[TLS] Volunteers to Alpha Test Wireshark Dissector for (D)TLS1.3
<nalini.elkins@insidethestack.com> Tue, 10 May 2016 16:01 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D31712D52A for <tls@ietfa.amsl.com>; Tue, 10 May 2016 09:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yj2CXFFVDsAH for <tls@ietfa.amsl.com>; Tue, 10 May 2016 09:00:59 -0700 (PDT)
Received: from nm27-vm2.bullet.mail.ne1.yahoo.com (nm27-vm2.bullet.mail.ne1.yahoo.com [98.138.91.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EEB912D4FD for <tls@ietf.org>; Tue, 10 May 2016 09:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1462896028; bh=yuLjKSWmnEB3CiysM6u2Q21AILcZv2+eplrf2YvnT58=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=HtR/hmYhftlTqyY6IKHTSajHOPicD0mjm5UBsGOhHrmIpuYOLiszFmMFihX58n1AX5pAq1bxnp+/Qg5fnnvTa4dfJkpdatkrjxcM+eqs/4bEm7Vk8MKHNOTfhGlps6yw8J8B2f+2zZaYfG9vvwsgjjlvqC7m4uCzHog1PXKTGUfyDfWTcecJ4XRFjJxPG1o1PK3/MxP0Q4FlzFeUuRzZP4jXq/HXS/JaVif7uGlwdiE4aNiIkDuDcNdG1VGwv56gQ09X/pZLzSN9ocDWJjEdsNBIwSULUhzqeWRKQIO6pgZ6mVN1tb1ffwcQ+juZEumpI1lqEpikvjjRkEtZOpvslw==
Received: from [98.138.100.115] by nm27.bullet.mail.ne1.yahoo.com with NNFMP; 10 May 2016 16:00:28 -0000
Received: from [98.138.87.8] by tm106.bullet.mail.ne1.yahoo.com with NNFMP; 10 May 2016 16:00:28 -0000
Received: from [127.0.0.1] by omp1008.mail.ne1.yahoo.com with NNFMP; 10 May 2016 16:00:28 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 87857.60407.bm@omp1008.mail.ne1.yahoo.com
X-YMail-OSG: 6CpocEUVM1mAMMRX3.b7b5l37tmcFNscrb_pZ_vCX9diFS8FtYICGeWMkRtFKp2 dZd7u5y_nkTHLhlaDFABlq6H33uK91Nr5h0plOOub.1_nc5SSC2iK5e1E5d_ZapzmoJbcsjOvigh qB0eLJYAanwlaJzrqe5gORGPGkwulUN_qMafsoKaY4ypv6H_82XYlgbXgzzAYOfBH4UYOgxSeWdD IWA5z8ZhaaV_pXscHLbv3TX0D4uj6_oWS8e48YagGraNF1_Gn5aXTz3AD2ETLk3RDqHB1f8JT8.y KpZFCaTY65bUBslWrMibz.NELxhitDwvrjFUsnbHT6ncYAlwwOgImB_M4akzLFkMnqQzxk6WaXQU Z7CY603sURHVtanhCWIVGHu3COBs6b8V80huyGhqSNXtBOk3FOMvMTCnIJfionNCH6WHx1h_u_TA 6Bjk6YEVAJ_F0sZIA_Nr7x5om29w2ac9xfEpK66XtNqAN_wacjL6Iq.9MWFvnSv4zrSTbjLIY2ER 9imDk80lxCSidGfSE9P64T3oM_.wecMbKBplGNjw9I6LA3kMOKReH3IBYg8Yb2fmvUrXUTiU-
Received: from jws10036.mail.ne1.yahoo.com by sendmailws162.mail.ne1.yahoo.com; Tue, 10 May 2016 16:00:27 +0000; 1462896027.620
Date: Tue, 10 May 2016 16:00:27 +0000
From: nalini.elkins@insidethestack.com
To: Tls <tls@ietf.org>
Message-ID: <886089111.1623873.1462896027238.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <1459732673.1664099.1462895921403.JavaMail.yahoo@mail.yahoo.com>
References: <1459732673.1664099.1462895921403.JavaMail.yahoo.ref@mail.yahoo.com> <1459732673.1664099.1462895921403.JavaMail.yahoo@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1623872_593345573.1462896027235"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xJCmHRHT6ho_i1Yv1s0OiaCBjbk>
Cc: Martin Thomson <mt@mozilla.com>, Christian O'Flaherty <oflaherty@isoc.org>
Subject: [TLS] Volunteers to Alpha Test Wireshark Dissector for (D)TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: nalini.elkins@insidethestack.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 16:01:01 -0000
All, I have modified the Wireshark dissectors for TLS and DTLS to recognize and parse a fair amount of (D)TLS1.3 traffic. I took a debug trace that Martin Thomson gave me with (D)TLS1.3 payload data only & created PCAP traces with fake IP and TCP/UDP headers so that I could have something to dissect. I think I am ready for some other people to look at this, if they would like to next week. Would love to have you guys let me know what you think of the decoding & if anything should be changed. Also, if anyone else has PCAP files with (D)TLS1.3, that will be wonderful. I have only two trace files! Down the road, I would like to have quite a few that are set up. If you even have debug output with payload, I can use that. But, it has to be what actually is sent on the wire. (Pls let me know if questions.) We have set up a server that we will make available to the entire TLS group once the bugs are shaken out. We will put the various traces on that server so that people can see actual packet traffic. We will also modify the dissectors as needed as the spec finalizes. What I have done for both TLS and DTLS: - Client Hello should be good (including Random bytes decoding) - Server Hello should be good (including Random bytes decoding) - New Key Share extension added - New PSK extension added- New Version Negotiation extension added- New cipher suites added - New alert types added What is left to be done: - Bug Martin found in TLS1.2 and before for Server Key Share - I think there may be some problems with some DTLS packets. Could use some help in figuring out exactly what. Please let me know unicast if you would like to help. I am thinking 3 or 4 people will be good. The Alpha testing will start Wed. May 18th. Please let me know if you want some screen shots of a TLS1.3 Client Hello / Server Hello. I am not able to attach to email. Thanks, Nalini Elkins Inside Products, Inc. www.insidethestack.com (831) 659-8360
- [TLS] Volunteers to Alpha Test Wireshark Dissecto… nalini.elkins