IETF Logo Mail Archive

Re: [TLS] Record header size?

mrex@sap.com (Martin Rex) Wed, 18 November 2015 20:52 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D671F1B2EA4 for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 12:52:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.151
X-Spam-Level:
X-Spam-Status: No, score=-5.151 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SAjo8GZzjgQ for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 12:52:32 -0800 (PST)
Received: from smtpde02.smtp.sap-ag.de (smtpde02.smtp.sap-ag.de [155.56.68.140]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 246CA1B2EA7 for <tls@ietf.org>; Wed, 18 Nov 2015 12:52:32 -0800 (PST)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde02.smtp.sap-ag.de (Postfix) with ESMTPS id 0D89344845; Wed, 18 Nov 2015 21:52:30 +0100 (CET)
X-purgate-ID: 152705::1447879950-00001C04-2BF0D457/0/0
X-purgate-size: 2641
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id EEB1240F2B; Wed, 18 Nov 2015 21:52:29 +0100 (CET)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id E58841A380; Wed, 18 Nov 2015 21:52:29 +0100 (CET)
In-Reply-To: <B79F7446-0BBF-4006-A448-E81FF5E7ECD4@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Date: Wed, 18 Nov 2015 21:52:29 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20151118205229.E58841A380@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0NYlj02xR9wfoc33pu2x_wI9j3Y>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Record header size?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 20:52:35 -0000

Yoav Nir wrote:
>> Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
>> 
>> Eric Rescorla <ekr@rtfm.com> writes:
>>> 
>>> The concern here is backward compatibility with inspection middleboxes which
>>> expect the length field to be in a particular place.
>> 
>> Given that the rest of TLS 1.3 is going to break compatibility with pretty
>> much everything everywhere, I can't see this as a big concern, may
>> as well fix it at the same time as everything else is being changed.
> 
> A sanity check on TLS might involve validating 5-byte record headers
> with sane length and version fields. A firewall might be out there that
> verifies this.

The issue is much more about breaking _applications_ on top of TLS
by changing the existing 5-byte record header.  Padding the header
to 8 bytes (3 bytes into the original record body) would be OK, though.

With several TLS implementations it is possible to completely seperate
network communication (of the application) from the processing of
TLS records (performed by the TLS protocol stack).  For some TLS
implementations (e.g. Microsoft SChannel) this seems to be the only
possible mode of operation.


When I changed our (middlware SSL) application APIs from blocking to
non-blocking communication semantics a few years ago, I also moved the
entire network communication out to the middleware above the TLS protocol
stack, and only _full_ TLS records will ever get passed to the TLS library.
Everything that doesn't have the regular TLS record header will be
unconditionally rejected by the middleware above the TLS implementation.
I also use the content type to distinguish application data records from
handshake records to properly manage the half-duplex TLS handshake and the
resulting application-facing progress reporting.

Any changes to the TLS record layer will push support for TLSv1.3 easily
a decade into the future.  Padding the TLS record header to 8 bytes should
be OK and fully backwards compatible with such code, because the actual
processing of the TLS record body happens inside the TLS implementation only.

As far as alignment is concerned, some of the crypto hardware support
(such as Intels AESNI) might need 16-byte alignment.  Intel CPUs have
load instructions to load 16-bytes aligned (MOVDQA) or unaligned (MOVDQU)
into or between XMMx registers, and the amount of extra clock cycles
depends on the severity of the "misalignment".

https://software.intel.com/en-us/articles/reducing-the-impact-of-misaligned-memory-accesses

https://software.intel.com/en-us/forums/watercooler-catchall/topic/304126


-Martin

v2.23.0 | Report a Bug | By Email