Re: [TLS] Mail regarding draft-ietf-tls-record-limit
Jim Schaad <ietf@augustcellars.com> Mon, 19 February 2018 16:32 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A1D5120713; Mon, 19 Feb 2018 08:32:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCZxQhtxmvzM; Mon, 19 Feb 2018 08:32:03 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38AF71201F8; Mon, 19 Feb 2018 08:32:03 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 19 Feb 2018 08:30:15 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Thomson' <martin.thomson@gmail.com>, tls@ietf.org
CC: draft-ietf-tls-record-limit@ietf.org
References: <008b01d3a94e$1cc174e0$56445ea0$@augustcellars.com> <CABkgnnUMKhnQS59Xt2=WaJp9Ywbzej6_vZ1u9R1dHE02ocir3Q@mail.gmail.com>
In-Reply-To: <CABkgnnUMKhnQS59Xt2=WaJp9Ywbzej6_vZ1u9R1dHE02ocir3Q@mail.gmail.com>
Date: Mon, 19 Feb 2018 08:31:53 -0800
Message-ID: <00a401d3a99f$28679e90$7936dbb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQIj8Qn+aH0ker1+WmRwus+Llm0/1QMa1TzpovKFBoA=
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5eIhzcT3E55K75EN6tKHIt__dzY>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 16:32:05 -0000
Martin, I think that the wording I would prefer would be along the lines of A server MUST NOT error on the value of the extension when a higher TLS version is requested. The server MUST use the minimum of the requested value and the maximum value for the TLS version negotiated. A server MAY error if a the value of the extension is exceeded for the version of TLS requested. > -----Original Message----- > From: Martin Thomson [mailto:martin.thomson@gmail.com] > Sent: Monday, February 19, 2018 2:15 AM > To: Jim Schaad <ietf@augustcellars.com>; <tls@ietf.org> <tls@ietf.org> > Cc: draft-ietf-tls-record-limit@ietf.org > Subject: Re: Mail regarding draft-ietf-tls-record-limit > > (+tls@) > > This is a good question Jim and one that I thought through during > implementation, but failed to capture in the doc. > > Basically, there is no way to validate the extension if the client includes an > unknown version of TLS or an extension that it doesn't understand. A client > can know because it should understand the protocol as negotiated. > > The text currently says "an endpoint MUST NOT send a value higher than the > protocol-defined maximum record size unless explicitly allowed by such a > future version or extension" I think that we should add "A server MUST NOT > enforce this restriction; a client might advertise a higher limit that is enabled > by an extension or version the server does not understand." > > Does that make sense? > > > On Mon, Feb 19, 2018 at 5:51 PM, Jim Schaad <ietf@augustcellars.com> > wrote: > > I was looking at this document relative to a specific question for > > Kathleen, and I had one thing that I would like you to look at and see > > if you think it is clear enough. > > > > I have a server that is TLS 1.2, a client that is TLS 1.2 & 1.3. It sends > > a hello w/ and extension value of 2^14+1. It is not completely clear > > to me that the server should accept this as a legal value and compute > > the min of it and the maximum 1.2 value as the value to use when > > sending messages to the client rather than producing an error message > > because the value is too large. > > > > Jim > > > >
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Martin Thomson
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara