RE: [TLS] TLS state machine

[Stefan Santesson <stefans at microsoft.com>]

Thank you Pasi,

Considering this being the TLS state machine, the TLS extension mechanism clearly allows a change of the TLS state machine as it allows other handshake messages to be inserted in this flow.

What are the criteria that distinguish a valid change to the TLS state machine from an invalid (unsuitable) one?
Or is this totally subjective?


Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: Pasi.Eronen at nokia.com [mailto:Pasi.Eronen at nokia.com]
> Sent: den 21 mars 2007 16:07
> To: Stefan Santesson; tls at ietf.org
> Subject: RE: [TLS] TLS state machine
>
>
> The state machine is (sort of implicitly) described in these two
> figures, copied from RFC 4346:
>
>       ClientHello                  -------->
>                                                       ServerHello
>                                                      Certificate*
>                                                ServerKeyExchange*
>                                               CertificateRequest*
>                                    <--------      ServerHelloDone
>       Certificate*
>       ClientKeyExchange
>       CertificateVerify*
>       [ChangeCipherSpec]
>       Finished                     -------->
>                                                [ChangeCipherSpec]
>                                    <--------             Finished
>       Application Data             <------->     Application Data
>
> And the session resumption case:
>
>       ClientHello                   -------->
>                                                        ServerHello
>                                                 [ChangeCipherSpec]
>                                     <--------             Finished
>       [ChangeCipherSpec]
>       Finished                      -------->
>       Application Data              <------->     Application Data
>
> I'm not sure if using a state machine description language would
> actually help understanding, but it could look something like this
> (server's initial state):
>
>   State: WAITING_FOR_CLIENT_HELLO
>   Event: ClientHello received
>     process the client hello
>     if (didn't work out)
>       send alert
>       next state: FAILED
>     else if (session being resumed)
>       send ServerHello, ChangeCipherSpec, Finished
>       next state: WAITING_FOR_CCS
>     else
>       send ServerHello [Certificate] [ServerKeyExchange]
>          [CertificateRequest] ServerHelloDone
>       next state: WAITING_FOR_CERT_OR_CLIENT_KEY_EXCHANGE
>   Event: anything else
>     maybe send alert
>     go to state FAILED
>
> (The TLS implementations I've taken a look at actually have code
> that resembles this.)
>
> Best regards,
> Pasi
>
> > -----Original Message-----
> > From: ext Stefan Santesson [mailto:stefans at microsoft.com]
> > Sent: 21 March, 2007 16:37
> > To: tls at ietf.org
> > Subject: [TLS] TLS state machine
> >
> > We have had lots of discussions around GSS-TLS ending in
> > arguments that this would do too many changes to the TLS
> > state machine.
> >
> > It would be a lot easier to hold that discussion
> > constructively if the TLS state machine was clearly
> > described. A search for the term "state machine" in current
> > TLS 1.2 returns empty. I can't find any other text that would
> > clearly resemble such description.
> >
> > Would it be possible to add an annex in TLS 1.2 describing
> > the TLS state machine?
> >
> > It would then be a lot easier to analyze and discuss the
> > impact of any changes caused by various usages of the TLS
> > extensibility mechanisms.
> >
> >
> > Stefan Santesson
> > Senior Program Manager
> > Windows Security, Standards

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls