idnits 2.17.1 draft-ietf-tls-padding-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC5246, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC5246, updated by this document, for RFC5378 checks: 2006-03-02) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Sept 2015) is 3420 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Langley 3 Internet-Draft Google Inc 4 Updates: 5246 (if approved) Sept 2015 5 Intended status: Standards Track 6 Expires: March 11, 2016 8 A TLS ClientHello padding extension 9 draft-ietf-tls-padding-04 11 Abstract 13 This memo describes a TLS extension that can be used to pad 14 ClientHello messages to a desired size. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on March 11, 2016. 33 Copyright Notice 35 Copyright (c) 2015 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 2 52 3. Padding Extension . . . . . . . . . . . . . . . . . . . . . . 2 53 4. Example usage . . . . . . . . . . . . . . . . . . . . . . . . 3 54 5. Security Considerations . . . . . . . . . . . . . . . . . . . 3 55 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 56 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 57 8. Normative References . . . . . . . . . . . . . . . . . . . . 4 58 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 60 1. Introduction 62 Successive TLS [RFC5246] versions have added support for more cipher 63 suites and, over time, more TLS extensions have been defined. This 64 has caused the size of the TLS ClientHello to grow and the additional 65 size has caused some implementation bugs to come to light. At least 66 one of these implementation bugs can be ameliorated by making the 67 ClientHello even larger. This is desirable given that fully 68 comprehensive patching of affected implementations is difficult to 69 achieve. 71 This memo describes a TLS extension that can be used to pad a 72 ClientHello to a desired size in order to avoid implementation bugs 73 caused by certain ClientHello sizes. 75 2. Requirements Notation 77 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 78 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 79 document are to be interpreted as described in RFC 2119 [RFC2119]. 81 3. Padding Extension 83 A new extension type ("padding(21)") is defined and MAY be included 84 by the client in its ClientHello message. 86 enum { 87 padding(21), (65535) 88 } ExtensionType; 90 The "extension_data" for the extension consists of an arbitrary 91 number of zero bytes. For example, the smallest "padding" extension 92 is four bytes long and is encoded as 0x00 0x15 0x00 0x00. A ten byte 93 extension would include 6 bytes of "extension_data" and would be 94 encoded as: 96 00 15 00 06 00 00 00 00 00 00 97 |---| |---| |---------------| 98 | | | 99 | | \- extension_data: 6 zero bytes 100 | | 101 | \------------- 16-bit, extension_data length 102 | 103 \------------------- extension_type for padding extension 105 The client MUST fill the padding extension completely with zero 106 bytes, although the padding extension_data field may be empty. 108 The server MUST NOT echo the extension. 110 4. Example usage 112 As an example, consider a client that wishes to avoid sending a 113 ClientHello with a record size between 256 and 511 bytes (inclusive). 114 This case is considered because at least one TLS implementation is 115 known to hang the connection when such a ClientHello record is 116 received. 118 After building a ClientHello as normal, the client can add four to 119 the length (to account for the "msg_type" and "length" fields of the 120 handshake protocol) and test whether the resulting length falls into 121 that range. If it does, a padding extension can be added in order to 122 push the length to (at least) 512 bytes. 124 Note that if the original ClientHello size was between 505 and 507 125 bytes then, with the handshake protocol overhead, the record would be 126 between 509 and 511 bytes long. Since it's not possible for an 127 extension to take less than four bytes of space, the additional 128 padding would have to expand the ClientHello record past 512 bytes in 129 these cases. 131 5. Security Considerations 133 The contents of the padding extension could be used as a covert 134 channel. In order to prevent this, the contents are required to be 135 all zeros, although the length of the extension can still be used as 136 a much smaller covert channel. 138 6. IANA Considerations 140 RFC EDITOR: Please delete this section prior to publication. 142 An early code-point assignment (21) was made for this draft in the 143 registry of TLS ExtensionType values. IANA is requested to 144 permanently assign this code-point. 146 7. Acknowledgements 148 The author gratefully acknowledges the contributions of Wan-Teh Chang 149 and the suggestions of Eric Rescorla. 151 8. Normative References 153 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 154 Requirement Levels", BCP 14, RFC 2119, 155 DOI 10.17487/RFC2119, March 1997, 156 . 158 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 159 (TLS) Protocol Version 1.2", RFC 5246, 160 DOI 10.17487/RFC5246, August 2008, 161 . 163 Author's Address 165 Adam Langley 166 Google Inc 168 Email: agl@google.com