[TLS] Re: WG Last Call: draft-ietf-tls-super-jumbo-record-limit-02 (Ends 2025-11-25)
Benjamin Kaduk <bkaduk@akamai.com> Tue, 25 November 2025 22:33 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D9466909485E; Tue, 25 Nov 2025 14:33:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wcw8uBYMchsz; Tue, 25 Nov 2025 14:33:56 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 882819094851; Tue, 25 Nov 2025 14:33:56 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.18.1.11/8.18.1.11) with ESMTP id 5APLus9u3789626; Tue, 25 Nov 2025 22:33:55 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=jan2016.eng; bh=PlRq3cY/v4Pk6t2Gw0EwQ2FAB8T0UQb6vDw3pCtsykA=; b=XoS2NoprwhRU sSNOkWC968dZaZRgsVCLbX9a4tiKOYrDASpjIIP7mw5SJNUrqUW06cWHGYOqjyEp edHTH7q0a54hPTsCCkNK7R7T/3K51WYrJsBq1+Vh1KZwurfr/vYWFPgHk7zOprSz Wg0b82EtPgb64JYnXieCJ/nVlNrJdg96Hfx+kjJLVEnPrpEuDbWrFZ48PQmSyczz di9MHpTtNIRPrSavsykZ6qCb0s6GnwL8Pw3FxM+YDeD+Tt2Yxq/6CKbTLqmnL1k6 Tl5i8cH8KZ5PqWf2CbhhqaDeGQjy1A29KPWo6TlY7/diw+AGsz7dqOqeLZtug9Fx zJpPJIf22Q==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60]) by m0050093.ppops.net-00190b01. (PPS) with ESMTPS id 4angf1vbxq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 Nov 2025 22:33:55 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 5APJ3l9K000704; Tue, 25 Nov 2025 14:33:54 -0800
Received: from email.msg.corp.akamai.com ([172.27.91.40]) by prod-mail-ppoint5.akamai.com (PPS) with ESMTPS id 4akc1eeeg4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 Nov 2025 14:33:53 -0800
Received: from usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Tue, 25 Nov 2025 14:33:53 -0800
Received: from akamai.com (172.27.118.139) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Tue, 25 Nov 2025 14:33:52 -0800
Date: Tue, 25 Nov 2025 14:33:50 -0800
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Sean Turner <sean@sn3rd.com>
Message-ID: <aSYuzsk+g0LyvdkR@akamai.com>
References: <176226814185.517610.18328497166055791127@dt-datatracker-5df8666cb-7l4w5>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <176226814185.517610.18328497166055791127@dt-datatracker-5df8666cb-7l4w5>
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-25_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 mlxscore=0 spamscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2510240000 definitions=main-2511250188
X-Authority-Analysis: v=2.4 cv=JrP8bc4C c=1 sm=1 tr=0 ts=69262ed3 cx=c_pps a=NpDlK6FjLPvvy7XAFEyJFw==:117 a=NpDlK6FjLPvvy7XAFEyJFw==:17 a=8nJEP1OIZ-IA:10 a=6UeiqGixMTsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=NEAV23lmAAAA:8 a=eWNpP1l7JePXK6qn26YA:9 a=3ZKOabzyN94A:10 a=wPNLvfGTeEIA:10
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTI1MDE4OCBTYWx0ZWRfX60rKjv+oENm6 Tmje1C0380vl0aDmOmB1sZUdv74jlYlNCxlP5NDCgphEpfAcTKnCP61yhHowmB9+XIDAFwPDXup sC6rqo/PeFA/A7nTbLZvT/z59nKNC42bx+TiN5nUIeR5U01lTy1y44eoYfIVuRBaWWpN1MQtcFf dmvQZSCWjaM8Ksn8HaWnuE4q6lyIebb4Sp12utQbbppSiTKPxJs17GfFmgXxiQUYGT4f0JA/X8m MdNjBvZXKBDrwEMuYY/pu83amGMsj6iTpSSMWfQSy3vS6QgsL2BEM9ntn6aXG6rVy4puCpWur78 RyDM8BcTTlUlBEMYHSBQaSJcYJ6thVefXXUBB0C9LP7+ZNCQhCOKvT7UD2TkF0p3dqYjJmbXPxf rIt1o+uXECsisTrep31L9zGa/2/APg==
X-Proofpoint-ORIG-GUID: UbLI26uHDDFE-LlKWoew4zyVDd5gJShR
X-Proofpoint-GUID: UbLI26uHDDFE-LlKWoew4zyVDd5gJShR
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-25_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 impostorscore=0 clxscore=1011 priorityscore=1501 lowpriorityscore=0 spamscore=0 adultscore=0 suspectscore=0 phishscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510240001 definitions=main-2511250188
Message-ID-Hash: A6MVJFDE5ZZGMARBWNJ4R4IJHXAI7PEW
X-Message-ID-Hash: A6MVJFDE5ZZGMARBWNJ4R4IJHXAI7PEW
X-MailFrom: bkaduk@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-super-jumbo-record-limit@ietf.org, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-super-jumbo-record-limit-02 (Ends 2025-11-25)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/17vjT5rHmnktYYgsKAz23_AJyG8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
# Ben Kaduk's review of draft-ietf-tls-super-jumbo-record-limit CC @kaduk Generally this is in good shape and I support publication, though I do see a couple places to tighten up some potential ambiguity. ## Comments ### Clarify extension non-negotiation in resumption In §3 we note that "This admits the possibility that the extension might not be negotiated during resumption". In conjumction with "Records are subject to the limits that were set in the handshake that produces the keys that are used to protect those records" I *think* that means that if we resume and do not negotiate the extension, the stock (D)TLS 1.3 limits apply (or what we get from "record_size_limit" if negotiated, etc.), but given that this is an edge case that implementors might not test initially, I'd suggest that we dispel any ambiguity. ### Unprotected and handshake-secret messages We say that "Unprotected messages and records protected with early_traffic_secret or handshake_traffic_secret are not subject to the large record size limit", which presumably means (1) they cannot use the TLSLargeCiphertext or varuint-length unified_hdr, and (2) they are subject to the stock (D)TLS 1.3 limits. But, as above, it seems best to dispel ambiguity, especially since this is a divergence from RFC 8449 that affects processing of all protected records. ### Diverging from TLS Presentation Language We informally define in prose the "varuint" type but make no attempt to define it in a way compatible with TLS presentation language, such that we now have an "undocumented" extension to the core TLS presentation language. Do we want to write up a "Variant" structure that formally specifies how varuint works? (I see we reference MLS, RFC 9420, for "as defined in", though MLS does not use the "varuint" name. MLS does not provide a formal description of this type, perhaps because it only appears in the encoding of vector types.) ## Nits Sorry to have these inline rather than via PR; it seemed like a lot of overhead to clone the repo and then I found a couple more. ### Bits vs bytes In §3 we say "The encoded representation MUST use the smallest number of bits necessary to represent the integer value. When decoding, any value that uses more bits than necessary MUST be treated as malformed" but our choices for how many bits to use are only available at byte granularity (admittedly for the overall field size rather than the portion that represents the integer itself); a literal readin gof "smallest number of bits" would have the reader thinking about non-byte-aligned content which is weird. Would we rather talk about "smallest number of octets" here? ### DTLS It's probably worth a pass to check if we want to sprinkle "DTLS" in more places, e.g., the abstract. ### application_traffic_secret I think this was already noted by another reviewer, but when we say "protected with application_traffic_secret" (multiple instances) that's not actually a concept in TLS 1.3; we just have "application_traffic_secret_N". ### length In "MAY generate records protected with application_traffic_secret with inner plaintext that is equal to or smaller than the LargeRecordSizeLimit value it receives from its peer" we're missing a "length" about "inner plaintext length". ### grammar In §4's """When the "large_record_size" has been negotiated record size limit larger than 214 + 1 bytes""" we probably want a "with a" for "negotiated with a record size limit". # Notes This review is formatted in the "IETF Comments" Markdown format, see https://github.com/mnot/ietf-comments .
- [TLS] WG Last Call: draft-ietf-tls-super-jumbo-re… Sean Turner via Datatracker
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Sean Turner
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Ira McDonald
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Magnus Westerlund
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Sean Turner
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Yug Shah
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Martin Thomson
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Ilari Liusvaara
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… John Mattsson
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Sean Turner
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Eric Rescorla
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Valery Smyslov
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Eric Rescorla
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Benjamin Kaduk
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Sean Turner
- [TLS] Re: WG Last Call: draft-ietf-tls-super-jumb… Magnus Westerlund