IETF Logo Mail Archive

Re: [TLS] 3rd WGLC for draft-ietf-tls-dtls13

Jonathan Hammell <jfhamme.cccs@gmail.com> Fri, 27 March 2020 17:10 UTC

Return-Path: <jfhamme.cccs@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE9993A074B for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 10:10:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPhkWwRFZAE0 for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 10:10:17 -0700 (PDT)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02BE63A0522 for <tls@ietf.org>; Fri, 27 Mar 2020 10:10:16 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id i4so4964109ybl.3 for <tls@ietf.org>; Fri, 27 Mar 2020 10:10:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qeeRPKsf4qSQO8dV3xjpjqjCUb11aBROiHoYHMiZ4fE=; b=EpqUXatKyhcbIG3C+4lUuh7rJk0I50OsxtaHMSCqDuNsSLT8Om5URz2VdrmuKBGRY8 m2e4KDoVat3bFauNCb5yptO1trc44YE2DmHnYE2rxQxFUJeoIhUtuuYoDI4i5SKGwBsQ 6jgoLCveKxmrSqW6fTEDVyGVNDWzNVpM1oNVySH9GdWy1+Myqyr9k8+s9Chzp7Qm2ZPP HHkTghVfFUa1H7LboQVtA99/5N4wqW9skNSIUj2v9II1TNNrpTfx9y05A43hMn8r85SA 6U0UR/+a7TQ0zmqQrq23Fdyvu6e5AEb8AuPJtD9A6hZ4TGrAV259PNDa/TdiqjuI18e6 fhbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qeeRPKsf4qSQO8dV3xjpjqjCUb11aBROiHoYHMiZ4fE=; b=WfXwHnSNIFkntS/Ufni9WPNvYNwCK568TLWgHihsTjjEyVuvwjP0SYdIQJIq82CbIV 2kAAukUZbPZ0rqyzEV9Eu9JMSVIqH95O5vU6vzzKizVAHMRC44ihX6z7eCo4XgeM7vjs QDqlKNLifQ0GJ3jFWGAbolOQ0sfeptSOd92S+t3XXg9tyPNKfCHF7Vn94TjUDjk09OJW R4Czk0fNbvBna4Aynm6yBrXmyBlRDKNAtqzG+Qwo84TRcUHrAF3dz/D6AeGSWNoBtytF NXt0ZDiEy8tQkxy1hWGl3uAZThCiqLbOL1ZIEIxn/uV2hU7EU/vIKl81+/v8f/S622sl ougQ==
X-Gm-Message-State: ANhLgQ3W13BvBowRkusPdtLurlI1fO8U8UGYsepooJmftCh/pBjpaNWh 82A3npiQ3hlcbH8zFFTynXs/WKDYiSYL16vnViA=
X-Google-Smtp-Source: ADFU+vugvzZExHY21EcSpE69qMkunj7ALHkt+CuZ8/VQ6uURH8P+rGIJVYnMh6JP9A84dP2M0pIn9IAXeW+ZCSzBWHc=
X-Received: by 2002:a25:b89:: with SMTP id 131mr5200595ybl.113.1585329016036; Fri, 27 Mar 2020 10:10:16 -0700 (PDT)
MIME-Version: 1.0
References: <150AD400-C080-4676-80DE-7A0EC0ECE7BD@sn3rd.com>
In-Reply-To: <150AD400-C080-4676-80DE-7A0EC0ECE7BD@sn3rd.com>
From: Jonathan Hammell <jfhamme.cccs@gmail.com>
Date: Fri, 27 Mar 2020 13:10:02 -0400
Message-ID: <CALhKWgiZ74Jd7rmc=88RR=dR=Qbr=yFnpPfSi9OESpuDC_fsoA@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: TLS List <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8ZAJZGpp7xtoiZ0Of9SWNj2IVyk>
Subject: Re: [TLS] 3rd WGLC for draft-ietf-tls-dtls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 17:10:19 -0000

I know that this WGLC was supposed to focus on the diff between -34
and -37.  I don't have any comments on that diff, but I do have some
comments on the draft following a re-read of the entire document.

# Minor

The term "deprotection" is used twice in document but never defined.

Section 5.11 abandoning vs destroying association.  In the document we
see the term "abandon" being used, referring to associations. However
section 5.11 states that a server "MUST NOT destroy the existing
association" and then further along it states that "the server MUST
abandon the previous association". Do abandon and destroy mean the
same thing?

In Section 7, what does "handshake-containing" mean in the phrase "The
ACK message is used by an endpoint to indicate
handshake-containing..."?

In Section 7, what does "non-duplicative" mean in phrase
"Implementations MUST NOT acknowledge records containing
non-duplicative handshake messages..."?

In Section 7.1, the 2nd bullet following para 1 reads: "When they
receive a message or fragment which is out of order, either because it
is not the next expected message or because it is not the next piece
of the current message. Implementations MUST NOT send ACKs for
handshake messages which they discard as
out-of-order, because otherwise those messages will not be retransmitted."
This is confusing as the difference between "out of order" messages
that require an ACK and those that do not is not quite clear. Also the
term "out of order" is written in two ways in this paragraph.

In Figure 10, the edge going from SENDING to FINISHED has no label to
differentiate with edge to WAITING. Should it read: "send last
flight"?

In Figure 13, why is there no NewConnectionID message in the exchanges
since new CIDs are offered?  Also, a short explanation of the CID
negotiation and exchange could be helpful in the text.

The state machine in Figure 10 is somewhat puzzling.  How do we
differentiate between "Receive ACK for last flight" and "Receive last
flight"? According to Figure 7, for example, the last ACK is a flight
itself.  Also, with respect to the client, if sending last flight
takes him to finished state, how will he then receive the ACK for his
final flight?


# Nits

Section 3.1 Packet Loss.  Figure 1 is a little confusing since it
resembles Figure 5; as each has the server sending a
HelloRetryRequest. Might illustrate the concept better to have the
server send a ServerHello in Figure 1 rather than a HelloRetryRequest?

Section 5.1. para 3 - Typo.  "The DTLS 1.3 specification changes the
way how cookies are exchanged compared to DTLS 1.2. DTLS 1.3 re-uses
the HelloRetryRequest message". The "... the way how cookies..."
either use "how" or "the way" but not both.

Page 9 last para - Typo.  s/assocatiation/association

In section 3, bullet #3, the term "flight" is used without being
defined; a reference to section 5.6 would be nice.

MSL is used first in section 4.2.1 but only defined in section 5.7.1

In section 5.11 the notion of "CID concept" is mentioned. Might be
nice to refer to section 9.1 where an example of the concept is
presented. Also, section 9.1 never mentions "CID concept"; might be
good to add the term to know that we are talking about the same
thing.

Figure 11 has no commentary describing the sequence. It would be helpful, for
example, to add details on why the two ACKs are sent.

In Section 6.1, the phrase "...loss and re-order an identifier is needed to
determine..." could use a comma after "re-order" and possibly replace
"re-order" with "re-ordering".

In Section 6.1, the phrase "In addition to the key derivation steps
described in Section 7 of [TLS13] triggered by the states during the
handshake a sender may want to rekey at any time during the lifetime
of the connection and has to have a way to indicate that it is
updating its sending cryptographic keys" is long and difficult to
follow.  It could be rephrased as "In addition to
the key derivation steps described in Section 7 of [TLS13], a sender
may want to rekey at any time during the lifetime of the connection.
The epoch value provides a means to indicate that the sender is
updating its sending cryptographic keys."

In Section 6.1, replace "For example, client incorrectly uses..." with
"For example, if a client incorrectly uses..."

In Section 7, the term "current key" is used in the phrase
"Implementations SHOULD simply use the current key."  Would it be
clearer to say that "Implementations SHOULD use the key material of
the current epoch"?

In Section 8, paragraph 3, what does a "canned ACK message" mean?

Section 11, second para, s/Even with such a test, An/Even with such a test, an

Section 11, third bullet: the statement "...DTLS 1.3 records
irrespectively of the use of a CID" could be rephrased as "...DTLS 1.3
records irrespective of whether a CID is used or not."

On Fri, Mar 20, 2020 at 10:18 AM Sean Turner <sean@sn3rd.com> wrote:
>
> This is the third working group last call for the "The Datagram Transport
> Layer Security (DTLS) Protocol Version 1.3" draft available at
> https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/. Please
> review the document and send your comments to the list by 2359 UTC on
> 27 March 2019.
>
> This is a targeted one-week WGLC intended to focus on the changes from -34, which was the subject of the second working group last call, and -37. The diffs between -34 and -37 can be found at:
> https://www.ietf.org/rfcdiff?url1=draft-ietf-tls-dtls13-34&url2=draft-ietf-tls-dtls13-37
> As you will see in the diffs, the changes include 2119-language related changes in s5.1 and s7. These two changes were introduced in -35, which was post in November.
>
> Note the the GH repo for this draft can be found at:
> https://github.com/tlswg/dtls13-spec
>
> Thanks,
> Chris, Joe, and Sean
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email