IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-grease-02.txt

Martin Thomson <mt@lowentropy.net> Thu, 24 January 2019 23:03 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A2101311F1 for <tls@ietfa.amsl.com>; Thu, 24 Jan 2019 15:03:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=d6ILzO9J; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MF7jlpX6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMELPIkP80OR for <tls@ietfa.amsl.com>; Thu, 24 Jan 2019 15:03:28 -0800 (PST)
Received: from new3-smtp.messagingengine.com (new3-smtp.messagingengine.com [66.111.4.229]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E5E1311DE for <tls@ietf.org>; Thu, 24 Jan 2019 15:03:28 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.nyi.internal (Postfix) with ESMTP id 3BFE8126AE for <tls@ietf.org>; Thu, 24 Jan 2019 18:03:27 -0500 (EST)
Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Thu, 24 Jan 2019 18:03:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=message-id:from:to:mime-version:content-transfer-encoding :content-type:references:in-reply-to:subject:date; s=fm1; bh=Z5f LweD89Dj9gf3lKZs6Q+QXYNFWsLzjbNMrzFFPZWw=; b=d6ILzO9JZxj7oXYI5E8 jzUU1tRBNfHZMzrIq8IBnKXXVb2LMN657t2pDnXc1KpJf+UBpsVF0Sy+qruFzkac CIh4/xyd3IN5jFayb2x/q3rq6FlK0gqtECuDpL/+Gspmo8jtDcDYS63T/URcgBEK gas0w8DtXaQhXxYrMKHDl9xzCqOPkOikClKGGspsn1qc9ec5yfNnHla5j2H8Vncx q5jphn3ECZ6DBNL+Tk/LA3GmYJOoLee+GJt0WjJZA3f9AWIp4ax4bTaRD38fuIbA p3b/03ZXZQGae4ymlF3fhWn+3m3KxUi1nGortrrKNOXmPu+sBSpuB37bBMSEtbAD HPg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=Z5fLweD89Dj9gf3lKZs6Q+QXYNFWsLzjbNMrzFFPZ Ww=; b=MF7jlpX64RZ1OHQy9A2X2CwXECdjBrSGTUyKwTO5yvRJey8FdPOqo8q0t RRcaQbB3gXlfvBoA7NURtjFd7UYj9z7/gtE0mlm3in1FwqNREeHtQ8qwfe0BmQOk Q7wWX+roRUwShv50FWS6aYvJeHiXrFBVgPEvHXW6iPu0CSBijnUI8NzB2Gpo4zip k0vR7pDyH5a1+rZjtaWJS8JhG1eLfc2b61PwA9UG8YFajWnlBXRA9xiMWV7QvCyB rLx10r02lDeFELo2ulukE2uEwT0mLW9yMu/kLvzrV4/XYxjv5Ztvs2k7Ivc4Qtgr m+N29BS/MtUDcPtvRG8S3XJOO5sxg==
X-ME-Sender: <xms:PkRKXI1D3G3plKl4OCQ0efMv0YT8aJCmyHpPh8n1Vf73jCjCAK7Txg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrieefgddtiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucenucfjughrpefkhffvggfgtgfofhgjufffsehtjeertdertdejnecuhfhrohhmpe forghrthhinhcuvfhhohhmshhonhcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeen ucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenuc evlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:PkRKXN2BoY9mRNPqQ1XDTbzO2eiJOtM0JNBrlVxZy_7P7Z_5LScI4A> <xmx:PkRKXPyoz6zInXUTAW0Or01fjALLwON4yi0O1mlbgP4T-WUNIlot1g> <xmx:PkRKXIm01RLaWEllmSTM_caTHPue2aP1kb5CT-CpnFTpnx1RIuMqAQ> <xmx:PkRKXOXrbPxA-UDKQW4ipoMT7TwLmfApWRy9RvoulbfUSWadBuRilA>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id EA82C9E560; Thu, 24 Jan 2019 18:03:25 -0500 (EST)
Message-Id: <1548371005.3487947.1642965368.3A897C7A@webmail.messagingengine.com>
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-36e4bfd3
References: <154767032661.29586.10643059734542111710@ietfa.amsl.com> <2605372.0b8annkhzO@pintsize.usersys.redhat.com> <CAF8qwaC_uTFbjdo8mB-RBo_dEcHH3GwJO3cXmG7x8n4MRN-jng@mail.gmail.com>
In-Reply-To: <CAF8qwaC_uTFbjdo8mB-RBo_dEcHH3GwJO3cXmG7x8n4MRN-jng@mail.gmail.com>
Date: Fri, 25 Jan 2019 10:03:25 +1100
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6JpyhrDKStfM_XiQEkq1NWRw1o8>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-grease-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 23:03:30 -0000

On Fri, Jan 18, 2019, at 07:23, David Benjamin wrote:
> > while record_size_limit extension sends just one value, it does
> > specifically
> > allow the client to advertise higher values than the protocol versions or
> > extensions would indicate
> >
> > I wonder if sending such values shouldn't be part of GREASE behaviour,
> > even if
> > it wouldn't use GREASE values...
> >
> 
> I think that should be sorted out in a separate document. This one's been
> sitting around for a while as it is, and record_size_limit doesn't have an
> RFC to cite yet. :-)

I'm in two minds about this.  On the one hand, we don't need any actual machinery here, so why do anything?  On the other hand, it's just a note that this is possible, and adding that sort of note is easy.

> The record_size_limit extension {{!RFC8449}} includes a value that can be greased by endpoints that don't place constraints on their record size.  Advertising values larger than the protocol supports is permitted and has no effect on the behavior of a compliant peer.

v2.23.0 | Report a Bug | By Email