IETF Logo Mail Archive

Re: [TLS] Maximum Fragment Length negotiation

Martin Thomson <martin.thomson@gmail.com> Wed, 30 November 2016 00:20 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 727F4129CF5 for <tls@ietfa.amsl.com>; Tue, 29 Nov 2016 16:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XlkpH1yUCmX for <tls@ietfa.amsl.com>; Tue, 29 Nov 2016 16:20:02 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58D22129CE7 for <tls@ietf.org>; Tue, 29 Nov 2016 16:20:02 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id x190so193438814qkb.0 for <tls@ietf.org>; Tue, 29 Nov 2016 16:20:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lasQaI9FH1cjtKzkiJjpC5aYDWlhYgRQkTaCrf93MVg=; b=jTUCx28Y2DFdZPBI7lbb1dh+s6qBH3/JVHB3ofT3//8mJb+Lf//BkHQOFnMtDYXnMr mVcKYJBKd7KJyO5f6d9O1YaE45s8i67miEkZyayFSRr4ACCn0bDg2t3klc+QX7wnRDNJ +6yQXTF83EGfC7RI2EzSq6G52/NgmQVDoj28cBUAxYwmTf8fM56lRElH8zvhpz1Fuq+S 3gdjJ9vsKLGVbPG6krP8/brDD04BgGSzqev64Lq5xsfTK53UbE+0hXtDnLkNlKwDZ5s/ sn67r5aVELnyvaL5qbKVmGzmoKyKdBPsbfjeF7MCLj4RyVwjdIeYajWAzSI7CRm/lTJ5 WC2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lasQaI9FH1cjtKzkiJjpC5aYDWlhYgRQkTaCrf93MVg=; b=hG2TH7kbMlFmkEJB+iT7cyypT+TEpb3sz4lUPbYo5Sk6BLsnN6NAx6egbd1ovBb2QR cuNXLf8EV/DOYt7h0ClkjiB7LnQ0wgcVtn7sY/z6aYBry6SEqJii2XgIrTEGxwDO2iUe 8Z2Iwzard6xzRxyjOX1nuWtMRlHs7P/o7HDqWoxlrNIlvicqV6BkBPmXFRJz5HCxHnAr sRfD5qJX12SB51s8yqTWrWnmAovmpDrVIW7RXoKam3kKPrkFZ+RkKhS7ZpSws5kl/1VE sAJGSQhSP6K5LzVtOL3dODzspwejf7odQN/tmXlykn2sgMPviFg9dITuC5NzmjPFUVxN J7ew==
X-Gm-Message-State: AKaTC03zMAckdqgJxjOsj4rNtuWBgXMbx3hTC/CS359L9p7dNfXsBxNs0T/zhtN5ytk2aJStLPDtqfjFff9dTg==
X-Received: by 10.55.12.2 with SMTP id 2mr26656204qkm.68.1480465201502; Tue, 29 Nov 2016 16:20:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.38.233 with HTTP; Tue, 29 Nov 2016 16:20:01 -0800 (PST)
In-Reply-To: <20161129185451.GA4541@bolet.org>
References: <20161124195002.GA32346@bolet.org> <D45D053C.76B0A%thomas.fossati@alcatel-lucent.com> <20161129185451.GA4541@bolet.org>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 30 Nov 2016 11:20:01 +1100
Message-ID: <CABkgnnXMN5ayBVXQfFqkPJ+k8a4faSe2cCn-Qw4Azbu3SFpFaA@mail.gmail.com>
To: Thomas Pornin <pornin@bolet.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8EqZ7VS88-wFbo5dwQQ_vErVVD4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Maximum Fragment Length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 00:20:04 -0000

On 30 November 2016 at 05:54, Thomas Pornin <pornin@bolet.org> wrote:
> Any comments?

I'm ambivalent on this generally: though I think that the general
notion is OK, I'm not sure about the details.

In particular, you need to be clearer in your motivations: the point
is to ensure that little things (really little things) can talk to any
other TLS implementation.  That seems inherently good, but it might
pay to dig into that some more: why is that good?

I would be opposed to having an implicit extension in the way you
describe.  If you are going to require this, then you need to require
the client to send the extension.  I would also be opposed to a new
extension when the existing one is adequate - or it could be made to
be adequate.

I agree that the current extension semantics are not good.  Ideally we
would want 2^13 and 2^14, and an agreement to use min(client_mfl,
server_mfl) rather than having the server dictate.  That might mean a
new extension, but I'm not sure.

> I can try to write the corresponding text for inclusion in the TLS 1.3
> draft. What is the process for submitting such text?

The spec is on github: https://github.com/tlswg/tls13-spec  You can
create a pull request.

However, I am going to suggest that this is a pretty big change.  It's
already late.  It might be better to create a new draft that revises
the maximum fragment length extension (or defines a better
replacement).

(As an aside, the success rate for RFC 6066 is pretty low in
retrospect, maybe there's an object lesson there.)

v2.23.0 | Report a Bug | By Email