IETF Logo Mail Archive

Re: [TLS] Banning implicit CIDs in DTLS

Hanno Becker <Hanno.Becker@arm.com> Thu, 28 May 2020 08:17 UTC

Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 394F53A0C36 for <tls@ietfa.amsl.com>; Thu, 28 May 2020 01:17:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=lG0DTVFo; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=lG0DTVFo
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fuguKPxbp7s2 for <tls@ietfa.amsl.com>; Thu, 28 May 2020 01:17:40 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150072.outbound.protection.outlook.com [40.107.15.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FAE53A0B4C for <TLS@ietf.org>; Thu, 28 May 2020 01:17:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=68RQy4LChkV9c2eBvEckKxPKMo8YpAdMe9lMuSmA4MA=; b=lG0DTVFodWtDtem6Gqh1kGavzz+aU5Nmc+ypqzcTUng+lHt78wKKIbcSAx4hoeAL1+ogEyBJR/L/lRvQRsoJEhm2mqnxh7P1grpNwrPuwT2ocBcGvdna8xZQYNmgffHjYw8onRF21oqw/ihtr07JCIA/OPmHftyopO0E1oLLejc=
Received: from DB6PR0501CA0039.eurprd05.prod.outlook.com (2603:10a6:4:67::25) by DB7PR08MB4619.eurprd08.prod.outlook.com (2603:10a6:10:7d::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.27; Thu, 28 May 2020 08:17:32 +0000
Received: from DB5EUR03FT017.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:67:cafe::bf) by DB6PR0501CA0039.outlook.office365.com (2603:10a6:4:67::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19 via Frontend Transport; Thu, 28 May 2020 08:17:32 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT017.mail.protection.outlook.com (10.152.20.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 28 May 2020 08:17:32 +0000
Received: ("Tessian outbound cff7dd4de28a:v57"); Thu, 28 May 2020 08:17:32 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: ae3dc2371933ffcf
X-CR-MTA-TID: 64aa7808
Received: from 1f39ad4b52cd.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id BF49A929-A306-4148-9D97-9D18EECB7650.1; Thu, 28 May 2020 08:17:27 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1f39ad4b52cd.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 28 May 2020 08:17:27 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=APK81TI6bptGYMQWAni38h+x5cV6BgNJQbrVP3+zt588qS2oh7LJjEr8XwtucBQWxytbW1O5so93CAh1sk7V2QK6eKmoFzgQpdWa2XxKNxMMQhR+uFyA/45NZeV/DLUl3I/peDwA1LzvvkDMo01LNT0ILOz3gthp70YsU13lrqLvmt2ze8Q9T/KCEyzd+ZVYbacKJxwU5hJW1XH8Yy2CvMrkfU15rQ2VPMQEh5rIkLXUnpn4ZQhjwjQzse/ZM+B86tiyoTJJ3DX7KPiscZ4EAcfHNYeCzNOV+NZYXMwdz3gy9ZfI9nWgswwCVXTa/tqxXkL4XZElQ+hLiDeUZNAO+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=68RQy4LChkV9c2eBvEckKxPKMo8YpAdMe9lMuSmA4MA=; b=PzwVbUEg5lewSwfgr4AxNrg2APv8pvwQ4ehKnM1ax1oQNSlBzc9OrWzqMpehfT8LeCw5rxwcW/cGGGe+epz33FIsgX/6f8RiKqBOLDIMO81Vmyz4U3cGvPwiE6jn4aicFg4JbeK0+NvpqA45hgFTjGc1FfY/FCsiW0vXgn9nnpuI8gMP+49VRTE/dogvgmkiMr0EMAFRSXrffBROa6yPkYpq92ObYej3Fz6mBXzPmUG2Zw6wCYdTC9n0gaBbjUiR+H9X+ODQwF9NPBL4W5kqvUFGCAemnC0f9Q2De51JdXnl8NhNkRThHqZWCa9YAQa/nTRsO+iEVE97lLg+oDoEIA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=68RQy4LChkV9c2eBvEckKxPKMo8YpAdMe9lMuSmA4MA=; b=lG0DTVFodWtDtem6Gqh1kGavzz+aU5Nmc+ypqzcTUng+lHt78wKKIbcSAx4hoeAL1+ogEyBJR/L/lRvQRsoJEhm2mqnxh7P1grpNwrPuwT2ocBcGvdna8xZQYNmgffHjYw8onRF21oqw/ihtr07JCIA/OPmHftyopO0E1oLLejc=
Received: from DB8PR08MB5177.eurprd08.prod.outlook.com (2603:10a6:10:e3::27) by DB8PR08MB5001.eurprd08.prod.outlook.com (2603:10a6:10:e3::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Thu, 28 May 2020 08:17:24 +0000
Received: from DB8PR08MB5177.eurprd08.prod.outlook.com ([fe80::f86c:9fc9:baa8:48e0]) by DB8PR08MB5177.eurprd08.prod.outlook.com ([fe80::f86c:9fc9:baa8:48e0%3]) with mapi id 15.20.3021.030; Thu, 28 May 2020 08:17:24 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: Achim Kraus <achimkraus@gmx.net>, "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: [TLS] Banning implicit CIDs in DTLS
Thread-Index: AQHWL4jlVazT6tbHlkGZvgKpDlUBs6iyuNyAgACCdQCABFAXAIAAHR+AgAQUqwCAAXBxAIAAAKzJ
Date: Thu, 28 May 2020 08:17:24 +0000
Message-ID: <DB8PR08MB5177E491B87DF519CB173DFC9B8E0@DB8PR08MB5177.eurprd08.prod.outlook.com>
References: <df70e06b-ffdf-4402-b640-d99b2aafac6b@www.fastmail.com> <17230F7E-0983-4519-8BA3-50D3F1A66C22@arm.com> <b45dea1f-506a-420e-aa3b-4d6c0fae5028@www.fastmail.com> <780181FE-B9FE-452F-93F4-4268DFB4E47E@arm.com> <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com> <F3DB7E1E-EA6C-4579-B77D-397F90FB3CF3@arm.com>, <6d475bc4-2cb9-5801-e7bc-e165d99502d3@gmx.net>
In-Reply-To: <6d475bc4-2cb9-5801-e7bc-e165d99502d3@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=arm.com;
x-originating-ip: [62.7.191.216]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 831ac69d-3b1a-4975-832f-08d802df920e
x-ms-traffictypediagnostic: DB8PR08MB5001:|DB7PR08MB4619:
X-Microsoft-Antispam-PRVS: <DB7PR08MB4619EE88B58A07E06A621C969B8E0@DB7PR08MB4619.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 0417A3FFD2
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: uRjFpbAcx83t/GawRERLMJ0EeBN3QtOjgdknkho0cpXQSndCN+Wv3dz80z5mhzwAHyK9h0F7Wv5FG/muZt8IbAtCdVf82KvEqCJ3Z7oCn6vDUpktRFLBgaR2VKzxuQlDRqliPC9EFpusm1/Ty3sHw5FHm5uXp31e49lsvz8X8q8/sOSzOVZit8gwnD081T0Rpv21Odgmz1KbYkAbAXaDfFtqsku9ZbkkMClRb2ecuip3knVPoSa5E84E3bK8taGtOCBH76gPN6rlBh7XEp9gXHvSR7OUXVJCicQasV6GaUV8Q7hAydCe9ICJUrV0ee3XrzASvT0xeC15t9PqIcUjbyG/3a1Qtpp9K9on3q0FaiIOwutaOF1tKNOUj3VuSg4JVUPEmFBO3nnwTeto2zRTkA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8PR08MB5177.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(346002)(366004)(396003)(136003)(19627405001)(7696005)(186003)(64756008)(5660300002)(66446008)(66476007)(26005)(66946007)(966005)(76116006)(2906002)(55016002)(66556008)(52536014)(8676002)(478600001)(316002)(86362001)(33656002)(166002)(83380400001)(9686003)(6506007)(71200400001)(8936002)(53546011)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Ukz+F5rAG0tgHIFqoF5lCcMgi9E9LGoV171zCzuaOAu4OBNcM2cSePd4FKR3mQfNksMz3mP7XIizjoQGuf7boJ1MqBXRAAr+NwefpX2L6U5An855D7HS/sJ3kw7mVl3xZ0LFkHxHab2Dugdm0Y0vACd45MbNMpK1km2+GYAWGcE3UjUkrDdkwrnW1WSd3lC4d43vklkR56m3V7EvM7UMER0qmx92oW1z+66A6nZ0BH0BFWD4IsdZvu70y+QozWcmZyaXb+V3fe6/oq0Ecoy3/Di3kEAg0CZz+1K757CHqNIC+pK/LvcFQkB21+AApUAEf/Np2jOKTNpn0Q7mhFZRrysVNF5DjybhkIbO3j9a7N3w5ULePPqP3XXSQq7RljFkRaV1liLspsx8fB4YL3YnaU4t6aEQkDtPn1g9J0nz+6FXlATCTK1STYjzPoDwcISZv+lRxXWhnfTgGtsk4VoKfJyJV7BwwB6WjHtrFbQ6boA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB8PR08MB5177E491B87DF519CB173DFC9B8E0DB8PR08MB5177eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5001
Original-Authentication-Results: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT017.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(346002)(396003)(136003)(376002)(39860400002)(46966005)(30864003)(33656002)(478600001)(53546011)(316002)(5660300002)(8676002)(6506007)(110136005)(81166007)(70206006)(82310400002)(26005)(19627405001)(966005)(2906002)(186003)(82740400003)(8936002)(52536014)(86362001)(83380400001)(336012)(47076004)(70586007)(7696005)(166002)(356005)(55016002)(9686003); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 9c130e4c-14ed-4ef6-522c-08d802df8d7b
X-Forefront-PRVS: 0417A3FFD2
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ECdXuhtOwYZyL0+qXVgo0iRIOdu/qMVipil6MPwIa8lyK18Xis/Y5NsO9fzuYYdx9QoSMLYwF/gIf/zUxzzgITVQPa+oBmtkE2KzuvTChhz2hqQjgf6yhjgGDCFkDlH/UCH7pwRjQowtRAScChrvrimTJfrx7Dn6j5DNpdePK4PRaEIHnuIsT6Y7yI+yjurOwaC+zdI75jyTwF6qqVhL7x/ZUvD9tSV33if6X1RVWLs/DI8Nk69r0BJyb8ehDiU+/BBW7DUGNh/3xgfkC/z+qAzFVH3HNU9w3LmWK4P0RrXe1dxIXwB08rIxInoJrJudROuBiFQOB2p/SbpQbtWu7m6BbzvB8f7FH7XDRyPQ/g0F7+DQ71qN1UZJ9ULRpgecPZHqF1v2pVlygDdN6wT3QHaaUqxNbthQFXn3gZqr+nc1hrbAFDQn0t8xHXmEhT4+rU2i5zw6857+b9vWkYCv0hWy3K+AorU2L+b9GY+df6c=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2020 08:17:32.4232 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 831ac69d-3b1a-4975-832f-08d802df920e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB4619
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_sJnIhKke5BNH61qt_JlLqODtOY>
Subject: Re: [TLS] Banning implicit CIDs in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 08:17:51 -0000

Hi Achim and all,

> > Now, it turns out in the specific situation (and whenever the data
> > framing is provided by a higher layer protocol - CoAP, SCTP, DNS) one
> > might as well buffer and coalesce all the application stuff into one
> > single record, making the need for CID compression moot.

> I'm not sure, how CoAP (RFC 7252) offers framing. AFAIK it uses the size
> of the UDP message (or that of the DTLS "application_data" part). Only
> for TCP the size is explicitly encoded in the CoAP messages (but that's
> not RFC7252). If I miss something about that, it would be great, if you
> share some details to help me out.

> In my opinion, introducing a new TLS Content Type
> "multi_application_data" would help in a more general way. Even without
> the "implicit CIDs" discussion it may help in some cases, where a couple
> of "very small" "application_data"-messages are sent at once.

As mentioned before, I second that wish for more efficient stacking
of multiple records within a single datagram.

Note that this goal could also be achieved without an additional content
type if we'd go for the pseudo-header AAD. Namely, in this case, one could
generalize the implicit CID to allow dropping further header fields and
defining their implicit value for non-initial records, as Thomas mentioned before:
(a) For CID, the value is the same as for the previous record in the datagram
(perhaps transitively continued). (b) For record sequence numbers, an omitted
sequence number means that it's the successor of the one used in the previous
record. (c) For epochs, the value is the same as for the previous record in the
same datagram.
If you follow this through, you end up with the extreme possibility of having
multiple DTLS records within a single datagram, where the explicit headers
of the non-initial records consist solely of their length. This would still be
longer than what you'd get with a multi_application_data content type,
or application layer framing, because the authentication tag overhead occurs multiple
times, but it comes at the benefit of not changing the protection of the records, since
the input to the AEAD algorithm is unchanged. It's only the record  header _format_
that can be chosen freely and optimized dynamically.

Regards,
Hanno

________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Achim Kraus <achimkraus@gmx.net>
Sent: Thursday, May 28, 2020 9:02 AM
To: tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] Banning implicit CIDs in DTLS

Hi Thomas,

 > Now, it turns out in the specific situation (and whenever the data
 > framing is provided by a higher layer protocol - CoAP, SCTP, DNS) one
 > might as well buffer and coalesce all the application stuff into one
 > single record, making the need for CID compression moot.

I'm not sure, how CoAP (RFC 7252) offers framing. AFAIK it uses the size
of the UDP message (or that of the DTLS "application_data" part). Only
for TCP the size is explicitly encoded in the CoAP messages (but that's
not RFC7252). If I miss something about that, it would be great, if you
share some details to help me out.

In my opinion, introducing a new TLS Content Type
"multi_application_data" would help in a more general way. Even without
the "implicit CIDs" discussion it may help in some cases, where a couple
of "very small" "application_data"-messages are sent at once.

best regards
Achim

Am 27.05.20 um 12:03 schrieb Thomas Fossati:
> On 24/05/2020, 20:45, "Eric Rescorla" <ekr@rtfm.com> wrote:
>> In what context do you have a use for implicit CIDs?
>
> The specific use case I had in mind is that of an endpoint sending small
> and frequent application data units to the same peer - e.g., sensor
> readings through CoAP observe.  In this (and similar) situation(s) where
> the payload / header ratio is low one wants to have as little transport
> overhead as possible.
>
> Now, it turns out in the specific situation (and whenever the data
> framing is provided by a higher layer protocol - CoAP, SCTP, DNS) one
> might as well buffer and coalesce all the application stuff into one
> single record, making the need for CID compression moot.
>
> So, I am now convinced I don't have a compelling case to bring to the
> table and might as well move into Martin's "vanishingly small use cases"
> camp, therefore subscribing the gist of PR#148.
>
>
> PS  A note about the more general argument of a pure pseudo-header
> approach: it'd enable compression boxes at ingress into a constrained
> network, which would be really useful.  Without a thorough analysis wrt
> header malleability this is unfortunately out of reach.
>
> --
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email