[openssl-dev] Minor bug in custom TLS extensions

Emilia Käsper emilia at openssl.org
Tue Sep 1 21:50:59 UTC 2015 

On Fri, Aug 28, 2015 at 2:21 AM, Bill Cox <waywardgeek at google.com> wrote:

> On Thu, Aug 27, 2015 at 5:00 PM, Emilia Käsper <emilia at openssl.org> wrote:
>
>> A client should (SHOULD) always repeat extensions on resumption though,
>> as it can't know whether the resumption will be accepted.
>>
>> Do you have a specific example where you need to save custom extension
>> state? We can think about extending the API, even though I imagine that
>> anything that does need to keep state will be too complex and hairy to be
>> handled by the generic extension mechanism.
>>
>> Cheers,
>> Emilia
>>
>>
> Yes, I need it for the Token Binding Negotiation
> <https://tools.ietf.org/html/draft-popov-tokbind-negotiation-00>
> extension.  We negotiate acceptable Token Binding key parameters in this
> TLS extension.  On resumption, the negotiation fails because the server
> does not include the custom extension in it's server hello.  At this point,
> the client loses the ability to use channel bound tokens.
>

It's not quite clear to me why you'd have to resend parameters on
resumption. After all, they are definitive for the session. Best if the
draft explicitly specifies resumption behaviour.

It's also not clear to me that the serialized TLS session is the place to
store the parameters. Shouldn't they rather be stored at the application
level, alongside with the eventual token?

But setting that aside, the interaction with extended master secret makes
using custom extensions for this purpose tricky anyway. Custom extensions
don't really support interaction with other extensions; there's no
guarantee that you'll end up processing them in the right order.

(But I've only skimmed the docs so it's possible I got it all wrong.)

Cheers,
Emilia


> Thanks,
> Bill
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150901/a80623a5/attachment.html>

More information about the openssl-dev mailing list