IETF Logo Mail Archive

Re: [TLS] Deprecating alert levels

David Benjamin <davidben@google.com> Mon, 17 October 2016 17:47 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59BB312988A for <tls@ietfa.amsl.com>; Mon, 17 Oct 2016 10:47:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.131
X-Spam-Level:
X-Spam-Status: No, score=-3.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwGK9XCMN9I4 for <tls@ietfa.amsl.com>; Mon, 17 Oct 2016 10:47:10 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2798A1295C6 for <tls@ietf.org>; Mon, 17 Oct 2016 10:47:10 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id j37so196262311ioo.3 for <tls@ietf.org>; Mon, 17 Oct 2016 10:47:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pHnSqFIZYnzzvhvV8nJAYp8k8MY8eMdhsXmBbnEXbrc=; b=jbiY6Ld+n+m0dGx2KRshdfb7jBaqaxBQIH3b+LLQSd5cfEnOmwRyDx6PXM8YMdTjgt HLjahuD5aNE7nzgD2oJGR3LF/7K1t0QjgmUuf6PvgOXgVevEw3rNQ7XDzY7gGXagAFp7 Vcvqq6dlqvdve6pneq9UqhyIT8ZwhTuIUuHrgSlkV562MrSXXIf0D7kmxFaulHe2QnL7 DNYTj5XxFVxgl/MjX9m27mJ5JvA1YPS84fAn1in1zwm21tJ+JLY9qkDK+jM4dCWTJxqw ziCiy9cf5XnkndkpV4XcQNBNayEPlLJ+jNAUI0+cFOduYdaVvL/lIApjEn8HAfJHSpBQ lc9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pHnSqFIZYnzzvhvV8nJAYp8k8MY8eMdhsXmBbnEXbrc=; b=jhDXc6g9N1E+5CFWaBLn4atA3lXZmfWe1iP1lDvkAj2I0smo+J9kgwRITvxAsKn/ZC kBxiaw4PHgWJ0nLF9EZ6DBt43oUJ1S7BF0bUG0ewL9GWLG55YTqi9oFmgaVi3RcKt8nL YxtLyov9R3OZrJdIb4h7WWvttUnCV1phvBIGMdHcnaQdb7h9FvVSYmiQN9TdrFL78zA8 k942w4qy4cnW0WXZUqoNaW4uQRQI+GlOoMsqj1JxZ0ybG6JCvOYJSwg1AijPlZ1ldkU0 UEiWZ+Qvfl46KClFBROop60FcZGw62lDLuLAOVvUiL/J83XK8lIeD5OYGSVTwg3AhQlZ njZA==
X-Gm-Message-State: AA6/9Rm/CAKBMy7sWQHJnEl+eTVAMLhqhMNfviDtv5BYCRdLRhjYUmDpSxRA+L9lrK3PnCP90Fm6jBZxQZhe3WJp
X-Received: by 10.107.136.232 with SMTP id s101mr23534728ioi.171.1476726429266; Mon, 17 Oct 2016 10:47:09 -0700 (PDT)
MIME-Version: 1.0
References: <MWHPR15MB1182C9D7ED8BA11F0EAEFCE8AFDF0@MWHPR15MB1182.namprd15.prod.outlook.com> <CABkgnnUDPobAqmQFu+H_2btFgi1s8CGUW_anxSpssu31rp-V1g@mail.gmail.com> <MWHPR15MB11829BF852A21F2E9C2B99B6AFD00@MWHPR15MB1182.namprd15.prod.outlook.com>
In-Reply-To: <MWHPR15MB11829BF852A21F2E9C2B99B6AFD00@MWHPR15MB1182.namprd15.prod.outlook.com>
From: David Benjamin <davidben@google.com>
Date: Mon, 17 Oct 2016 17:46:57 +0000
Message-ID: <CAF8qwaA5M-6aOvFP9_sQmzkW83_HotWH_-yto9M6YkuMGyvxdw@mail.gmail.com>
To: Kyle Nekritz <knekritz@fb.com>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a113ec3b43fb34d053f132a8f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vsUH4vgKtceX1NXYMAb87uZb_NQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating alert levels
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 17:47:12 -0000

On Mon, Oct 17, 2016 at 1:34 PM Kyle Nekritz <knekritz@fb.com> wrote:

> > You are suggesting that end_of_early_data and close_notify will be
> marked "fatal".
>
> Yes, technically they would have no alert level (since alert level is
> deprecated), but as far as bytes on the wire changes with this PR, that's
> correct.
>
> > could you expand on why it's a problem?
>
> Alert level is not conveying any additional information since there is one
> (and only one) alert level each alert type must be sent as. Having a
> separate field that does not convey additional information is only
> providing an opportunity for implementations to misuse it and create subtle
> bugs (for example if one implementation ignores warning level alerts, while
> another incorrectly sends alerts defined as fatal at warning level).
>
> > This list is already missing the warning-level "unrecognized_name"
> alert, and such a change would imply that all new/unrecognized alerts are
> going to be treated as fatal forever (i.e. that no new warning-level alerts
> can ever be defined).
>
> That alert is currently defined as a fatal alert (see section 6.2 in the
> current draft). RFC 6066 also states "It is NOT RECOMMENDED to send a
> warning-level unrecognized_name(112) alert, because the client's behavior
> in response to warning-level alerts is unpredictable.", which I think
> illustrates the problem. Allowing new non-fatal alerts to be added later
> would require that existing clients ignore unknown warning alerts, which I
> think is somewhat dangerous.
>

Unfortunately, while NOT RECOMMENDED, some servers do this. I do not think
we'll be able to retroactively declare warning alerts nonexistent in TLS
1.2 and earlier.
https://bugzilla.mozilla.org/show_bug.cgi?id=1296862

David


> -----Original Message-----
> From: Martin Thomson [mailto:martin.thomson@gmail.com]
> Sent: Sunday, October 16, 2016 5:53 AM
> To: Kyle Nekritz <knekritz@fb.com>
> Cc: tls@ietf.org
> Subject: Re: [TLS] Deprecating alert levels
>
> I'm sympathetic to this, but just to be clear...
>
> You are suggesting that end_of_early_data and close_notify will be marked
> "fatal".
>
> WFM.
>
> On 15 October 2016 at 08:07, Kyle Nekritz <knekritz@fb.com> wrote:
> > After PR #625 all alerts are required to be sent with fatal AlertLevel
> > except for close_notify, end_of_early_data, and user_canceled. Since
> > those three alerts all have separate specified behavior, the
> > AlertLevel field is not serving much purpose, other than providing
> > potential for misuse. We
> > (Facebook) currently receive a number of alerts at incorrect levels
> > from clients (internal_error warning alerts, etc.). I propose
> > deprecating this field to simplify implementations and require that any
> misuse be ignored.
> >
> >
> >
> > PR: https://github.com/tlswg/tls13-spec/pull/693
> >
> >
> >
> > Kyle
> >
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail
> > man_listinfo_tls&d=DQIBaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2
> > z7jPw&m=D6vgejwavMxoWSed2ANWwkecWIlc1MnHfgXfiejFS8Y&s=-fFwoxaS4TZXNkoZ
> > M04oEUCKz283dy6QYRuhlOK0mQo&e=
> >
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email