Re: [TLS] draft-ietf-tls-record-limit-01
Hubert Kario <hkario@redhat.com> Tue, 12 September 2017 18:11 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1801A132D6D for <tls@ietfa.amsl.com>; Tue, 12 Sep 2017 11:11:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.921
X-Spam-Level:
X-Spam-Status: No, score=-6.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eBspjI5_F3Zl for <tls@ietfa.amsl.com>; Tue, 12 Sep 2017 11:11:11 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6E99126B6D for <tls@ietf.org>; Tue, 12 Sep 2017 11:11:11 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4CDF2800A4; Tue, 12 Sep 2017 18:11:11 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4CDF2800A4
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=hkario@redhat.com
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.223]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A66D6062A; Tue, 12 Sep 2017 18:11:11 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Tue, 12 Sep 2017 20:11:09 +0200
Message-ID: <2127515.TzRoSAlNJ7@pintsize.usersys.redhat.com>
In-Reply-To: <d146477e-85c1-5b09-490e-ed2f386f0915@gmx.net>
References: <d146477e-85c1-5b09-490e-ed2f386f0915@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart43011322.ZmSroSPDY6"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 12 Sep 2017 18:11:11 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3BiS5ykwVUb7fX5G3Z8BLVLMMl8>
Subject: Re: [TLS] draft-ietf-tls-record-limit-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2017 18:11:13 -0000
On Tuesday, 12 September 2017 14:30:48 CEST Hannes Tschofenig wrote: > Hi Martin, > > I have implemented the record size extension into mbed TLS. It can be > found at https://github.com/ARMmbed/mbedtls/pull/1088 > > There is only one problem that remains to be addressed IMHO. This > extension was developed to address the problem of devices with small > RAM. Application developers have to configure their embedded TLS stack > in such a way that the parameters configured with this TLS extensions > match the available hardware. > > The record_size_limit helps a lot already but does not quite to the > final goal since it uses an artificial metric for deciding when to > fragment records. > > Currently, a developer has to understand various security concepts to > get this right, namely > * Ciphersuite negotiated (and the overhead associated with it, such as > tag length), > * DTLS vs. TLS record layer header differences, > * potential compression being applied. > > Additionally, there is, of course, other header information that needs > to be considered in the overall buffer size calculation, such as TCP or > UDP, IP and potentially any lower layer headers. > > I just think that this is too much to ask for from an ordinary developer. > > Hence, I would suggest to use a different metric so that the developer > can be certain that at least from a DTLS/TLS layer there are not records > being sent that exceed the indicated threshold. > > If you think that this idea is worthwhile to entertain then I will make > a proposal. yes, I too found the necessary calculation rather complex and thus hard to get right that being said, if you are ok with "good enough" solutions (for memory allocation, for verifying correctness of packets it should be exact), the actual receive buffer for encrypted TLS records has to be only 85 bytes longer than the value you send to server: - max MAC size - 48 bytes - max IV size - 16 bytes - header size - 5 bytes - max block size for CBC ciphers - 16 bytes - max padding - 16 bytes since MAC size is the exact multiple of block size, the padding starts in worst possible place if the MAC size is arranged on block boundary. Thus the worst case scenario padding length is 16 bytes. Same in case of EtM. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] draft-ietf-tls-record-limit-01 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-record-limit-01 Hubert Kario
- Re: [TLS] draft-ietf-tls-record-limit-01 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-record-limit-01 Martin Thomson
- Re: [TLS] draft-ietf-tls-record-limit-01 Hubert Kario
- Re: [TLS] draft-ietf-tls-record-limit-01 Martin Thomson