Re: [TLS] Application Data payload

Martin Thomson <martin.thomson@gmail.com> Mon, 06 March 2017 06:06 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D875D129445 for <tls@ietfa.amsl.com>; Sun, 5 Mar 2017 22:06:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3ymNPlPmtab for <tls@ietfa.amsl.com>; Sun, 5 Mar 2017 22:06:19 -0800 (PST)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9E1C127071 for <tls@ietf.org>; Sun, 5 Mar 2017 22:06:19 -0800 (PST)
Received: by mail-qk0-x22e.google.com with SMTP id 1so137939054qkl.3 for <tls@ietf.org>; Sun, 05 Mar 2017 22:06:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=6y2bLYtxBQzLCswHG9s98zK1t9lqOSe0yfafkOf4KlA=; b=e4nd3z4zUTgGMN4JWJEzcMzUyPHPsde0nfIoz690BcCK5/pGgmUxMzqpRHBiRwLAEu UEBtXd8xDJ4bnQv84KUK0n3n/JNTLSkxVwrGAdqyScmSdmlrhwb/8F2fn0Nr9R9tHdFY 3vKTmFDbRV+UK2jfweeztl0ZIcP22tqEKsycLKaswuCHoekMlKSL5shhTDT1BsKuV0nK pUnr4U+Dx/OD/dVSeFNFEItsycyoVmuqhr4oDxda4hum18XaPebIAYJ7UkT2SYZtWKtt NONUVkB75qDkeURPsurrb3BgOiGmjndYzl2e7PVXIJDPA8da6xfehjoT48ynoxFmiUvS x6Iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=6y2bLYtxBQzLCswHG9s98zK1t9lqOSe0yfafkOf4KlA=; b=jB7w8nvuaYfebdmvw9KIz2aYTlck73FnJ/51Wt1VlyA7E22UyLx4Qvjzk6A/zhix8/ UNSKe0t8WxJ6pP/GuUBgK78ooNAMt0EXeyYGKePvnXpjTbLSkLZn5Roe6xIkGX0jovza SAJUI9kOmszizw/3U3PIPxdIvSXQkHRBWLKB4smQ2YSpVXfE5gAUccWtgga6WCfn7RP6 ICrQ7HhF8q9QS0nIt0U7i+xuD3GoTNMFE+q/vWEPBJfLrVFu7KwRmhDWmF8y21GRHSjf awwPKsaB9PR5i9ESHicQWq5JEY2Om2GtNMFmzdJIRWjvZb1dKzHa5eDkXE7c/6JUIwri rCJg==
X-Gm-Message-State: AMke39kPO3Y6qIKUPrkSI0UQlE0l+PuRWzRRUF1z90BmU9LKKUpiP2c+9qWy3sO83inPFGjWsCexMN76tkZSQA==
X-Received: by 10.55.17.138 with SMTP id 10mr15244931qkr.202.1488780378783; Sun, 05 Mar 2017 22:06:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Sun, 5 Mar 2017 22:06:18 -0800 (PST)
In-Reply-To: <CABkgnnXXQs0fLb0igzhwo=9Jgp5WjN49nFS00843g-WB=U0qhQ@mail.gmail.com>
References: <CABkgnnXXQs0fLb0igzhwo=9Jgp5WjN49nFS00843g-WB=U0qhQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Mar 2017 17:06:18 +1100
Message-ID: <CABkgnnWBb14uZis1RMJymuBGrHXBsxEQV8mHGY1WgHkJOhPVyQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>, Filippo Valsorda <filippo@cloudflare.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/01R1OVbW8ckxwGBslhkjmqbqfWE>
Subject: Re: [TLS] Application Data payload
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 06:06:21 -0000

(Adding Filippo, who wrote the original change.)

I just did some spelunking of the archives, and poking at boring SSL.
I found that David Benjamin mentions unencrypted data, which seems to
be consistent with what boring implements:

<https://mailarchive.ietf.org/arch/msg/tls/b5GpGR9QQpBV3tbxCspdHVJs8HU>

I don't think that this makes sense: the true cost to the server is in
the data it has to store, not process (a client has many better
options for causing the server to expend CPU resources).  Any data
that can be ignored is cheap.

On 6 March 2017 at 11:17, Martin Thomson <martin.thomson@gmail.com> wrote:
> The section on the maximum early data size says this:
>
> "Only Application Data payload is counted."
>
> I don't know how to interpret that.  I can see arguments for counting
> TLSInnerPlaintext.content or all of TLSInnerPlaintext.