RE: [TLS] TLS state machine

To: <stefans at microsoft.com>, <tls at ietf.org>
Subject: RE: [TLS] TLS state machine
From: <Pasi.Eronen at nokia.com>
Date: Wed, 21 Mar 2007 17:07:18 +0200
Cc:
In-reply-to: <A15AC0FBACD3464E95961F7C0BCD1FF01EF60119@EA-EXMSG-C307.europe.corp.microsoft.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF5A8@EA-EXMSG-C307.europe.corp.microsoft.com><200703081752.SAA13445@uw1048.wdf.sap.corp><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF84A@EA-EXMSG-C307.europe.corp.microsoft.com><861wjyfnmp.fsf@delta.rtfm.com><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF88A@EA-EXMSG-C307.europe.corp.microsoft.com><86fy8ee7g5.fsf@delta.rtfm.com><A15AC0FBACD3464E95961F7C0BCD1FF01EEDFC6F@EA-EXMSG-C307.europe.corp.microsoft.com><B356D8F434D20B40A8CEDAEC305A1F2403E92576@esebe105.NOE.Nokia.com><A15AC0FBACD3464E95961F7C0BCD1FF01EF5FEA6@EA-EXMSG-C307.europe.corp.microsoft.com><B356D8F434D20B40A8CEDAEC305A1F2403E92709@esebe105.NOE.Nokia.com><33F43BC3-4F76-48B1-9DC9-3B05C951C7BE@checkpoint.com> <A15AC0FBACD3464E95961F7C0BCD1FF01EF60119@EA-EXMSG-C307.europe.corp.microsoft.com>
Thread-index: Acdrmne2RMU/t9AmTX6wMCdScj6wAQAKvL4AAADUQ8A=
Thread-topic: [TLS] TLS state machine

The state machine is (sort of implicitly) described in these two
figures, copied from RFC 4346:

      ClientHello                  -------->
                                                      ServerHello
                                                     Certificate*
                                               ServerKeyExchange*
                                              CertificateRequest*
                                   <--------      ServerHelloDone
      Certificate*
      ClientKeyExchange
      CertificateVerify*
      [ChangeCipherSpec]
      Finished                     -------->
                                               [ChangeCipherSpec]
                                   <--------             Finished
      Application Data             <------->     Application Data

And the session resumption case:

      ClientHello                   -------->
                                                       ServerHello
                                                [ChangeCipherSpec]
                                    <--------             Finished
      [ChangeCipherSpec]
      Finished                      -------->
      Application Data              <------->     Application Data

I'm not sure if using a state machine description language would
actually help understanding, but it could look something like this
(server's initial state):

  State: WAITING_FOR_CLIENT_HELLO 
  Event: ClientHello received
    process the client hello
    if (didn't work out)
      send alert
      next state: FAILED
    else if (session being resumed)  
      send ServerHello, ChangeCipherSpec, Finished
      next state: WAITING_FOR_CCS
    else
      send ServerHello [Certificate] [ServerKeyExchange] 
         [CertificateRequest] ServerHelloDone
      next state: WAITING_FOR_CERT_OR_CLIENT_KEY_EXCHANGE
  Event: anything else
    maybe send alert
    go to state FAILED

(The TLS implementations I've taken a look at actually have code
that resembles this.)

Best regards,
Pasi 

> -----Original Message-----
> From: ext Stefan Santesson [mailto:stefans at microsoft.com] 
> Sent: 21 March, 2007 16:37
> To: tls at ietf.org
> Subject: [TLS] TLS state machine
> 
> We have had lots of discussions around GSS-TLS ending in 
> arguments that this would do too many changes to the TLS 
> state machine.
> 
> It would be a lot easier to hold that discussion 
> constructively if the TLS state machine was clearly 
> described. A search for the term "state machine" in current 
> TLS 1.2 returns empty. I can't find any other text that would 
> clearly resemble such description.
> 
> Would it be possible to add an annex in TLS 1.2 describing 
> the TLS state machine?
> 
> It would then be a lot easier to analyze and discuss the 
> impact of any changes caused by various usages of the TLS 
> extensibility mechanisms.
> 
> 
> Stefan Santesson
> Senior Program Manager
> Windows Security, Standards

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] TLS state machine
  - From: Stefan Santesson

References:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Martin Rex
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Yoav Nir
- [TLS] TLS state machine
  - From: Stefan Santesson

Prev by Date: [TLS] TLS state machine
Next by Date: RE: [TLS] Review of draft-santesson-tls-gssapi-00
Previous by thread: [TLS] TLS state machine
Next by thread: RE: [TLS] TLS state machine
Index(es):
- Date
- Thread

RE: [TLS] TLS state machine

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.