[TLS] extended headers for (D)TLS (and their use with connection-id)
"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Wed, 24 January 2018 14:31 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 182F51243F3 for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 06:31:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwC2ROn5Jje9 for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 06:31:56 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20138.outbound.protection.outlook.com [40.107.2.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE6CF12422F for <tls@ietf.org>; Wed, 24 Jan 2018 06:31:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Q4NM3tixxngIZ3HD01YOcBognTy18F5txKekvZjOQmY=; b=qzr/+0VgNY/Q9jVNpm5cIdoKv4dAYXltbXnjgxVFwUegge1awOL4Mfvxo3S7BSCNxsCMiAgFSNT56LrzWtxOMYWPIEwJEfUhaE0ac2hnXAg+DUdj9BD4T8sgnNOJHTWnorSPIFair2BrHnwdFwyS1rAVKkd0MPhsmlM5HdDJtV8=
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) by VI1PR07MB1231.eurprd07.prod.outlook.com (10.164.87.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.5; Wed, 24 Jan 2018 14:31:53 +0000
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::a946:631c:fa30:cf79]) by VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::a946:631c:fa30:cf79%14]) with mapi id 15.20.0444.008; Wed, 24 Jan 2018 14:31:53 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: extended headers for (D)TLS (and their use with connection-id)
Thread-Index: AQHTlSAUob9oS1qMyUeJYNzjTrRhzQ==
Date: Wed, 24 Jan 2018 14:31:53 +0000
Message-ID: <5D415FD9-1505-4E03-94DA-BF89B52E7770@nokia.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.9.0.180116
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.111.107.3]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1231; 7:b/ranF7IE9gPtbb5UgkVtWzgZzL9tAmrjUlh97FXQJV/417r4uLALvjbfkjIH/tGXwQ3KbzkP4f4NeJ8r6xLCf0sWcn7J0SODghR599pyCepkLTTnpS6rZdxbMOQjitQb1OBf6k3NlXECdxmtjV5yeW76/3qDVmFourkh3K1pEnFXmrSSpC5vTj4bjPZ7bxORKCz79t13/XkZJueeWL7GuKz7tnXOBPGle/1EzWRR6FafipMZU22Tazmzw19MA4+
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: af01b972-71e5-491e-3903-08d5633736d8
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:VI1PR07MB1231;
x-ms-traffictypediagnostic: VI1PR07MB1231:
x-microsoft-antispam-prvs: <VI1PR07MB123170DAF4B6812EB053BCAA80E20@VI1PR07MB1231.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231023)(11241501184)(806099)(2400081)(944501161)(6055026)(6041288)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:VI1PR07MB1231; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1231;
x-forefront-prvs: 056297E276
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(39380400002)(366004)(396003)(346002)(199004)(189003)(25786009)(3660700001)(102836004)(6436002)(316002)(5640700003)(7736002)(36756003)(6306002)(6486002)(83716003)(82746002)(3280700002)(6916009)(6512007)(478600001)(2501003)(86362001)(305945005)(5250100002)(5660300001)(59450400001)(33656002)(6506007)(3846002)(14454004)(6116002)(106356001)(105586002)(2900100001)(26005)(68736007)(8676002)(1730700003)(8936002)(66066001)(81166006)(81156014)(99286004)(97736004)(2351001)(2906002)(53936002)(83506002)(58126008)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1231; H:VI1PR07MB1102.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: uYreTNukMKXbSV56Of/+gMizQFtkfd68IGyMYJh+8a16Z0uMy1qbFoKcFBA1C85Rz2q7UOFqM2Panp83idRu3dEomRXkJrqx7n5pr+Baw7vIrBu4O6CSMKRzI5xo7NeL
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <F2AA5BE28412B745BBA2DF66E87376BA@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af01b972-71e5-491e-3903-08d5633736d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2018 14:31:53.6034 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1231
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/81Rxxsa2563RJAtg09JOUj6L14U>
Subject: [TLS] extended headers for (D)TLS (and their use with connection-id)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 14:31:59 -0000
How to make the existence of a connection id explicit on the wire? We have looked at a few different approaches - in reverse hackery order: defining new content types, using an invalid length and bumping the version number. Each of them comes with its small or big complications but, irrespective of that, the basic trouble we have here is that the lack of spare bits in the record header forces us to override semantics of existing fields in a way that smells wrong. A few months ago, Nikos (can't remember if on this list or on a side conversation) came up with this thought of a generic way to extend the TLS/DTLS record header. So, I've stolen his idea and written it up in [1] with the intention of using it to make room for the connection-id. At a first glance, it seems to work quite smoothly and has a pretty compact encoding (see [2] for the details), which would make it my first choice over all other candidates. Please have a look (the draft shouldn't take more than 5-10 minutes of your time) and provide feedback if you feel like. Thanks, cheers [1] https://tools.ietf.org/html/draft-fossati-tls-ext-header-00 [2] https://tools.ietf.org/html/draft-fossati-tls-ext-header-00#section-3.4
- [TLS] extended headers for (D)TLS (and their use … Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] extended headers for (D)TLS (and their … Adam Langley
- Re: [TLS] extended headers for (D)TLS (and their … Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] extended headers for (D)TLS (and their … Adam Langley