> On 18 Nov 2015, at 3:32 AM, Peter Gutmann <[email protected]> wrote:
> 
> Eric Rescorla <[email protected]> writes:
> 
>> The concern here is backward compatibility with inspection middleboxes which
>> expect the length field to be in a particular place.
> 
> Given that the rest of TLS 1.3 is going to break compatibility with pretty
> much everything everywhere, I can't see this as a big concern, may as well fix
> it at the same time as everything else is being changed.
> 

Stateful firewalls tend to pass only what they understand. They use some 
measures to avoid tunneling and passing things that are not HTTPS over TCP port 
443.

To achieve this, they run sanity checks on the traffic. They try to strike a 
balance between not getting circumvented and not dropping legitimate traffic. 
Sometimes they get it wrong. Sometimes they block legitimate but surprising 
stuff. As an example from 15 years ago, when Mac OS 9.2 came out, it sent data 
on the third packet of TCP (the ACK - last of the handshake packets). This is 
allowed by RFC, but was not done by any other platform. This failed the sanity 
checks of some firewalls, causing that traffic to be blocked. Two results of 
this event: we fixed our firewalls, but nobody (including Apple) does that 
anymore.

A sanity check on TLS might involve validating 5-byte record headers with sane 
length and version fields. A firewall might be out there that verifies this. 
This is the kind of thing that might be missed in testing, and we’ll only find 
out when some brave soul deploys TLS 1.3 in Chrome only to find out that it is 
blocked in 3% of the Internet.

Yoav


_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to