IETF Logo Mail Archive

Re: [TLS] Record header size?

"Short, Todd" <tshort@akamai.com> Tue, 17 November 2015 16:35 UTC

Return-Path: <tshort@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8311A0363 for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 08:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.585
X-Spam-Level:
X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GWxtK55-mBm for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 08:35:52 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (prod-mail-xrelay05.akamai.com [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id C2AB11A0335 for <tls@ietf.org>; Tue, 17 Nov 2015 08:35:51 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 2CEAE4F08C; Tue, 17 Nov 2015 16:35:51 +0000 (GMT)
Received: from prod-mail-relay10.akamai.com (prod-mail-relay10.akamai.com [172.27.118.251]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id 156B64F043; Tue, 17 Nov 2015 16:35:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1447778151; bh=kyVWO/1Hi4uVvC5IbQRMagryL1uYvBWF5sV0ghr6NTY=; l=4629; h=From:To:CC:Date:References:In-Reply-To:From; b=jgCOaJVRKy04dWEw6be8gfFFJ+Qa2fTzM4NHkjKIHdVAKras2Umus+tti++ZSSnf6 YNfxutyditQKU2E3NsM1mENYVkKWvmwgw1Kwecr+r8SywE9mpT3TbUWydS9MCyjEPO so3pQlkDdd5o2FQNQdNvdbdxtCyJF4IP5YvLhqMc=
Received: from email.msg.corp.akamai.com (ecp.msg.corp.akamai.com [172.27.123.33]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 0FD05202D; Tue, 17 Nov 2015 16:35:51 +0000 (GMT)
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Tue, 17 Nov 2015 08:35:50 -0800
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com ([172.27.123.105]) by usma1ex-dag1mb5.msg.corp.akamai.com ([172.27.123.105]) with mapi id 15.00.1076.000; Tue, 17 Nov 2015 11:35:50 -0500
From: "Short, Todd" <tshort@akamai.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Thread-Topic: Record header size?
Thread-Index: AQHRIUwqfC6IjHws+EWK+zLpB/KhZp6gresAgAAPVwA=
Date: Tue, 17 Nov 2015 16:35:50 +0000
Message-ID: <AE3C380F-10FF-4CFA-8A11-194E2B649EB9@akamai.com>
References: <C5F506DC-F814-4C0B-AFAA-86CF790817A7@akamai.com> <9A043F3CF02CD34C8E74AC1594475C73F4B66D1F@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B66D1F@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.42.131]
Content-Type: multipart/alternative; boundary="_000_AE3C380F10FF4CFA8A11194E2B649EB9akamaicom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2yuxy9Uj1tIrmujzk4Z7bM8rqo8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Record header size?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 16:35:53 -0000

Plaintext is still limited to 2^14 octets, so there is no need to have the length be 3 bytes. Having the version start with 4 will purposely indicate the size of the record header. One could go out on a limb and use it to actually indicate the length of the header (i.e. 5 bytes, 4 bytes, 8 bytes, etc.) with additional options thrown in, not that I am proposing that.
--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 17, 2015, at 10:40 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>> wrote:

Short, Todd <tshort@akamai.com<mailto:tshort@akamai.com>> writes:

Has there been any consideration to changing the record header for encrypted
traffic to be 4 bytes (i.e. 32-bits)? 5 bytes is a very awkward size, and
some processors do not handle odd byte offsets well (it was a complaint I
heard from Cisco router/switch engineers).

Not just Cisco, other hardware people have run into it as well.  You don't
need the version field at all because it's been negotiated in the handshake,
for the remainder of the session it's just wasted bytes.  So having a 1-byte
type and 3-byte length for a combined 32-bit field would work fine.

Peter.

v2.23.0 | Report a Bug | By Email