Last Call Review of draft-ietf-tls-padding-01
review-ietf-tls-padding-01-opsdir-lc-hares-2015-09-01-00

Request Review of draft-ietf-tls-padding
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-08-24
Requested 2015-08-13
Authors Adam Langley
Draft last updated 2015-09-01
Completed reviews Genart Last Call review of -01 by Meral Shirazipour (diff)
Genart Telechat review of -02 by Meral Shirazipour (diff)
Secdir Last Call review of -01 by Vincent Roca (diff)
Opsdir Last Call review of -01 by Susan Hares (diff)
Assignment Reviewer Susan Hares
State Completed
Review review-ietf-tls-padding-01-opsdir-lc-hares-2015-09-01
Reviewed rev. 01 (document currently at 04)
Review result Not Ready
Review completed: 2015-09-01

Review
review-ietf-tls-padding-01-opsdir-lc-hares-2015-09-01

Adam:

 

This is an OPS-DIR Review and part of the IETF effort to improve all documents.  These set of comments should be taken as any other comment during IETF LC. 

 

Comment: Nicely written document with clear examples.  Easy to understand the “How, when, where, and why” of the document. 

 

Status: Not ready, minor concern. Please review if it updates RFC5246

 

One minor concern: This seems to update RFC5246.  If so, it should state this.  If it does extend RFC5246, then it needs to create a new section in the draft to address the issues. 

If the author believes it doesn’t update RFC5246, then I’d appreciate knowing why to help with my future reviews of security area documents. 

 

Operationally – it’s a nice fix.  It would be nice to state if this has been tested in a number of TCP implementations in the draft. You can always put the status of the TCP implementation on your wiki page. 

 

Sue Hares  

 

===========

RFC5246 p. 41

 

   extensions

      Clients MAY request extended functionality from servers by sending

      data in the extensions field.  The actual "Extension" format is

      defined in Section 7.4.1.4.

 

   In the event that a client requests additional functionality using

   extensions, and this functionality is not supplied by the server, the

   client MAY abort the handshake.  A server MUST accept ClientHello

   messages both with and without the extensions field, and (as for all

   other messages) it MUST check that the amount of data in the message

   precisely matches one of these formats; if not, then it MUST send a

   fatal "decode_error" alert.

 

Section 7.4.1.4 states as follows

   An extension type MUST NOT appear in the ServerHello unless the same

   extension type appeared in the corresponding ClientHello.  If a

   client receives an extension type in ServerHello that it did not

   request in the associated ClientHello, it MUST abort the handshake

   with an unsupported_extension fatal alert.

 

[Sue’s note – this is obeyed by this extension text above]  

 

   Finally, note that extensions can be sent both when starting a new

   session and when requesting session resumption.  Indeed, a client

   that requests session resumption does not in general know whether the

   server will accept this request, and therefore it SHOULD send the

   same extensions as it would send if it were not attempting

   resumption.

 

[Sue’s if the packet length is different, you may send the same padding

Extension or you may not need to send the same extension. ]