Re: [secdir] Secdir review of draft-ietf-tls-record-limit

Hannes Tschofenig <> Sun, 04 March 2018 15:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EE96C12711A; Sun, 4 Mar 2018 07:57:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KenEOjrPlM-g; Sun, 4 Mar 2018 07:57:28 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fe1f::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4E14D120726; Sun, 4 Mar 2018 07:57:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gZ3rgh7lySRWDnfxHYsp0avb3igONlQqFHGhGWUcoh8=; b=iIn6Z4Vtafjb0C1Jnua+LFe7Ka+Gp06dS5MRapP9C3gQ8Ki7dSbPY/5H8BfvqinUiNxuqFPU1fCjZMnIuA0r/UyJa8d9DQiv9DJOsui6mwRVzhi0eIUezjsHHUe38Re+IAnEMEdNQhiCvEz1z0NxCAl5KJk9IMEMuCCirXD7w+c=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 4 Mar 2018 15:57:24 +0000
Received: from ([fe80::7954:44ac:aab4:bc2c]) by ([fe80::7954:44ac:aab4:bc2c%14]) with mapi id 15.20.0548.014; Sun, 4 Mar 2018 15:57:24 +0000
From: Hannes Tschofenig <>
To: Martin Thomson <>
CC: Benjamin Kaduk <>, Alan DeKok <>, "" <>, IESG <>, "" <>
Thread-Topic: Secdir review of draft-ietf-tls-record-limit
Thread-Index: AQHTrqGSa72OyyaNEUOT8kn5vxYs5KO4BpFggAD7SYCAB0Hm4A==
Date: Sun, 4 Mar 2018 15:57:24 +0000
Message-ID: <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 7:5nVxBEEoCiI3Lud128ZXKgsZ0kxSvEC9RkxoBe7xQ3EM8JuozfTgEy+q8Ce8tESrXiMiG6HND9qGOQ9SfAbcBuc8aoS1a0wx+4SHwK3utjUUyi54utFUA5hSe7aNvDfv3Q2CtcBqmQpsxj8ujn1wzIQtv2bW7EW8SYvNtYkw3h68Xm6LA+ROgbO/nmdB00BaIdlwDP/5bhKb3gb1j9VRu2pWd8KebCsutjKkWEZojb6xTySqTKZvIQzQTQENSMMh
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8a300d3c-fb61-460c-62c5-08d581e89f11
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB2707;
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(85827821059158);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231220)(944501244)(52105095)(6055026)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB2707;
x-forefront-prvs: 060166847D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(376002)(39380400002)(366004)(346002)(189003)(199004)(40434004)(13464003)(26005)(305945005)(74316002)(102836004)(55016002)(186003)(8936002)(478600001)(7736002)(59450400001)(72206003)(6506007)(53546011)(97736004)(106356001)(9686003)(86362001)(6346003)(6436002)(8676002)(68736007)(81166006)(81156014)(14454004)(229853002)(33656002)(5660300001)(53936002)(54906003)(76176011)(2906002)(66066001)(3280700002)(4326008)(3846002)(316002)(6116002)(2950100002)(105586002)(93886005)(5250100002)(5890100001)(2900100001)(7696005)(6246003)(39060400002)(6916009)(25786009)(99286004)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is );
x-microsoft-antispam-message-info: VNakyhT0917Kj23+d0x1Tyk6c6/C57FZnWINZ0FN2yalC/wJWlTwN4w3HZAGJiyE7PzKvDKa5aqsJERJtxRA3KE86AmLLU2Z1T5RZ9Yd2O1Bj8IWPIhOZjYObp+JZFf11eB0Cs7+vOwNaDZtp7z7ijnlAYX6g/MqlACa5vxOQUzpwMbRYvSxVBI5nOxdvq2Cg+nLurhxlFUtYkW1t2sl21doiwXbWO6+3vPKjUXbRO67c1hUin+VY1+fp31IMkx84dteq8GqtC1QAG2EnfLo/owS7qVCcY21n7IJZqOTlSh7P52Wu4RdBUsyPg1Ht5wid1iQ19WLgNaX9ra/WrS/bw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8a300d3c-fb61-460c-62c5-08d581e89f11
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2018 15:57:24.3280 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <>
Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 04 Mar 2018 15:57:31 -0000

Hi Martin,

A short remark below:

-----Original Message-----
From: Martin Thomson []
Sent: 28 February 2018 02:01
To: Hannes Tschofenig
Cc: Benjamin Kaduk; Alan DeKok;; IESG;
Subject: Re: Secdir review of draft-ietf-tls-record-limit

Thanks Hannes,

On Tue, Feb 27, 2018 at 9:27 PM, Hannes Tschofenig <>; wrote:
> For example, imagine a certificate message that may contain multiple certificates that then need to be processed one by one by the recipient. Here the stack needs to be "smart" enough to send enough data that the recipient can actually do something with it (like one complete certificate) but also not too much so that it still fits into the buffer. For application data it may be less complicated since the application developer who had set the RSL limit is most likely aware of what to do when the stack cannot send all the data.

Yeah, if you are so constrained that a single datagram is all the scratch space you have, then big certificates can be nigh on impossible to manage.  My understanding is that raw public keys are more common in this context.

[Hannes] There are indeed ways to reduce the over the wire transmission overhead and raw public keys are a useful approach.

> FWIW: The draft currently says that "unprotected messages - handshake messages in particular - are not subject to this limit.". I am not sure whether I fully understand that sentence. Does it mean that the limit does not apply to handshake messages at all or only to handshake messages that are unprotected? In either case I am not sure whether that scoping makes sense since handshake messages can become fairly large.

This was written with two things in mind.  TCP makes it easy to apply back pressure and thereby enable progressive reads for larger cleartext messages, assuming that you can read it all without holding everything in memory at once.  More critically, a ClientHello will be sent in ignorance of any preferences on a server, so a server has to cope somehow.

[Hannes] I am not sure I fully understand the approach. Even if someone uses TCP a RAM limitation will not go away. TCP is likely to make the situation worse since it requires some amount of RAM as well even with the best possible configuration. (There is this work in LWIG on TCP implementation guidance where the authors are supposed to provide some information about the actual RAM usage of various TCP features and settings.)

If you remain concerned about constrained *clients*, maybe we can change the requirement and have it apply immediately for the server's handshake messages.  In TLS 1.2, it would then also apply to the client Certificate, which I suppose is something.  It's definitely possible to make this change. (Now that I think on it, my implementation may already do this.  I should check.)

[Hannes] I am convinced that we have to apply the RSL limit also the handshake message. In most cases today clients are constrained but the way some communication models work they may also see constrained servers.


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.