Re: [xmpp] #39: prohibition on TLS renegotiation
Peter Saint-Andre <stpeter@stpeter.im> Tue, 06 July 2010 19:04 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 450DB3A692C for <xmpp@core3.amsl.com>; Tue, 6 Jul 2010 12:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level:
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[AWL=-0.400, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31LXsbRXKnQu for <xmpp@core3.amsl.com>; Tue, 6 Jul 2010 12:04:38 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 18B673A69A4 for <xmpp@ietf.org>; Tue, 6 Jul 2010 12:04:38 -0700 (PDT)
Received: from dhcp-64-101-72-121.cisco.com (dhcp-64-101-72-121.cisco.com [64.101.72.121]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 2A94740E38 for <xmpp@ietf.org>; Tue, 6 Jul 2010 13:04:38 -0600 (MDT)
Message-ID: <4C337E42.20108@stpeter.im>
Date: Tue, 06 Jul 2010 13:04:34 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: xmpp@ietf.org
References: <057.cd3487385f077266653b25eecf323b0d@tools.ietf.org> <4C27CFDC.4060701@stpeter.im> <87lj9re7r2.fsf@mocca.josefsson.org> <4C335537.6070605@stpeter.im> <4C335FB7.2030806@stpeter.im> <22EA9DD4-9326-4347-AA6D-351ECAB664BD@Isode.com>
In-Reply-To: <22EA9DD4-9326-4347-AA6D-351ECAB664BD@Isode.com>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms040604030606090501000902"
Subject: Re: [xmpp] #39: prohibition on TLS renegotiation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 19:04:39 -0000
On 7/6/10 12:31 PM, Kurt Zeilenga wrote: > > On Jul 6, 2010, at 9:54 AM, Peter Saint-Andre wrote: > >> >> 5.2.5. Renegotiation >> >> XMPP entities MUST NOT attempt TLS renegotiation, and if either >> party to a TLS-protected stream detects a TLS renegotiation attempt >> it MUST immediately close the underlying TCP connection without >> returning a stream error (since the violation has occurred at the >> TLS layer, not the XMPP layer; see Section 13.3). >> >> Security Note: There are some rare cases in which TLS renegotiation >> might be justified, such as (1) refreshing encryption keys, (2) >> wrapping the TLS sequence number as explained in [TLS], and (3) >> protecting client credentials by completing server authentication >> first and then completing client authentication over the protected >> channel. In the first two cases it is preferable to use an XMPP >> stream reset instead of performing TLS renegotiation. The third >> case has slightly improved security characteristics when the TLS >> client (which might be an XMPP server) presents credentials to the >> TLS server, however that slight benefit is outweighed by the >> complexity of requiring implementations to support TLS >> renegotiation. >> >> ### > > I think MUST NOT here is too strong. I would rather say that while > XMPP entities generally SHOULD NOT attempt TLS renegotiation, when > they do, they MUST implement and make use of the TLS Renegotiation > Extension [RFC5746]. Additionally, it would be good to note that no > entity is required to support TLS renegotiation. > > That is, while it reasonable not to require entities implement TLS > Renegotiation, it not reasonable in my opinion to preclude those who > find value in TLS Renegotiation from using the TLS Renegotiation > Extension with peers who implement it. I'd be amenable to that. Basically: support for renegotiation is strictly optional, and you really shouldn't use it unless you know what you're doing. Here is adjusted text: ### 5.2.5. Renegotiation The TLS protocol allows either party in a TLS-protected channel to initiate a new handshake that establishes new cryptographic parameters. There are some rare cases in which such a TLS renegotiation might be justified, including (1) refreshing encryption keys, (2) wrapping the TLS sequence number as explained in Section 6.1 of [TLS], and (3) protecting client credentials by completing server authentication first and then completing client authentication over the protected channel. In XMPP, for the first two cases it is preferable to use an XMPP stream reset (as described under Section 4.6.3.15) instead of performing TLS renegotiation. The third case has slightly improved security characteristics when the TLS client (which might be an XMPP server) presents credentials to the TLS server, however that slight benefit is in general outweighed by the complexity of supporting TLS renegotiation. Therefore: 1. Support for TLS renegotiation by XMPP implementations is strictly OPTIONAL. 2. If an XMPP implementation supports TLS renegotiation, it MUST implement and make use of the TLS Renegotiation Extension defined in [TLS-NEG]. 3. XMPP entities SHOULD NOT attempt TLS renegotiation. 4. If a party that does not support TLS renegotiation detects a TLS renegotiation attempt, it SHOULD immediately close the underlying TCP connection without returning a stream error (since the violation has occurred at the TLS layer, not the XMPP layer; see Section 13.3). ###
- [xmpp] #39: prohibition on TLS renegotiation xmpp issue tracker
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation xmpp issue tracker
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Ben Campbell
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre