New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expand MTI Extensions and add more strict requirements #232
Conversation
@ekr & @martinthomson: Please take a look when you get a chance. Are we all on the same page with this language? Anything that needs tweaking to focus on the above better? Edited to add: |
an extension that they did not put in the corresponding ClientHello. | ||
This alert is always fatal. | ||
: Sent by endpoints receiving any hello message containing an extension | ||
known to be invalid when included in the given hello message, including |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be helpful to have "invalid" be clearer. E.g., "forbidden".
b4dfa87
to
0eb87ef
Compare
@ekr: New commit pushed here with changes for your comments:
Edited to note: |
@@ -2221,6 +2226,25 @@ Note: In versions of TLS prior to TLS 1.3, this extension was named | |||
"elliptic_curves" and only contained elliptic curve groups. See | |||
{{RFC4492}} and {{I-D.ietf-tls-negotiated-ff-dhe}}. | |||
|
|||
All clients MUST send a valid "supported_groups" extension containing | |||
at least one group for each key exchange algorithm (currently | |||
DHE and ECDHE) for which it offers a cipher suite. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like it needs to be reworder for PSK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How so? It's replacing this, from down below in this same section:
The client MUST supply a "supported_groups" extension containing at
least one group for each key exchange algorithm (currently
DHE and ECDHE) for which it offers a cipher suite.
It's almost entirely a cut/paste from your original text.
I don't see anything that PSK needs special note for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PSK is a key exchange algorithm. I realize it was wrongish before, but since we're here, we should fix it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I sort of consider however the PSK got shared out-of-band as the key exchange. PSK suites just use it.
Just adding "ephemeral" would make it stand completely apart rather easily, I guess.
0eb87ef
to
50ffece
Compare
@ekr: Ok, repushed with one-word change to clarify to "at least one group for each ephemeral key exchange algorithm". This excludes PSK, but is still fine for (EC)DHE when used with it. Seems like the simplest fix. |
expand MTI Extensions and add more strict requirements
Modified extension requirements based on recent list discussion. It's a little verbose with repeated boilerplate, but it's clear no matter which section you read now. I've also moved the relevant requirements up top to a consistent place for each extension's section.
The level of strictness here is now: