Re: [xmpp] #39: prohibition on TLS renegotiation
Peter Saint-Andre <stpeter@stpeter.im> Wed, 07 July 2010 18:33 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 64A563A68E6 for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 11:33:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6lcwqZL5Ayn for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 11:33:51 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 188553A68D6 for <xmpp@ietf.org>; Wed, 7 Jul 2010 11:33:38 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 781EE40E3C; Wed, 7 Jul 2010 12:33:31 -0600 (MDT)
Message-ID: <4C34C878.8000206@stpeter.im>
Date: Wed, 07 Jul 2010 12:33:28 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
References: <057.cd3487385f077266653b25eecf323b0d@tools.ietf.org> <4C27CFDC.4060701@stpeter.im> <87lj9re7r2.fsf@mocca.josefsson.org> <4C335537.6070605@stpeter.im> <4C335FB7.2030806@stpeter.im> <87630r9xks.fsf@mocca.josefsson.org> <12FEB9B4-C775-46F2-BC3A-F4737F165FD9@Isode.com> <87aaq38hdi.fsf@mocca.josefsson.org> <4C3498DE.4020709@stpeter.im> <59381091-C8D6-4DDD-A3C7-CA60F2137371@Isode.com>
In-Reply-To: <59381091-C8D6-4DDD-A3C7-CA60F2137371@Isode.com>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: xmpp@ietf.org
Subject: Re: [xmpp] #39: prohibition on TLS renegotiation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 18:33:57 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/7/10 11:54 AM, Kurt Zeilenga wrote: > > On Jul 7, 2010, at 8:10 AM, Peter Saint-Andre wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 7/7/10 9:02 AM, Simon Josefsson wrote: >>> Kurt Zeilenga <Kurt.Zeilenga@Isode.com> writes: >>> >>>> I personally wouldn't have a problem with just saying "SHOULD >>>> NOT do TLS renegotiation". That is, I don't see a particular >>>> need to detail how to implement a non-recommended capability. >>> >>> I also dislike going into details about non-recommended >>> approaches. I prefer MUST NOT over SHOULD NOT if we cannot think >>> up at least one use-case when the SHOULD NOT recommendation isn't >>> followed. Especially since if a use case appears for TLS >>> renegotiation, use of it (and what it means for XMPP) can be >>> described in a separate document. >> >> Further: do we have a use case *now*? If not, why leave the door >> open? > > One could argue that via the update specification approach, the door > is always open. > > I prefer the door to be a bit more open than that. That is, a SHOULD > NOT instead of MUST NOT. But it's not all that big of a deal. > > As far as use case, I simply note that personally prefer > authentication mechanisms which do not require me to expose user > information to a server which I have yet to authenticate. I prefer > this sufficiently to actually design and implement mechanisms which > allow me to authenticate the server before authenticating exposing > user information. I suspect I'm not the only person with this > preference. Sigh. I see your point. :) I think we're going to be stuck with something like this: ### 5.2.5. TLS Renegotiation The TLS protocol allows either party in a TLS-protected channel to initiate a new handshake that establishes new cryptographic parameters (see [TLS-NEG]). The cases most commonly mentioned are: 1. Refreshing encryption keys. 2. Wrapping the TLS sequence number as explained in Section 6.1 of [TLS]. 3. Protecting client credentials by completing server authentication first and then completing client authentication over the protected channel. Because it is relatively inexpensive to establish streams in XMPP, for the first two cases it is preferable to use an XMPP stream reset (as described under Section 4.7.3.15) instead of performing TLS renegotiation. The third case has improved security characteristics when the TLS client (which might be an XMPP server) presents credentials to the TLS server. If communicating such credentials to an unauthenticated server might leak private information, it can be appropriate to complete TLS negotiation for the purpose of server authentication and then attempt TLS renegotiation for the purpose of client authentication with the TLS server. However, the third case is sufficiently rare that XMPP entities SHOULD NOT blindly attempt TLS renegotiation. If an entity that does not support TLS renegotiation detects a renegotiation attempt, then it MUST immediately close the underlying TCP connection without returning a stream error (since the violation has occurred at the TLS layer, not the XMPP layer; see Section 13.3). If an entity that supports TLS renegotiation detects a TLS renegotiation attempt that does not use the TLS Renegotiation Extension [TLS-NEG], then it MUST immediately close the underlying TCP connection without returning a stream error (since the violation has occurred at the TLS layer, not the XMPP layer; see Section 13.3). Support for TLS renegotiation is strictly OPTIONAL. However, implementations that support TLS renegotiation MUST implement and use the TLS Renegotiation Extension [TLS-NEG]. ### If we're going to say it's OK to support TLS renegotiation then I think it's incumbent on us to describe what that means, thus the somewhat lengthy text. Can we put this to bed now? Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw0yHgACgkQNL8k5A2w/vwgmgCfYwjFlC4bK+j0NZWS2Y4uFq1w wDoAniTm6B2o/sTwnbXtAtag9S9o1xO9 =YqXd -----END PGP SIGNATURE-----
- [xmpp] #39: prohibition on TLS renegotiation xmpp issue tracker
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation xmpp issue tracker
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Simon Josefsson
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre
- Re: [xmpp] #39: prohibition on TLS renegotiation Ben Campbell
- Re: [xmpp] #39: prohibition on TLS renegotiation Kurt Zeilenga
- Re: [xmpp] #39: prohibition on TLS renegotiation Peter Saint-Andre