Feature request for cTLS: NAT Slipstream defense. In the NAT Slipstream attack [1], the server causes the client to emit TCP data that confuses a middlebox. This attack is possible because, in insecure HTTP, the server can largely control the TCP contents of client->server communication (after the first packet). Unfortunately, TLS also allows server control of some portions of client output (e.g. session tickets in resumption handshakes), so these attacks are also likely possible with TLS.
cTLS could easily close this category of vulnerabilities, with zero size overhead, by using the Random to randomize the remainder of the ClientHello (or ServerHello). There are many ways to enable this; e.g. XOR with the output of HKDF-Expand-Label, with a "Secret" provided in the cTLS profile, Label="ctls ch" or "ctls sh", and Context=Random. [1] https://samy.pl/slipstream/ On Mon, Jul 12, 2021 at 12:55 PM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : Compact TLS 1.3 > Authors : Eric Rescorla > Richard Barnes > Hannes Tschofenig > Filename : draft-ietf-tls-ctls-03.txt > Pages : 17 > Date : 2021-07-12 > > Abstract: > This document specifies a "compact" version of TLS 1.3. It is > isomorphic to TLS 1.3 but saves space by trimming obsolete material, > tighter encoding, and a template-based specialization technique. cTLS > is not directly interoperable with TLS 1.3, but it should eventually > be possible for a cTLS/TLS 1.3 server to exist and successfully > interoperate. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-tls-ctls-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-ctls-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
