[TLS] Comments on the cached-info draft
Stefan Santesson <stefan@aaa-sec.com> Wed, 07 November 2012 16:42 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F26BF21F8C69 for <tls@ietfa.amsl.com>; Wed, 7 Nov 2012 08:42:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.249
X-Spam-Level:
X-Spam-Status: No, score=-102.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id liPfFPp3LGnE for <tls@ietfa.amsl.com>; Wed, 7 Nov 2012 08:42:22 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.113]) by ietfa.amsl.com (Postfix) with ESMTP id C142321F8C41 for <tls@ietf.org>; Wed, 7 Nov 2012 08:42:19 -0800 (PST)
Received: from s87.loopia.se (localhost [127.0.0.1]) by s87.loopia.se (Postfix) with ESMTP id DDD29361C3 for <tls@ietf.org>; Wed, 7 Nov 2012 17:42:18 +0100 (CET)
X-Virus-Scanned: amavisd-new at outgoing-smtp.loopia.se
Received: from s87.loopia.se ([127.0.0.1]) by s87.loopia.se (s87.loopia.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id CI__Xliv3s4M for <tls@ietf.org>; Wed, 7 Nov 2012 17:42:18 +0100 (CET)
Received: from s331.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 683E955FC6 for <tls@ietf.org>; Wed, 7 Nov 2012 17:42:18 +0100 (CET)
Received: (qmail 32734 invoked from network); 7 Nov 2012 16:42:17 -0000
Received: from dhcp-170c.meeting.ietf.org (HELO [130.129.23.12]) (stefan@fiddler.nu@[130.129.23.12]) (envelope-sender <stefan@aaa-sec.com>) by s331.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <tls@ietf.org>; 7 Nov 2012 16:42:17 -0000
User-Agent: Microsoft-MacOutlook/14.2.4.120824
Date: Wed, 07 Nov 2012 11:42:19 -0400
From: Stefan Santesson <stefan@aaa-sec.com>
To: tls@ietf.org
Message-ID: <CCBFF439.533CB%stefan@aaa-sec.com>
Thread-Topic: Comments on the cached-info draft
In-Reply-To: <312F1D0E-0C86-439E-A854-ADBBA0D7D23A@gmx.net>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: [TLS] Comments on the cached-info draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2012 16:42:24 -0000
It was quite a while since I wrote the first version of this draft. Now that I bring it up to my attention I found a problem that I think should be fixed. After a close examination I'm convinced that the current spec breaks TLS. The current approach is to exchange support for cached-info in client and server hellos. This includes hashes for cached objects (clients) and confirmation of cached objects (server). In addition to this, this protocol allows the cached data in handshake messages to be swapped with cached object hashes. This is a violation of the syntax of these handshake messages. Take the Certificate handshake message for example. The spec suggest here to replace the certificate_list vector to be replaced with a vector of CachedObejct structured data. This breaks the syntax of this handshake message. A strict processing of the certificate_list vector will expect an ASN.1 encoded binary containing a sequence of certificates, not a vector of data objects according to the CachedObject structure. My first thought was that we actually need a new handshake message. However that is not helpful either. The TLS spec require the Certificate handshake message to be sent in case the chosen cipher suite demands it, so it MUST be sent. It can't be replaced by another handshake message. My current belief is that we simply should omit the cached data, and that each cachedInfo type need to defined how to omit cached data. In case of the certificate handshake message, the certificate list should be replaced with an empty sequence. There is actually no need to send the hash of the cached data in the handshake message. Not if the confirmation of the cached info is exchanged in the server hello. Sending the hash once more in the handshake message is then redundant. So I propose the following: 1) Clients send hashes of cached objects in client hello. 2) Server responds with one or zero hashes per cachedInfo type, that a) matches a cached object sent by the client b) will be omitted by the server in the corresponding handshake message. 3) How information is omitted from the handshake message is defined per cached info type. For the current defined 2 types this is: A) cached certificate cahins in Certificate: replace the sequence of certificates with an empty sequence. B) certificate_authorities in Certificate Request: Send an empty list of DistinguishedName 4) Clients will act as if the cached objects (confirmed in server hello) were sent in the handshake messages. 5) Everything else according to the current spec The proposed approach will somewhat limit the functionality of the current spec, but it ads value in simplicity. I can't imagine a valid use case that would not be covered by this change, but I might overlook something.
- Re: [TLS] Comments on the cached-info draft Martin Rex
- Re: [TLS] Comments on the cached-info draft Hannes Tschofenig
- [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Paul Hoffman
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Peter Sylvester
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Paul Wouters
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Peter Sylvester
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Hannes Tschofenig
- [TLS] Comments on the cached-info draft Stefan Santesson
- Re: [TLS] Comments on the cached-info draft Joseph Salowey (jsalowey)
- Re: [TLS] Comments on the cached-info draft Stefan Santesson
- Re: [TLS] Comments on the cached-info draft Piyush Jain
- Re: [TLS] Comments on the cached-info draft Joseph Salowey (jsalowey)
- Re: [TLS] Comments on the cached-info draft Joseph Salowey (jsalowey)
- Re: [TLS] Comments on the cached-info draft Piyush Jain
- Re: [TLS] Comments on the cached-info draft Piyush Jain
- Re: [TLS] Comments on the cached-info draft Joseph Salowey (jsalowey)
- Re: [TLS] Comments on the cached-info draft Piyush Jain
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Sean Turner
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Joseph Salowey (jsalowey)
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Sean Turner
- Re: [TLS] draft-ietf-tls-oob-pubkey-06 Sean Turner
- Re: [TLS] Comments on the cached-info draft Joseph Salowey (jsalowey)
- Re: [TLS] Comments on the cached-info draft Martin Rex
- Re: [TLS] Comments on the cached-info draft Piyush Jain