Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt
Hubert Kario <hkario@redhat.com> Thu, 03 October 2019 11:55 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE52120232 for <tls@ietfa.amsl.com>; Thu, 3 Oct 2019 04:55:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUEA5pvmE9yW for <tls@ietfa.amsl.com>; Thu, 3 Oct 2019 04:55:21 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77D6C12011A for <tls@ietf.org>; Thu, 3 Oct 2019 04:55:21 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4E5888125C; Thu, 3 Oct 2019 11:55:20 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.184]) by smtp.corp.redhat.com (Postfix) with ESMTP id 625146013A; Thu, 3 Oct 2019 11:55:19 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <tls@ietf.org>
Date: Thu, 03 Oct 2019 13:55:10 +0200
Message-ID: <2328460.Fs94otCilB@pintsize.usersys.redhat.com>
In-Reply-To: <CADZyTkm-MRF_ucy-_crC5SeTYZ9=VdPuF+TL5fLkU1gbb=7rfQ@mail.gmail.com>
References: <156962803631.24993.3421537129925787732@ietfa.amsl.com> <350020eb-c43b-4941-93e9-06ea9a0cacc3@www.fastmail.com> <CADZyTkm-MRF_ucy-_crC5SeTYZ9=VdPuF+TL5fLkU1gbb=7rfQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2255254.vObBVBeLRa"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 03 Oct 2019 11:55:20 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xcsv8v2iAaclxmaM80HGwKAYGaE>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 11:55:26 -0000
On Wednesday, 2 October 2019 22:42:32 CEST Daniel Migault wrote: > I understand the meaning of count is the higher limit of ticket and the > server can provides any tickets between 0 and count. If that is correct, > this could be clearly stated and indication to chose an appropriated value > for each cases may be provided. > > I would rather see the count value as a hard line from the server with a > MUST NOT instead of a SHOULD NOT statement. see my previous comments: this ignores existence of post handshake authentication, ticket lifetimes and KeyUpdate > The ability to request 255 tickets with one byte can be seen as an > amplification vector, especially when a server sends directly the tickets > after its Finished message. I believe that additional text in the security > consideration could be added. true > Yours, > Daniel > > On Tue, Oct 1, 2019 at 1:27 PM Christopher Wood <caw@heapingbits.net> wrote: > > On Tue, Oct 1, 2019, at 9:15 AM, Hubert Kario wrote: > > > On Tuesday, 1 October 2019 16:01:32 CEST Christopher Wood wrote: > > > > On Tue, Oct 1, 2019, at 5:18 AM, Hubert Kario wrote: > > > > > > > ``` > > > > > > > Servers MUST NOT send more than 255 tickets to clients. > > > > > > > ``` > > > > > > > > > > > > > > per what? session? at a time? connection? > > > > > > > > > > > > This is all per session. We can state it explicitly in the next > > > > version. > > > > > > > so this count needs to be kept as part of session and impacts > > > > connections > > > > > > > that perform resumption? > > > > > > > > Sorry, I meant connection: > > > > "Clients may indicate to servers their desired number of tickets > > > > for *a > > > > > > single connection* via the following "ticket_request" extension" > > > > > > > > This is a simple hint for servers. Nothing more. No state needs to be > > > > stored > > > > > > past connection establishment. > > > > > > sounds good > > > > > > > > > > what's the expected behaviour with tickets and post-handshake > > > > > > > authentication? Are tickets sent after PHA also bound by this > > > > limit? > > > > > > > > As mentioned earlier, there is no effect, so we left it out. We're > > > > happy > > > > > > > > to > > > > > > accept text should you think it's needed. > > > > > > > > > > If the I-D states that servers should not send more tickets than the > > > > > client > > > > > asked for, and then send exactly that amount, then they won't be > > > > able to > > > > > > > send new tickets after PHA and remain compliant. > > > > > > > > > > Yes, it's completely up to the server to decide if to send tickets > > > > after > > > > > > > PHA or not, and I'm not suggesting that the client should request > > > > > for > > > > > tickets in one of its PHA messages, much less expect or require > > > > them, but > > > > > > > sending tickets after PHA is reasonable and explicitly stated > > > > behaviour: > > > > > RFC 8446 Section 4.6.1: > > > > > For instance, the server might send a new > > > > > ticket after post-handshake authentication in order to > > > > > encapsulate > > > > > the additional client authentication state. > > > > > > > > > > so the I-D should explicitly state what's the expected behaviour in > > > > that > > > > > > > case. > > > > > > > > > > IMHO, the extension should be used for the tickets sent right after > > > > the > > > > > > > handshake, it should not put an upper bound for the tickets that a > > > > server > > > > > > > can send in a single connection. For a very long lived connection > > > > > (especially if the connection uses KeyUpdate messages regularly), > > > > > the > > > > > initial tickets may expire. Server may notice that and send a new > > > > group > > > > > > > of tickets then. > > > > > > > > Since these hints are not mandatory to honor I don't think we need to > > > > describe this case. In particular, this is a valid case where ignoring > > > > the > > > > > > SHOULD is fine, in my opinion. > > > > > > > > If the draft required that servers MUST NOT send more tickets than > > > > what's > > > > > > requested, then yes, I think these details would be important. > > > > > > huh? I see the following in the draft-02: > > > Servers MUST NOT > > > send more than 255 tickets to clients. > > > > I was referring to the "SHOULD NOT send more than > > TicketRequestContents.count NewSessionTicket messages" blurb. Indeed, the > > MUST NOT above should also be a SHOULD NOT. Thanks for your patience in > > working through the kinks! > > > > > -- > > > Regards, > > > Hubert Kario > > > Senior Quality Engineer, QE BaseOS Security team > > > Web: www.cz.redhat.com > > > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic > > > Attachments: > > > * signature.asc > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] I-D Action: draft-ietf-tls-ticketrequests-0… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Jeremy Harris
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Nico Williams
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Rob Sayre
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Rob Sayre
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Robert Relyea
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Hubert Kario
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Martin Thomson
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Martin Thomson
- Re: [TLS] I-D Action: draft-ietf-tls-ticketreques… Viktor Dukhovni