Remove "baseline TLS" handshake reconstruction #60
Conversation
This is a radical change that attempts to implement the (possible) consensus to move from a "reconstruction-based" transcript to a "non-reconstruction" transcript. Verifying the transcript without reconstruction requires the transcript to include the template, which requires a byte-identical representation of the template. This change makes this possible by introducing a stable binary representation of the template, with JSON as a human-readable alternative. This change also attempts to: * Clarify the use of cTLS in datagram contexts - Including how retransmission works without sequence numbers * Formalize the notion of when vector lengths can be omitted * Rearrange the extension templating in a more convenient fashion Fixes #57
draft-ietf-tls-ctls.md
Outdated
| For ease of configuration, an equivalent JSON dictionary format is also defined. | ||
| It consists of a dictionary whose keys are the name of each element type (converted | ||
| from snake_case to camelCase), and whose values are a type-specific representation | ||
| of the element intended to maximize legibility. |
There was a problem hiding this comment.
I'm not sure what you mean. I've put up #61 as an intermediate step that introduces the binary format without changing the transcript.
If you mean creating a version that doesn't define a JSON format at all: that is possible, but I didn't want to remove the JSON option without asking. I have no strong preference on whether we define a JSON format.
draft-ietf-tls-ctls.md
Outdated
| Value: a single `ProtocolVersion` ({{!RFC8446, Section 4.1.2}}) that both parties agree to use. For TLS 1.3, the `ProtocolVersion` is 0x0304. | ||
|
|
||
| When this element is included, the `supported_versions` extension | ||
| is omitted from ClientHello.extensions, and the |
draft-ietf-tls-ctls.md
Outdated
| * `extension_type` is omitted because it is specified by `expected_extensions` | ||
| * The length of `extensions` is omitted because `allow_additional` is false, the number of items in `extensions` (i.e., 1) is known in advance. | ||
|
|
||
| The only exception to this rule is `ClientHello.profile_id`, which is processed before the profile is known. |
There was a problem hiding this comment.
How clever will one have to be to get this right?
There was a problem hiding this comment.
My goal here was mostly to capture a behavior that was implied by some examples but not described anywhere in the text. I've attempted to make this rule more explicit, to avoid any tricky reasoning being required.
draft-ietf-tls-ctls.md
Outdated
| containing the `CTLSTemplate` used for this connection. This message is | ||
| included in the transcript even though it is not exchanged during connection | ||
| setup, in order to ensure that both parties are using the same template. | ||
| Subsequent messages are appended to the transcript as usual. |
There was a problem hiding this comment.
We may have to consume a handshake type for this to ensure it's injective.
There was a problem hiding this comment.
Yes, that's in the IANA section. I've attempted to make that clearer here.
draft-ietf-tls-ctls.md
Outdated
| struct { | ||
| CTLSTemplateElement elements<0..2^32-1> | ||
| } CTLSTemplate; |
There was a problem hiding this comment.
I think that this needs some sort of unambiguous identifier, like a version number, that ensures that we can replace this. Maybe that's included in the process for integrating that into the transcript (ctls_template), which is OK, but a system for replacing this scheme with a better one is very important to have, even if this turns out to be perfect the first time.
There was a problem hiding this comment.
OK, I added CTLSTemplate.ctls_version field.
bemasc
changed the title
This is a radical change that attempts to implement the (possible)
consensus to move from a "reconstruction-based" transcript to a
"non-reconstruction" transcript. Verifying the transcript without
reconstruction requires the transcript to include the template,
which requires a byte-identical representation of the template.
This change makes this possible by introducing a stable binary
representation of the template, with JSON as a human-readable
alternative.
This change also attempts to:
Fixes #57