Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
RFC 8701

Document Type RFC - Informational (January 2020; No errata)
Last updated 2020-01-29
Replaces draft-davidben-tls-grease
Stream IETF
Formats plain text html xml pdf htmlized bibtex
Reviews
Additional URLs
- Document source repository
- Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2019-08-15)
IESG IESG state RFC 8701 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Benjamin Kaduk
Send notices to Sean Turner <sean@sn3rd.com>
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack


Internet Engineering Task Force (IETF)                       D. Benjamin
Request for Comments: 8701                                    Google LLC
Category: Informational                                     January 2020
ISSN: 2070-1721

 Applying Generate Random Extensions And Sustain Extensibility (GREASE)
                          to TLS Extensibility

Abstract

   This document describes GREASE (Generate Random Extensions And
   Sustain Extensibility), a mechanism to prevent extensibility failures
   in the TLS ecosystem.  It reserves a set of TLS protocol values that
   may be advertised to ensure peers correctly handle unknown values.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8701.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
     1.1.  Requirements Language
   2.  GREASE Values
   3.  Client-Initiated Extension Points
     3.1.  Client Behavior
     3.2.  Server Behavior
   4.  Server-Initiated Extension Points
     4.1.  Server Behavior
     4.2.  Client Behavior
   5.  Sending GREASE Values
   6.  IANA Considerations
   7.  Security Considerations
   8.  Normative References
   Acknowledgments
   Author's Address

1.  Introduction

   The TLS protocol [RFC8446] includes several points of extensibility,
   including the list of cipher suites and several lists of extensions.
   The values transmitted in these lists identify implementation
   capabilities.  TLS follows a model where one side, usually the
   client, advertises capabilities, and the peer, usually the server,
   selects them.  The responding side must ignore unknown values so that
   new capabilities may be introduced to the ecosystem while maintaining
   interoperability.

   However, bugs may cause an implementation to reject unknown values.
   It will interoperate with existing peers, so the mistake may spread
   through the ecosystem unnoticed.  Later, when new values are defined,
   updated peers will discover that the metaphorical joint in the
   protocol has rusted shut and the new values cannot be deployed
   without interoperability failures.

   To avoid this problem, this document reserves some currently unused
   values for TLS implementations to advertise at random.  Correctly
   implemented peers will ignore these values and interoperate.  Peers
   that do not tolerate unknown values will fail to interoperate,
   revealing the mistake before it is widespread.

   In keeping with the rusted joint metaphor, this technique is called
   "GREASE" (Generate Random Extensions And Sustain Extensibility).

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  GREASE Values

   This document reserves a number of TLS protocol values, referred to
   as GREASE values.  These values were allocated sparsely to discourage
   server implementations from conditioning on them.  For convenience,
   they were also chosen so all types share a number scheme with a
   consistent pattern while avoiding collisions with any existing
   applicable registries in TLS.

   The following values are reserved as GREASE values for cipher suites
   and Application-Layer Protocol Negotiation (ALPN) [RFC7301]
   identifiers:

      {0x0A,0x0A}

      {0x1A,0x1A}

      {0x2A,0x2A}

      {0x3A,0x3A}

      {0x4A,0x4A}

      {0x5A,0x5A}

      {0x6A,0x6A}

      {0x7A,0x7A}

      {0x8A,0x8A}

      {0x9A,0x9A}

      {0xAA,0xAA}

      {0xBA,0xBA}

      {0xCA,0xCA}

Show full document text