IETF Logo Mail Archive

Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt

Juho Vähä-Herttua <juhovh@iki.fi> Sun, 13 June 2010 09:01 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E2B528C0D8 for <tls@core3.amsl.com>; Sun, 13 Jun 2010 02:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Level:
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wKalh7gnwnDY for <tls@core3.amsl.com>; Sun, 13 Jun 2010 02:01:27 -0700 (PDT)
Received: from smtp-3.tky.hut.fi (smtp03.tky.fi [82.130.63.73]) by core3.amsl.com (Postfix) with SMTP id 607AE28C0D6 for <tls@ietf.org>; Sun, 13 Jun 2010 02:01:27 -0700 (PDT)
Received: from smtp.vaha-herttua.fi ([82.130.46.36]) by smtp-3.tky.hut.fi (SMSSMTP 4.1.9.35) with SMTP id M2010061312011824224 ; Sun, 13 Jun 2010 12:01:18 +0300
Received: from vagabond.lan (qer2.kyla.fi [82.130.46.10]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.vaha-herttua.fi (Postfix) with ESMTPSA id 0D17C18152; Sun, 13 Jun 2010 12:01:19 +0300 (EEST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Juho Vähä-Herttua <juhovh@iki.fi>
In-Reply-To: <4C149556.7040008@gnutls.org>
Date: Sun, 13 Jun 2010 12:01:18 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <03826B11-ABC0-4F5B-A636-A07DECDF428C@iki.fi>
References: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz> <4C149556.7040008@gnutls.org>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
X-Mailer: Apple Mail (2.1078)
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2010 09:01:28 -0000

On 13.6.2010, at 11.22, Nikos Mavrogiannopoulos wrote:
> This is not really a stopper. Since it is being negotiated it should be
> obvious that those clients will accept the default or less. The
> intention is to give choice to more capable clients and servers.

I still don't see a big benefit in making the maximum fragment length 64kB instead of 16kB, since all implementations have to be able to fall back to the 16kB anyway, and handshake messages have maximum length of 16MB so the fragmentation has to be handled nevertheless. 

The benefit of having a fragment length smaller than 2^14 seems quite clear to me. First is what Peter mentioned, the maximum TLSRecord size directly affects the required I/O buffers size that need to be allocated no matter what. Handshake message buffers still might be larger than that, but they can be allocated larger when needed and the implementation can fail gracefully if a handshake message is too large.

Another benefit comes from DTLS, where TLSRecords themselves need to be fragmented in order to fit inside a single IP packet. If the implementation can negotiate a fragment length with a max_fragment_length extension, it doesn't have to be able to handle the double fragmentation (first fragment handshake, then encrypt, then fragment the encrypted data).

If the fragment length is increased from 16kB to 64kB, I can only see a benefit of 3*(5+IV+padding+MAC) bytes per 64kB. That is at most 927 bytes with current implementations, more likely less than 200 bytes since adding 256 bytes of padding is a waste. It would save less than 0,4-1,5% of bandwidth, and if the current implementations don't implement the extension just because they have expected the value not to exceed 2^14 before, it would make all the benefits mentioned earlier void as well.

So is your motivation behind making it larger what I just mentioned above or maybe something else? Since I would like to know if I've missed something important or if this is just a disagreement on the mentioned feature being useful or not.


Juho

v2.23.0 | Report a Bug | By Email