Re: [TLS] TLS state machine

To: "Stefan Santesson" <stefans at microsoft.com>, <Pasi.Eronen at nokia.com>, <tls at ietf.org>
Subject: Re: [TLS] TLS state machine
From: "tom.petch" <cfinss at dial.pipex.com>
Date: Fri, 23 Mar 2007 10:56:22 +0100
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <A15AC0FBACD3464E95961F7C0BCD1FF01EEDF5A8@EA-EXMSG-C307.europe.corp.microsoft.com><200703081752.SAA13445@uw1048.wdf.sap.corp><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF84A@EA-EXMSG-C307.europe.corp.microsoft.com><861wjyfnmp.fsf@delta.rtfm.com><A15AC0FBACD3464E95961F7C0BCD1FF01EEDF88A@EA-EXMSG-C307.europe.corp.microsoft.com><86fy8ee7g5.fsf@delta.rtfm.com><A15AC0FBACD3464E95961F7C0BCD1FF01EEDFC6F@EA-EXMSG-C307.europe.corp.microsoft.com><B356D8F434D20B40A8CEDAEC305A1F2403E92576@esebe105.NOE.Nokia.com><A15AC0FBACD3464E95961F7C0BCD1FF01EF5FEA6@EA-EXMSG-C307.europe.corp.microsoft.com><B356D8F434D20B40A8CEDAEC305A1F2403E92709@esebe105.NOE.Nokia.com><33F43BC3-4F76-48B1-9DC9-3B05C951C7BE@checkpoint.com><A15AC0FBACD3464E95961F7C0BCD1FF01EF60119@EA-EXMSG-C307.europe.corp.microsoft.com><B356D8F434D20B40A8CEDAEC305A1F2403ECA9AD@esebe105.NOE.Nokia.com> <A15AC0FBACD3464E95961F7C0BCD1FF01EF60221@EA-EXMSG-C307.europe.corp.microsoft.com>
Reply-to: "tom.petch" <cfinss at dial.pipex.com>

----- Original Message -----
From: "Stefan Santesson" <stefans at microsoft.com>
To: <Pasi.Eronen at nokia.com>; <tls at ietf.org>
Sent: Wednesday, March 21, 2007 7:35 PM
Subject: RE: [TLS] TLS state machine


Thank you Pasi,

Considering this being the TLS state machine, the TLS extension mechanism
clearly allows a change of the TLS state machine as it allows other handshake
messages to be inserted in this flow.

What are the criteria that distinguish a valid change to the TLS state machine
from an invalid (unsuitable) one?
Or is this totally subjective?

<tp>
Hang on a bit; no way is what Pasi provided a complete state machine.

As EKR has said many times, he regards the number of round trips as a key
component and, although this is not exactly obvious in TLS1.2, it is implicitly
Client->server
  client<-server
Client->server
  client<-server
and whether or not this is embodied in a state machine is a matter of
expression.  The key objection to this proposal I hear is of an increase in,
perhaps an unbounded increase in, the number of such round trips.

Tom Petch


Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: Pasi.Eronen at nokia.com [mailto:Pasi.Eronen at nokia.com]
> Sent: den 21 mars 2007 16:07
> To: Stefan Santesson; tls at ietf.org
> Subject: RE: [TLS] TLS state machine
>
>
> The state machine is (sort of implicitly) described in these two
> figures, copied from RFC 4346:
>
>       ClientHello                  -------->
>                                                       ServerHello
>                                                      Certificate*
>                                                ServerKeyExchange*
>                                               CertificateRequest*
>                                    <--------      ServerHelloDone
>       Certificate*
>       ClientKeyExchange
>       CertificateVerify*
>       [ChangeCipherSpec]
>       Finished                     -------->
>                                                [ChangeCipherSpec]
>                                    <--------             Finished
>       Application Data             <------->     Application Data
>
> And the session resumption case:
>
>       ClientHello                   -------->
>                                                        ServerHello
>                                                 [ChangeCipherSpec]
>                                     <--------             Finished
>       [ChangeCipherSpec]
>       Finished                      -------->
>       Application Data              <------->     Application Data
>
> I'm not sure if using a state machine description language would
> actually help understanding, but it could look something like this
> (server's initial state):
>
>   State: WAITING_FOR_CLIENT_HELLO
>   Event: ClientHello received
>     process the client hello
>     if (didn't work out)
>       send alert
>       next state: FAILED
>     else if (session being resumed)
>       send ServerHello, ChangeCipherSpec, Finished
>       next state: WAITING_FOR_CCS
>     else
>       send ServerHello [Certificate] [ServerKeyExchange]
>          [CertificateRequest] ServerHelloDone
>       next state: WAITING_FOR_CERT_OR_CLIENT_KEY_EXCHANGE
>   Event: anything else
>     maybe send alert
>     go to state FAILED
>
> (The TLS implementations I've taken a look at actually have code
> that resembles this.)
>
> Best regards,
> Pasi
>
> > -----Original Message-----
> > From: ext Stefan Santesson [mailto:stefans at microsoft.com]
> > Sent: 21 March, 2007 16:37
> > To: tls at ietf.org
> > Subject: [TLS] TLS state machine
> >
> > We have had lots of discussions around GSS-TLS ending in
> > arguments that this would do too many changes to the TLS
> > state machine.
> >
> > It would be a lot easier to hold that discussion
> > constructively if the TLS state machine was clearly
> > described. A search for the term "state machine" in current
> > TLS 1.2 returns empty. I can't find any other text that would
> > clearly resemble such description.
> >
> > Would it be possible to add an annex in TLS 1.2 describing
> > the TLS state machine?
> >
> > It would then be a lot easier to analyze and discuss the
> > impact of any changes caused by various usages of the TLS
> > extensibility mechanisms.
> >
> >
> > Stefan Santesson
> > Senior Program Manager
> > Windows Security, Standards

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Martin Rex
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: EKR
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Stefan Santesson
- RE: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Pasi.Eronen
- Re: [TLS] Review of draft-santesson-tls-gssapi-00
  - From: Yoav Nir
- [TLS] TLS state machine
  - From: Stefan Santesson
- RE: [TLS] TLS state machine
  - From: Pasi.Eronen
- RE: [TLS] TLS state machine
  - From: Stefan Santesson

Prev by Date: RE: [TLS] Re: Review of draft-santesson-tls-gssapi-00
Next by Date: [TLS] DTLS implementation
Previous by thread: Re: [TLS] TLS state machine
Next by thread: RE: [TLS] Review of draft-santesson-tls-gssapi-00
Index(es):
- Date
- Thread

Re: [TLS] TLS state machine

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.