Hello golang-codereviews@googlegroups.com (cc: agl@google.com, golang-codereviews@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go
10 years, 9 months ago
(2014-07-23 01:08:41 UTC)
#1
10 years, 9 months ago
(2014-07-23 01:27:46 UTC)
#2
On 2014/07/23 01:08:41, andreser wrote:
> Hello mailto:golang-codereviews@googlegroups.com (cc: mailto:agl@google.com,
> mailto:golang-codereviews@googlegroups.com),
>
> I'd like you to review this change to
> https://code.google.com/p/go
The tls-unique channel binding is broken without the master-secret fix that is
currently working though the IETF[1]. It's unclear whether we should support it
in a broken state.
[1] https://tools.ietf.org/html/draft-bhargavan-tls-session-hash-01
> The tls-unique channel binding is broken without the master-secret fix that is > currently ...
10 years, 9 months ago
(2014-07-23 18:38:18 UTC)
#3
> The tls-unique channel binding is broken without the master-secret fix that is
> currently working though the IETF[1]. It's unclear whether we should support
it
> in a broken state.
>
> [1] https://tools.ietf.org/html/draft-bhargavan-tls-session-hash-01
As far as I understand, channel bindings work with "original" TLS sessions but
break down when resumption is used. Given that, I see the following options:
1) Implement extended master secret support now, before this patch.
2) Wait for the standardization process to move on and implement extended master
secret support then, stalling this patch.
3) Clearly document that session resumption and channel bindings together are
not secure and apply this patch without the extended master secret fix.
(1) seems like the right thing to do, but I do not know whether it is likely
that the extended master secret fix will change significantly. Should I take a
stab at implementing it now?
On Wed, Jul 23, 2014 at 11:38 AM, <andreser@google.com> wrote: > (1) seems like the ...
10 years, 9 months ago
(2014-07-24 22:13:00 UTC)
#4
On Wed, Jul 23, 2014 at 11:38 AM, <andreser@google.com> wrote:
> (1) seems like the right thing to do, but I do not know whether it is
> likely that the extended master secret fix will change significantly.
> Should I take a stab at implementing it now?
The problem is that no extension number has been assigned yet. I asked
for an expedited assignment at the meeting last Sunday and that should
happen, but "expedited" at the IETF still takes weeks or months.
Unless you have an urgent need, I think waiting for the codepoint
assignment before doing the master_secret fix would be best.
Cheers
AGL
> The problem is that no extension number has been assigned yet. I asked > ...
10 years, 9 months ago
(2014-07-28 17:23:47 UTC)
#5
> The problem is that no extension number has been assigned yet. I asked
> for an expedited assignment at the meeting last Sunday and that should
> happen, but "expedited" at the IETF still takes weeks or months.
> Unless you have an urgent need, I think waiting for the codepoint
> assignment before doing the master_secret fix would be best.
Thanks Adam.
If I understand correctly, you're saying that we hold off on this change till
after the codepoint assignment and then update this change with the
master_secret fix?
Sounds fair, though it would be nice to ensure that channel-binding doesn't have
to wait another 6+ months for Go1.5 in case the timing of the release cut (for
1.4) and the codepoint assignment don't align.
So, please do advise on how to ensure that (maybe this change goes in as-is
before the freeze on Sept 1?
https://docs.google.com/a/google.com/document/d/1sYiPs2KWhNkygrmj-kJuQ1X1uYQF...),
or if you consider the wait for 1.5 a non-issue.
Thanks.
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go File src/pkg/crypto/tls/conn.go (right): https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go#newcode45 src/pkg/crypto/tls/conn.go:45: // firstFinished contains the first Finished has sent during ...
10 years, 9 months ago
(2014-08-05 17:01:31 UTC)
#11
10 years, 9 months ago
(2014-08-11 20:23:32 UTC)
#12
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go
File src/pkg/crypto/tls/conn.go (right):
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn....
src/pkg/crypto/tls/conn.go:1001: state.TLSUnique = c.firstFinished[:]
On 2014/08/05 17:01:31, ashankar wrote:
> Dunno if we care about that, if we do, might be safer to make a copy?
> Adam?
They can, but making a copy for every caller would mean a lot of allocing for
something that 99.9% of callers don't care about. I think it's ok to assume that
the caller doesn't mutate the structure because, if they do, there are several
other things in here that would be a problem.
10 years, 9 months ago
(2014-08-11 22:01:34 UTC)
#13
On 2014/08/11 20:23:32, agl1 wrote:
>
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go
> File src/pkg/crypto/tls/conn.go (right):
>
>
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn....
> src/pkg/crypto/tls/conn.go:1001: state.TLSUnique = c.firstFinished[:]
> On 2014/08/05 17:01:31, ashankar wrote:
> > Dunno if we care about that, if we do, might be safer to make a copy?
> > Adam?
>
> They can, but making a copy for every caller would mean a lot of allocing for
> something that 99.9% of callers don't care about. I think it's ok to assume
that
> the caller doesn't mutate the structure because, if they do, there are several
> other things in here that would be a problem.
Is there anything else you would like me to change here?
On 2014/08/11 22:01:34, andreser wrote: > On 2014/08/11 20:23:32, agl1 wrote: > > > https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go ...
10 years, 9 months ago
(2014-08-11 23:41:27 UTC)
#15
On 2014/08/11 22:01:34, andreser wrote:
> On 2014/08/11 20:23:32, agl1 wrote:
> >
>
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn.go
> > File src/pkg/crypto/tls/conn.go (right):
> >
> >
>
https://codereview.appspot.com/117100043/diff/100001/src/pkg/crypto/tls/conn....
> > src/pkg/crypto/tls/conn.go:1001: state.TLSUnique = c.firstFinished[:]
> > On 2014/08/05 17:01:31, ashankar wrote:
> > > Dunno if we care about that, if we do, might be safer to make a copy?
> > > Adam?
> >
> > They can, but making a copy for every caller would mean a lot of allocing
for
> > something that 99.9% of callers don't care about. I think it's ok to assume
> that
> > the caller doesn't mutate the structure because, if they do, there are
several
> > other things in here that would be a problem.
>
> Is there anything else you would like me to change here?
Sorry, this was waiting in a terminal for me to submit. Done.
Issue 117100043: code review 117100043: crypto/tls: implement tls-unique channel binding (RFC 5...
Created 10 years, 9 months ago by andreser
Modified 10 years, 9 months ago
Reviewers: agl1
Base URL:
Comments: 12
