Re: [TLS] Record header size?
mrex@sap.com (Martin Rex) Wed, 18 November 2015 20:52 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D671F1B2EA4 for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 12:52:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.151
X-Spam-Level:
X-Spam-Status: No, score=-5.151 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SAjo8GZzjgQ for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 12:52:32 -0800 (PST)
Received: from smtpde02.smtp.sap-ag.de (smtpde02.smtp.sap-ag.de [155.56.68.140]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 246CA1B2EA7 for <tls@ietf.org>; Wed, 18 Nov 2015 12:52:32 -0800 (PST)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde02.smtp.sap-ag.de (Postfix) with ESMTPS id 0D89344845; Wed, 18 Nov 2015 21:52:30 +0100 (CET)
X-purgate-ID: 152705::1447879950-00001C04-2BF0D457/0/0
X-purgate-size: 2641
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id EEB1240F2B; Wed, 18 Nov 2015 21:52:29 +0100 (CET)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id E58841A380; Wed, 18 Nov 2015 21:52:29 +0100 (CET)
In-Reply-To: <B79F7446-0BBF-4006-A448-E81FF5E7ECD4@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Date: Wed, 18 Nov 2015 21:52:29 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20151118205229.E58841A380@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0NYlj02xR9wfoc33pu2x_wI9j3Y>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Record header size?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 20:52:35 -0000
Yoav Nir wrote: >> Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: >> >> Eric Rescorla <ekr@rtfm.com> writes: >>> >>> The concern here is backward compatibility with inspection middleboxes which >>> expect the length field to be in a particular place. >> >> Given that the rest of TLS 1.3 is going to break compatibility with pretty >> much everything everywhere, I can't see this as a big concern, may >> as well fix it at the same time as everything else is being changed. > > A sanity check on TLS might involve validating 5-byte record headers > with sane length and version fields. A firewall might be out there that > verifies this. The issue is much more about breaking _applications_ on top of TLS by changing the existing 5-byte record header. Padding the header to 8 bytes (3 bytes into the original record body) would be OK, though. With several TLS implementations it is possible to completely seperate network communication (of the application) from the processing of TLS records (performed by the TLS protocol stack). For some TLS implementations (e.g. Microsoft SChannel) this seems to be the only possible mode of operation. When I changed our (middlware SSL) application APIs from blocking to non-blocking communication semantics a few years ago, I also moved the entire network communication out to the middleware above the TLS protocol stack, and only _full_ TLS records will ever get passed to the TLS library. Everything that doesn't have the regular TLS record header will be unconditionally rejected by the middleware above the TLS implementation. I also use the content type to distinguish application data records from handshake records to properly manage the half-duplex TLS handshake and the resulting application-facing progress reporting. Any changes to the TLS record layer will push support for TLSv1.3 easily a decade into the future. Padding the TLS record header to 8 bytes should be OK and fully backwards compatible with such code, because the actual processing of the TLS record body happens inside the TLS implementation only. As far as alignment is concerned, some of the crypto hardware support (such as Intels AESNI) might need 16-byte alignment. Intel CPUs have load instructions to load 16-bytes aligned (MOVDQA) or unaligned (MOVDQU) into or between XMMx registers, and the amount of extra clock cycles depends on the severity of the "misalignment". https://software.intel.com/en-us/articles/reducing-the-impact-of-misaligned-memory-accesses https://software.intel.com/en-us/forums/watercooler-catchall/topic/304126 -Martin
- [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Peter Gutmann
- Re: [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Eric Rescorla
- Re: [TLS] Record header size? Daniel Kahn Gillmor
- Re: [TLS] Record header size? Eric Rescorla
- Re: [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Eric Rescorla
- Re: [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Viktor Dukhovni
- Re: [TLS] Record header size? Peter Gutmann
- Re: [TLS] Record header size? Peter Gutmann
- Re: [TLS] Record header size? Yoav Nir
- Re: [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Viktor Dukhovni
- Re: [TLS] Record header size? Short, Todd
- Re: [TLS] Record header size? Martin Rex
- Re: [TLS] Record header size? Michael Gray
- Re: [TLS] Record header size? Viktor Dukhovni
- Re: [TLS] Record header size? Peter Gutmann
- Re: [TLS] Record header size? Martin Rex
- Re: [TLS] Record header size? Short, Todd