the latest TLS 1.3 spec and there are a lot of > MUSTs that are completely toothless. To pick on a recent changeset: > > > The signature algorithm and hash algorithm MUST be a pair offered in the > "signature_algorithms" extension (see {{signature-algorithms}}). > I note that we had a very extensive discussio n > > All implementations MUST use the "signature_algorithms" extension when > offering and negotiating certificate authenticated cipher suites. > > > All implementations MUST use the "supported_groups" extension when > offering and negotiating DHE or ECDHE cipher suites. > This is an example of a MUST that is not always easy to enforce. Consider what happens if you have a client which offers both ECDHE and PSK (for resumption) and omits supported_groups. If the server picks PSK it's a pain to check for supported groups and I'm not sure that the world is improved by that code. > I propose that we don't do this in future without due consideration. > In all these cases, the peer that notices a violation of the > requirement can (and I would argue MUST) fail the handshake and > probably generate a fatal alert. > I agree consideration of this question is good. The exceptions to this are where you need to permit non-compliant > behaviour for legacy interoperability reasons. For TLS 1.3, I think > that we can limit that to the ClientHello handling and - if we feel > like we can mandate changes that affect TLS 1.2 or earlier for clients > that support 1.3 - the ServerHello. I think only the ClientHello. As noted above, I don't think that this is the only exception. -Ekr
- [TLS] MUST <x> or what? Martin Thomson
- Re: [TLS] MUST <x> or what? Eric Rescorla
- Re: [TLS] MUST <x> or what? Dave Garrett
- Re: [TLS] MUST <x> or what? Eric Rescorla
- Re: [TLS] MUST <x> or what? Dave Garrett
- Re: [TLS] MUST <x> or what? Martin Thomson
- Re: [TLS] MUST <x> or what? Viktor Dukhovni
- Re: [TLS] MUST <x> or what? Martin Thomson
- Re: [TLS] MUST <x> or what? Eric Rescorla
- Re: [TLS] MUST <x> or what? Eric Rescorla
- Re: [TLS] MUST <x> or what? Salz, Rich
- Re: [TLS] MUST <x> or what? Dave Garrett
- Re: [TLS] MUST <x> or what? Peter Gutmann
- Re: [TLS] MUST <x> or what? Peter Gutmann