IETF Logo Mail Archive

Re: [TLS] Record header size?

"Short, Todd" <tshort@akamai.com> Wed, 18 November 2015 15:30 UTC

Return-Path: <tshort@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD1F61A8AA1 for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 07:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.585
X-Spam-Level:
X-Spam-Status: No, score=-2.585 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YF6xf0S0T6fV for <tls@ietfa.amsl.com>; Wed, 18 Nov 2015 07:30:06 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (prod-mail-xrelay05.akamai.com [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id 235C11B3280 for <tls@ietf.org>; Wed, 18 Nov 2015 07:30:06 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 48A824DCA0 for <tls@ietf.org>; Wed, 18 Nov 2015 15:30:05 +0000 (GMT)
Received: from prod-mail-relay10.akamai.com (prod-mail-relay10.akamai.com [172.27.118.251]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id 2AE354DDBA for <tls@ietf.org>; Wed, 18 Nov 2015 15:30:05 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1447860605; bh=nrcNpjP4BsTa1HzkTW0MP3xAOgdDAK3M2krlLYnmvAA=; l=5144; h=From:To:Date:References:In-Reply-To:From; b=qDv6h/ikQH3YSz9LqdsRl8mMxN58zehYi4qvQQeXipx1RzEYxmjZFXzC+jb8IY5wn 0HZRtGfjQOzGHQ30xIadODQuzuF1dG3Qq4ZgUx/eVPjs8n2GH5KuuZNor0Bm6TTVxS BEmtmL8ObumJuVVojE2m0w+XwnZH2qCcvbqupTyE=
Received: from email.msg.corp.akamai.com (usma1ex-casadmn.msg.corp.akamai.com [172.27.123.33]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 285202071 for <tls@ietf.org>; Wed, 18 Nov 2015 15:30:05 +0000 (GMT)
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Wed, 18 Nov 2015 10:30:04 -0500
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com ([172.27.123.105]) by usma1ex-dag1mb5.msg.corp.akamai.com ([172.27.123.105]) with mapi id 15.00.1076.000; Wed, 18 Nov 2015 10:30:04 -0500
From: "Short, Todd" <tshort@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Record header size?
Thread-Index: AQHRIUwqfC6IjHws+EWK+zLpB/KhZp6gxqoAgACMgACAAH9MgIAAaSkAgAABl4A=
Date: Wed, 18 Nov 2015 15:30:04 +0000
Message-ID: <2729A4D5-FA80-4902-8F9F-CDDD56E094CD@akamai.com>
References: <C5F506DC-F814-4C0B-AFAA-86CF790817A7@akamai.com> <CABcZeBP5QPQAXKvM_oEAzex0-vrVWMvOW0yZuamvF5hxAHtmtw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B679E6@uxcn10-5.UoA.auckland.ac.nz> <B79F7446-0BBF-4006-A448-E81FF5E7ECD4@gmail.com> <20151118152422.GS18315@mournblade.imrryr.org>
In-Reply-To: <20151118152422.GS18315@mournblade.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.72]
Content-Type: multipart/alternative; boundary="_000_2729A4D5FA8049028F9FCDDD56E094CDakamaicom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/3TPCEdJLYM7-ZIDex7UxPKTUKJM>
Subject: Re: [TLS] Record header size?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 15:30:10 -0000

Yes, that is true, and would accomplish the goals of backwards compatibility along with keeping (at least) 32-bit alignment.
Part of my non-stated goal was to also shrink the header, but *shrug*.

I still like the idea of marking it with a different version number (8.0)?
--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 18, 2015, at 10:24 AM, Viktor Dukhovni <ietf-dane@dukhovni.org<mailto:ietf-dane@dukhovni.org>> wrote:

On Wed, Nov 18, 2015 at 11:07:59AM +0200, Yoav Nir wrote:

Stateful firewalls tend to pass only what they understand. They use some measures to avoid tunneling and passing things that are not HTTPS over TCP port 443.


If the record layer header for application-data (not the initial
handshak), is simply expanded by 3 bytes to 8 (zero padded), and
the padding is included in the record length, then to legacy parsers
it looks like a 5 byte header with payload that's 3 bytes longer.
While implementations aware of the change will treat this as a new
format in which the recorder header is 8 bytes and always overstates
the payload length by 3.

The real payload can then be properly aligned.

--
Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email