Re: [TLS] Omitting length in DTLS
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 07 November 2019 06:28 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C2C12009C for <tls@ietfa.amsl.com>; Wed, 6 Nov 2019 22:28:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQZjZKeBJUjJ for <tls@ietfa.amsl.com>; Wed, 6 Nov 2019 22:28:19 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C906412003E for <tls@ietf.org>; Wed, 6 Nov 2019 22:28:18 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 1590112140; Thu, 7 Nov 2019 08:28:16 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id KIjY0Gid7-MD; Thu, 7 Nov 2019 08:28:15 +0200 (EET)
Received: from LK-Perkele-VII (87-100-246-37.bb.dnainternet.fi [87.100.246.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 865057A; Thu, 7 Nov 2019 08:28:13 +0200 (EET)
Date: Thu, 07 Nov 2019 08:28:12 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: tls@ietf.org
Message-ID: <20191107062812.GA815049@LK-Perkele-VII>
References: <1d6cd21a-73a4-44af-9eac-cc0b50682b24@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <1d6cd21a-73a4-44af-9eac-cc0b50682b24@www.fastmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7utVdVHXF0tpp2udZ0a3jVxKGfM>
Subject: Re: [TLS] Omitting length in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 06:28:21 -0000
On Thu, Nov 07, 2019 at 11:18:28AM +1100, Martin Thomson wrote: > > Omitting the length field MUST only be used for data which is > > protected with one of the application_traffic_secret values, and > > not for messages protected with either [sender]_handshake_traffic_sercret > > or [sender]_early_traffic_secret values. When using an > > [sender]_application_traffic_secret for message protection, > > Implementations MAY include the length field at their discretion. > > This seems like an unnecessarily strong requirement that I couldn't > find any discussion about. I do seem to remember some discussion, > but I couldn't find it. I actually tried finding rationale for that, and concluded that it was likely a mistake. Originally the requirement was not to use short headers with initial handshake packets. That was sensible back then. However, when unified headers were introduced, that requirement was changed to prohibition of omitting length, which does not make much sense to me. And I could not find any arguments for it. -Ilari
- [TLS] Omitting length in DTLS Martin Thomson
- Re: [TLS] Omitting length in DTLS Ilari Liusvaara
- Re: [TLS] Omitting length in DTLS Eric Rescorla