Re: [TLS] Lost last DTLS Flight

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] Lost last DTLS Flight
From: Michael Tüxen <Michael.Tuexen at lurchi.franken.de>
Date: Mon, 27 Oct 2008 19:05:31 +0100
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081027174050.616C150822 at romeo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <F94A1164-35FA-4A4A-8FE1-2EFB898FDC6D at fh-muenster.de> <20081027152419.7DA186E5086 at kilo.rtfm.com> <C065E2F1-0EEA-4D04-AE22-EBC0D13F96BC at lurchi.franken.de> <20081027174050.616C150822 at romeo.rtfm.com>
Sender: tls-bounces at ietf.org


On Oct 27, 2008, at 6:40 PM, Eric Rescorla wrote:

At Mon, 27 Oct 2008 18:00:34 +0100,
Michael Tüxen wrote:


On Oct 27, 2008, at 4:24 PM, Eric Rescorla wrote:

At Mon, 27 Oct 2008 12:07:59 +0100,
Robin Seggelmann wrote:

We're still working on DTLS for SCTP and stumbled over a problemwiththe last flights specified in RFC 4347. The server receivesflight 5

(Certificate, ..., ChangeCipherSpec, Finished) from the client,
changes its state to FINISHED and sends its ChangeCipherSpec and
Finished (Flight 6). What happens if this flight gets lost? The
server already is in the FINISHED state and as there also is no
acknowledgement, so it won't be retransmitted. Hence, the client
keeps waiting for the flight to arrive and the connection is most
likely to fail.


You're right, this is a bug in the state machine. Nice catch.

ISTM that the way this actually needs to work is that the serverneeds

to stay in WAITING until 2MSL has expired, in case it receives a
retransmitted Flight 5, in which case it retransmits Flight 6.

This means that the server will be in WAITING for approximately 30
seconds.
What happens when the receives application data during that time?
What happens if he want to transmit application during that time?
for example after the renegotiation?


There's no reason why it can't transmit or receive during this period,
though I agree we need to be sure the text says this.

Currently the text does not say anything about receiving application
data during the handshake. The OpenSSL library just discards them, as
far as I know...
So could we please add text about this?

The other point is:
Assume flight 6 is lost and the server sends data. What will the
client do with it, because it will use the new encryption data?
Normally it would use it only after it has received the messages from
flight 6 (ChangeCipherSpec and Finished. Should they be stored?

This might be a cornercase for UDP but it is *very* important for SCTP/DTLS

since the application data is not in sequence with the TLS messages
and therefore application data might be received before the flight 6

messages although the flight 6 messages are sent before theapplication data.

And DTLS/SCTP can not discard messages.



-Ekr


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Lost last DTLS Flight
  - From: Robin Seggelmann
- Re: [TLS] Lost last DTLS Flight
  - From: Eric Rescorla
- Re: [TLS] Lost last DTLS Flight
  - From: Michael Tüxen
- Re: [TLS] Lost last DTLS Flight
  - From: Eric Rescorla

Prev by Date: [TLS] TLS with openpgp keys
Next by Date: [TLS] Call for Agenda Items
Previous by thread: Re: [TLS] Lost last DTLS Flight
Next by thread: [TLS] TLS with openpgp keys
Index(es):
- Date
- Thread

Re: [TLS] Lost last DTLS Flight

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.