[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] ServerHello extensions
From:       R du Toit <r () nerd ! ninja>
Date:       2018-01-18 22:06:59
Message-ID: D35AD71E-5FEE-470F-BD57-3FC84769E612 () nerd ! ninja
[Download RAW message or body]

https://github.com/tlswg/tls13-spec/pull/1143

 

 

From: Eric Rescorla <ekr@rtfm.com>
Date: Thursday, January 18, 2018 at 1:25 PM
To: R du Toit <r@nerd.ninja>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] ServerHello extensions

 

Thanks. These are good points. I would welcome a PR.

 

On Thu, Jan 18, 2018 at 10:21 AM, R du Toit <r@nerd.ninja> wrote:

Issue#1: Section "4.1.3 Server Hello" currently states:

extensions   A list of extensions. The ServerHello MUST only include extensions which \
are required to establish the cryptographic context. Currently the only such \
extensions are "key_share" and "pre_shared_key". All current TLS 1.3 ServerHello \
messages will contain one of these two extensions, or both when using a PSK with \
(EC)DHE key establishment. The remaining extensions are sent separately in the \
EncryptedExtensions message.

 

"supported_versions" should be added to the list of required extensions for a session \
that negotiates TLS 1.3.

 

 

Issue#2: Section "4.1.4 Hello Retry Request" currently states:

Upon receiving the ServerHello, clients MUST check that the cipher suite supplied in \
the ServerHello is the same as that in the HelloRetryRequest and otherwise abort the \
handshake with an "illegal_parameter" alert.

 

There is no rule about checking that SH.supported_versions.selected_version matches \
HRR.supported_versions.selected_version.   I am currently adding draft 23 support, \
and want to enforce that rule to make sure the protocol state machine does not have \
to jump back and forth between TLS 1.2 and TLS 1.3.

 

I can add a PR for both issues, if you agree.

 

--Roelof

 


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

 


[Attachment #3 (text/html)]

<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Title content=""><meta \
name=Keywords content=""><meta http-equiv=Content-Type content="text/html; \
charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered \
medium)"><style><!-- /* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-reply;
	font-family:Calibri;
	color:windowtext;}
span.msoIns
	{mso-style-type:export-only;
	mso-style-name:"";
	text-decoration:underline;
	color:teal;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div \
class=WordSection1><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:Calibri'><a \
href="https://github.com/tlswg/tls13-spec/pull/1143">https://github.com/tlswg/tls13-spec/pull/1143</a><o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:Calibri'><o:p>&nbsp;</o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:Calibri'><o:p>&nbsp;</o:p></span></p><div \
style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p \
class=MsoNormal style='margin-left:.5in'><b><span \
style='font-family:Calibri;color:black'>From: </span></b><span \
style='font-family:Calibri;color:black'>Eric Rescorla \
&lt;ekr@rtfm.com&gt;<br><b>Date: </b>Thursday, January 18, 2018 at 1:25 PM<br><b>To: \
</b>R du Toit &lt;r@nerd.ninja&gt;<br><b>Cc: </b>&quot;tls@ietf.org&quot; \
&lt;tls@ietf.org&gt;<br><b>Subject: </b>Re: [TLS] ServerHello \
extensions<o:p></o:p></span></p></div><div><p class=MsoNormal \
style='margin-left:.5in'><o:p>&nbsp;</o:p></p></div><div><p class=MsoNormal \
style='margin-left:.5in'>Thanks. These are good points. I would welcome a \
PR.<o:p></o:p></p></div><div><p class=MsoNormal \
style='margin-left:.5in'><o:p>&nbsp;</o:p></p><div><p class=MsoNormal \
style='margin-left:.5in'>On Thu, Jan 18, 2018 at 10:21 AM, R du Toit &lt;<a \
href="mailto:r@nerd.ninja" target="_blank">r@nerd.ninja</a>&gt; \
wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC \
1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Issue#1: \
Section &quot;4.1.3 Server Hello&quot; currently states:<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><i>extensions&nbsp;&nbsp; \
A list of extensions. The ServerHello MUST only include extensions which are required \
to establish the cryptographic context. Currently the only such extensions are \
&#8220;key_share&#8221; and &#8220;pre_shared_key&#8221;. All current TLS 1.3 \
ServerHello messages will contain one of these two extensions, or both when using a \
PSK with (EC)DHE key establishment. The remaining extensions are sent separately in \
the EncryptedExtensions message.</i><o:p></o:p></p><p class=MsoNormal \
style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&quot;supported_versions&quot; \
should be added to the list of required extensions for a session that negotiates TLS \
1.3.<o:p></o:p></p><p class=MsoNormal \
style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>Issue#2: \
Section &quot;4.1.4 Hello Retry Request&quot; currently states:<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><i>Upon \
receiving the ServerHello, clients MUST check that the cipher suite supplied in the \
ServerHello is the same as that in the HelloRetryRequest and otherwise abort the \
handshake with an &#8220;illegal_parameter&#8221; alert.</i><o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>There \
is no rule about checking that <b>SH.supported_versions.selected_version</b> matches \
<b>HRR.supported_versions.selected_version</b>.&nbsp;&nbsp; I am currently adding \
draft 23 support, and want to enforce that rule to make sure the protocol state \
machine does not have to jump back and forth between TLS 1.2 and TLS \
1.3.<o:p></o:p></p><p class=MsoNormal \
style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>I \
can add a PR for both issues, if you agree.<o:p></o:p></p><p class=MsoNormal \
style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>--Roelof<o:p></o:p></p><p \
class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'>&nbsp;<o:p></o:p></p></div></div><p \
class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><br>_______________________________________________<br>TLS \
mailing list<br><a href="mailto:TLS@ietf.org">TLS@ietf.org</a><br><a \
href="https://www.ietf.org/mailman/listinfo/tls" \
target="_blank">https://www.ietf.org/mailman/listinfo/tls</a><o:p></o:p></p></blockquote></div><p \
class=MsoNormal style='margin-left:.5in'><o:p>&nbsp;</o:p></p></div></div></body></html>




[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic