IETF Logo Mail Archive

Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-dtls13-41: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Thu, 22 April 2021 17:21 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A62D3A0D27 for <tls@ietfa.amsl.com>; Thu, 22 Apr 2021 10:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvjioECZiN0M for <tls@ietfa.amsl.com>; Thu, 22 Apr 2021 10:21:16 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 122573A0D2D for <tls@ietf.org>; Thu, 22 Apr 2021 10:21:16 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id l19so34621739ilk.13 for <tls@ietf.org>; Thu, 22 Apr 2021 10:21:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qUYo6abr+0ytLNcVGf70HmQ0BeOy3exAz4oz4tqFw2A=; b=QTMKEO6woDW+T9IARx09q4X4tJQwxdhP4ujiFYg/Gu0nM1FwQckGTpg6BzCK55zVQ5 QUO7ECa/l7ozBD/X2rgpVA0nJ4r+GBh6EWUCrz9Dq7w2anIvCj2WgZ3FPy2JC9y4y2+z ja+CKO+rNucpRmCeLYOhHWsZQePBq4amEGAVdfFHGpwgbecAUFE9g1lApCtVyrWqqJmx BCvef0jySBmt4cqsh18c7BnFVKEBSNKxoDSQG7fyRqUf+dIgOzwaaRfiHhXwy/EHXQd7 u03D2IXlU3Ol3RcdUho0RKQrqTvenVatijj08NdGLyJmRR/hSWNacqavpumEeCGMezvN uwFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qUYo6abr+0ytLNcVGf70HmQ0BeOy3exAz4oz4tqFw2A=; b=SaaQFZXeOq8iTMvMMECQwFylR8XCvGdK9TPFymAFz35seQuwDRTo9CW2z7SqaLxWsC kw5AOLoaypRXJuifKUDpUz3CMYdFImvJOuI8OiZjelaS5vWQRm2ChUmStlm5EHxlrP2l 4ce5+/7+tuVxwIU92JPWkR9uK2pyJTWSfJ21TVem30sOflcFwh6q9jbj1+L+QM7zjCQp NJ2+m/BLcn1T/mlRHwyBQN+fSL4GIuDohxMazuAx6qqE/D04PSzwCikExCkOU4ZMhQQR ZSgIVQSRsaAIRs4slMGKskv6/CF6lgJbW/037tk/1V5O9xEZgeBHy79PtZnGCIFJpf8r AfsQ==
X-Gm-Message-State: AOAM530QzwFvbn2zj+tqGoASutC1KvLlHg+sXLhBP0/YzIPKPUWBKMxP CV2bTtsjlyFgIajTWZ2U1qDNpcJIw4879V/lDPeqqg==
X-Google-Smtp-Source: ABdhPJwMhcMBsrxX7hZBAq7ZJ/mTwZ/DBtGI5I+YqD/oVH3dYQHG/r2/lZrHblfUVrBURp8f3I4KdJEOoTE104p8J3s=
X-Received: by 2002:a05:6e02:13d3:: with SMTP id v19mr3495477ilj.56.1619112074340; Thu, 22 Apr 2021 10:21:14 -0700 (PDT)
MIME-Version: 1.0
References: <161662211946.14722.10506888699753198221@ietfa.amsl.com> <20210401043702.GS79563@kduck.mit.edu>
In-Reply-To: <20210401043702.GS79563@kduck.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 22 Apr 2021 10:20:38 -0700
Message-ID: <CABcZeBPDrENUidEfhP9QwaupJXNinWsDE=qxtkeSVMaRj=BJKA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Martin Duke <martin.h.duke@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-tls-dtls13@ietf.org, tls-chairs <tls-chairs@ietf.org>, Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000b005b05c092e8a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4d3mrwZDyYuHiET2C6BqRbYFaWk>
Subject: Re: [TLS] Martin Duke's Discuss on draft-ietf-tls-dtls13-41: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 17:21:21 -0000

This was addressed in -42.

On Wed, Mar 31, 2021 at 9:38 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> Hi Martin,
>
> Thanks for starting the separate thread to cover the transport topics.
>
> I'll trim heavily to call out one topic that might benefit from some
> attention from the working group...
>
> On Wed, Mar 24, 2021 at 02:42:00PM -0700, Martin Duke via Datatracker
> wrote:
> >
> > Finally, a really weird one. Reading this document and references to
> connection
> > ID prompted to me to think how QUIC-LB could apply to DTLS. The result
> is here:
> > https://github.com/quicwg/load-balancers/pull/106/files. Please note
> the rather
> > unfortunate third-to-last paragraph. I'm happy to take the answer that
> this use
> > case doesn't matter, since I made it up today. But if it does, it would
> be very
> > helpful if (1) DTLS 1.3 clients MUST include a connection_id extension
> in their
> > ClientHello, even if zero length, and/or (2) this draft updated 4.1.4 of
> 8446
> > to allow the server to include connection_id in HelloRetryRequest even
> if the
> > client didn't offer it. Thoughts?
>
> (To over-summarize: the proposal to make connection_id mandatory in DTLS
> 1.3 ClientHello is an attempt to support the case where a single load
> balancer fronts for both DTLS 1.3 and QUIC servers and connection IDs are
> required.  If the client does not send the extension in this case the
> DTLS server is toast and will not get its packets reliably.)
>
> -Ben
>

v2.23.0 | Report a Bug | By Email