| < draft-agl-tls-padding-02.txt | draft-agl-tls-padding-03.txt > | |||
|---|---|---|---|---|
| Network Working Group A. Langley | Network Working Group A. Langley | |||
| Internet-Draft Google Inc | Internet-Draft Google Inc | |||
| Expires: May 5, 2014 Nov 2013 | Expires: July 5, 2014 Jan 2014 | |||
| A TLS padding extension | A TLS padding extension | |||
| draft-agl-tls-padding-02 | draft-agl-tls-padding-03 | |||
| Abstract | Abstract | |||
| This memo describes the a TLS extension that can be used to pad | This memo describes the a TLS extension that can be used to pad | |||
| ClientHello messages to a desired size. | ClientHello messages to a desired size. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 30 ¶ | skipping to change at page 1, line 30 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 5, 2014. | This Internet-Draft will expire on July 5, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 4 | 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Padding Extension . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Padding Extension . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Example usage . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Example usage . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . . 9 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 8. Normative References . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 | ||||
| 1. Introduction | 1. Introduction | |||
| Successive TLS [RFC5246] versions have added support for more cipher | Successive TLS [RFC5246] versions have added support for more cipher | |||
| suites and, over time, more TLS extensions have been defined. This | suites and, over time, more TLS extensions have been defined. This | |||
| has caused the size of the TLS ClientHello to grow and the additional | has caused the size of the TLS ClientHello to grow and the additional | |||
| size has caused some implementation bugs to come to light. At least | size has caused some implementation bugs to come to light. At least | |||
| one of these implementation bugs can be ameliorated by making the | one of these implementation bugs can be ameliorated by making the | |||
| ClientHello even larger. | ClientHello even larger. | |||
| skipping to change at page 5, line 7 ¶ | skipping to change at page 5, line 7 ¶ | |||
| caused by certain ClientHello sizes. | caused by certain ClientHello sizes. | |||
| 2. Requirements Notation | 2. Requirements Notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| 3. Padding Extension | 3. Padding Extension | |||
| A new extension type (""padding(TBD)"") is defined and MAY be | A new extension type ("padding(TBD)") is defined and MAY be included | |||
| included by the client in its ClientHello message. | by the client in its ClientHello message. | |||
| enum { | enum { | |||
| padding(TBD), (65535) | padding(TBD), (65535) | |||
| } ExtensionType | } ExtensionType; | |||
| The "extension_data" for the extension consists of an arbitary number | ||||
| of zero bytes. For example, the smallest "padding" extension is four | ||||
| bytes long and is encoded as TBD TBD 00 00. (TBR values to be filled | ||||
| in once an ExtensionType has been assigned.) A ten byte extension | ||||
| would include 6 bytes of "extension_data" and would be encoded as: | ||||
| xx xx 00 06 00 00 00 00 00 00 | ||||
| |---| |---| |---------------| | ||||
| | | | | ||||
| | | \- extension_data: 6 zero bytes | ||||
| | | | ||||
| | \------------- 16-bit, extension_data length | ||||
| | | ||||
| \------------------- extension_type for padding extension | ||||
| The client MUST fill the padding extension completely with zero | The client MUST fill the padding extension completely with zero | |||
| bytes, although the padding extension may be empty. | bytes, although the padding extension may be empty. | |||
| The server MUST NOT echo the extension. | The server MUST NOT echo the extension. | |||
| 4. Example usage | 4. Example usage | |||
| As an example, consider a client that wishes to avoid sending a | As an example, consider a client that wishes to avoid sending a | |||
| ClientHello with a record size between 256 and 511 bytes (inclusive). | ClientHello with a record size between 256 and 511 bytes (inclusive). | |||
| This case is considered because at least one TLS implementation is | This case is considered because at least one TLS implementation is | |||
| known to hang the connection when such a ClientHello record is | known to hang the connection when such a ClientHello record is | |||
| received. | received. | |||
| After building a ClientHello as normal, the client can add four to | After building a ClientHello as normal, the client can add four to | |||
| the length (to account for the handshake protocol overhead) and test | the length (to account for the "msg_type" and "length" fields of the | |||
| whether the resulting length falls into that range. If it does, a | handshake protocol) and test whether the resulting length falls into | |||
| padding extension can be added in order to push the length to (at | that range. If it does, a padding extension can be added in order to | |||
| least) 512 bytes. | push the length to (at least) 512 bytes. | |||
| Note that if the original ClientHello size was between 505 and 508 | Note that if the original ClientHello size was between 505 and 507 | |||
| bytes then, with the handshake overhead, the record would be between | bytes then, with the handshake protocol overhead, the record would be | |||
| 509 and 511 bytes long. Since it's not possible for an extension to | between 509 and 511 bytes long. Since it's not possible for an | |||
| take less than four bytes of space, the additional padding would have | extension to take less than four bytes of space, the additional | |||
| to expand the ClientHello record past 512 bytes in these cases. | padding would have to expand the ClientHello record past 512 bytes in | |||
| these cases. | ||||
| 5. Security Considerations | 5. Security Considerations | |||
| The contents of the padding extension could be used as a side- | The contents of the padding extension could be used as a covert | |||
| channel. In order to prevent this, the contents are required to be | channel. In order to prevent this, the contents are required to be | |||
| all zeros, although the length of the extension can still be used as | all zeros, although the length of the extension can still be used as | |||
| a much smaller side-channel. Servers MAY verify that the extension | a much smaller covert channel. Servers MAY verify that the extension | |||
| is either empty or contains only zero bytes, in order to enforce | is either empty or contains only zero bytes, in order to enforce | |||
| this. | this. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| IANA is requested to assign an extension value for the padding | IANA is requested to assign an extension value for the padding | |||
| extension from its ExtensionType registry. | extension from its ExtensionType registry. | |||
| 7. Normative References | 7. Acknowledgements | |||
| The author gratefully acknowledges the contributions of Wan-Teh | ||||
| Chang. Also the suggestions of Eric Rescorla. | ||||
| 8. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, August 2008. | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | |||
| Author's Address | Author's Address | |||
| Adam Langley | Adam Langley | |||
| End of changes. 12 change blocks. | ||||
| 21 lines changed or deleted | 43 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||