IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-super-jumbo-record-limit-02 (Ends 2025-11-25)

Valery Smyslov <smyslov.ietf@gmail.com> Mon, 24 November 2025 15:42 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 822D08F91FB4 for <tls@mail2.ietf.org>; Mon, 24 Nov 2025 07:42:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSU-mC5BkOlv for <tls@mail2.ietf.org>; Mon, 24 Nov 2025 07:42:30 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EADEA8F91FAF for <tls@ietf.org>; Mon, 24 Nov 2025 07:42:30 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id 38308e7fff4ca-37b935df7bfso39685821fa.2 for <tls@ietf.org>; Mon, 24 Nov 2025 07:42:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763998950; x=1764603750; darn=ietf.org; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:to:from :from:to:cc:subject:date:message-id:reply-to; bh=L0F2Dq9lLs+GjTSzSA7v+EWbP9Qnar6+ZuFO6PX8Qlw=; b=TMGiY8HNzq1eQPLWXSBa+auoWMhkGdZmOtRxKNDfVrRniznftlZ+31arpTpoOhWSOw vPbp/Nhqocc9VtNpM4Je8IztpbbDiub5EqJWDfg9LaSwgn6eKTdtT7gZZisFasF+CfYQ WEk4QvjoOlTM8Kxfu1QGPFwrK74dsxyw8Eqf6PNCxdkcXh3CGDVJDQa2Z6Dd5pAs9VIj /K0kNJwWp10vv1SGYuhaB7lOJnaOEpxQnzrJrUewWYqc8ouzIWqIkVIKl7d90T5wXOem ME9kVPkAo9BdmaYHXJ9bE52IC+IL/GICKoPtG4E83E2jZkCdWOnUaSG4+IQbddwCtFsB U6aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763998950; x=1764603750; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:to:from :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L0F2Dq9lLs+GjTSzSA7v+EWbP9Qnar6+ZuFO6PX8Qlw=; b=CEbmcxT2w7A32c+d6ikI9tPUqiklGR3W8q4EbKAfw0zpBHM6c08z98BVTyIYf45Yux sGRfylWf/qc+70lhnZNy5s5sseCrVohBjTlwuDd+h6lSdEOxd+OnCoCRu+MgrYK25enE Wo+TH84ifa4Zf9xUP6dSMbbK0QPk4faLSlXEr5WGkeebt3TibJo/j6LE42AsmzWetK25 nn8zKhD9n6KReF6FSfAHtGYfWSVo9bZJzysjJK/lil7LqgYuKWA0OwzHT+zgfwkHF6OB LOBB2uNv7+J7IzTGTL9JWDRwDY3g4KSH38k6EKvgZT6y8JF5sGQCU//+VZojCV5q0/Mz 6Hpw==
X-Forwarded-Encrypted: i=1; AJvYcCVS1g7IGpF87cWvD/gRWS8FZXpQf/9EkxLvu0KsDSTL88dYMjiuB2TNgUuYqzIe4Mwv8ok=@ietf.org
X-Gm-Message-State: AOJu0YwjK8zCUCoZlX61dYneLWFabv0ze/vWUo42lHR0+84islMSd2eh aJ7JLy98/apdDKQm+is0DCZR9g0DpgPXHj6LNGwUR6Bi5c8xe7yh/HQhHHW2hw==
X-Gm-Gg: ASbGncsEDq7uFfGSLrluBR+45Dz7VLYSgTaZm9fbn6WhwDPI1jAtwgMsh7HcAfsqdPW SsgSXQ7oUEo8m9v52dwG4DitM8OTHjvZ/rHBWMm7L1Z98kVzGo6SsEF0hesyjswH58KD9Io70TU H3JspD/c2/BEDb6NASb47XR7lum+MaJkMjHJoZdhkl2MAD1U7bYuxAydtJU18urxy0BbVQ7jjxW nUJGRpwxM3Vk5CvyuD8t0C0qe4Ze/B6Kss5IO3SpX03nI/JSiPSfijMEobRQqhhuBgljpowNnKE fGyqAx9bUuNtBCFheCthjxrFO9o2iMfs6Uge29u3IE4jcR4xkduFMRFR8/Vdsa8yJYNmBc7NGhQ H9wKk/kfIzwgepCm4tRSUN0lRgF/Si/ycXWMRD42j9zyyQOBGgWg9MShVFp4WSIkETWc2mqloja XPrxz81WkXIwoPzviKQQ==
X-Google-Smtp-Source: AGHT+IEFS/z3Kgz9q/kSoXRfEw+AcC6YFxiBUSDjM2Q/SOSLcYOy8XU3s3J4a4J5/jupXnlo2qEJGg==
X-Received: by 2002:a2e:998f:0:b0:37a:2dca:cfc1 with SMTP id 38308e7fff4ca-37cd923e090mr23421051fa.20.1763998949216; Mon, 24 Nov 2025 07:42:29 -0800 (PST)
Received: from BuildPC ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id 38308e7fff4ca-37cdaf5384asm22118151fa.7.2025.11.24.07.42.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Nov 2025 07:42:28 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Sean Turner' <sean@sn3rd.com>, 'TLS List' <tls@ietf.org>
References: <176226814185.517610.18328497166055791127@dt-datatracker-5df8666cb-7l4w5> <633F1422-C1F4-4600-A4C4-57F0233E4ECD@sn3rd.com> <5B8B6AD9-C0BE-4044-B426-375AB5F00FF0@sn3rd.com> <C1DCBA36-370C-48E9-B33B-CAF88784AC7A@sn3rd.com>
In-Reply-To: <C1DCBA36-370C-48E9-B33B-CAF88784AC7A@sn3rd.com>
Date: Mon, 24 Nov 2025 18:42:28 +0300
Message-ID: <198e01dc5d58$f077a3b0$d166eb10$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJVXySAm8HpBW61k7TWCWez8MKBcgI1g1xOAYeq/7YB5VNgkbPi0ggQ
Content-Language: ru
Message-ID-Hash: 5BBIIN4PIJTDPDID3KDKIU33MYWFCHBM
X-Message-ID-Hash: 5BBIIN4PIJTDPDID3KDKIU33MYWFCHBM
X-MailFrom: smyslov.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-super-jumbo-record-limit-02 (Ends 2025-11-25)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8aKS-BQvmwEQQQviGs0LZUjOz9A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi,

I read the document and I support its publication.

I think that the text of the document can be a bit more accurate with the use of word "negotiate".
While the extension itself is "negotiated", the record size is independently "announced" (or "advertised")
by each side to its peer, so the limits can be different in different directions (which is explicitly stated in the draft).
But the text uses the form "negotiate a larger maximum inner plaintext size" several times, which to 
my (non-native) ear sounds like "a single value for both directions is negotiated", which is wrong.

For the following requirement: 

    "When decoding, any value that uses more bits than necessary MUST be treated as malformed."

I don't see a good justification. Perhaps some reasoning can be given in the text
(I assume that the packet can be correctly decrypted and its authentication tag is valid).
In addition, it is not clear what "treated as malformed" means. Should the packet be dropped
(looks like this is implied, but see above)? Should in addition the connection be closed?

It is not clear from the draft what to do with packets with invalid encoding (11 in the two higher bits).
Obviously, these packets must be discarded, the question is what to do with the connection - 
should it be closed (as with receiving invalid packets in TLS) or not (as with ignoring
invalid packets in ESP). I can imagine that it should be closed in case of TLS and
persist in case of DTLS, but this is not spelled out in the draft (or I missed it).

Regards,
Valery.

> A final reminder that this WGLC ends tomorrow.
> 
> spt
> 
> > On Nov 20, 2025, at 11:00, Sean Turner <sean@sn3rd.com> wrote:
> >
> > Another reminder that this is still on-going.
> >
> > spt
> >
> >> On Nov 13, 2025, at 19:25, Sean Turner <sean@sn3rd.com> wrote:
> >>
> >> Just a reminder that this is still on-going.
> >>
> >> spt
> >>
> >>> On Nov 4, 2025, at 23:55, Sean Turner via Datatracker <noreply@ietf.org> wrote:
> >>>
> >>>
> >>> Subject: WG Last Call: draft-ietf-tls-super-jumbo-record-limit-02 (Ends
> >>> 2025-11-25)
> >>>
> >>> This message starts a 3-week WG Last Call for this document.
> >>>
> >>> Abstract:
> >>> TLS 1.3 records limit the inner plaintext (TLSInnerPlaintext) size to
> >>> 2^14 + 1 bytes, which includes one byte for the content type.
> >>> Records also have a 3-byte overhead due to the fixed opaque_type and
> >>> legacy_record_version fields.  This document defines a TLS extension
> >>> that allows endpoints to negotiate a larger maximum inner plaintext
> >>> size, up to 2^30 - 256 bytes, while reducing overhead.
> >>>
> >>> File can be retrieved from:
> >>> https://datatracker.ietf.org/doc/draft-ietf-tls-super-jumbo-record-limit/
> >>>
> >>> Please review and indicate your support or objection to proceed with the
> >>> publication of this document by replying to this email keeping tls@ietf.org
> >>> in copy. Objections should be motivated and suggestions to resolve them are
> >>> highly appreciated.
> >>>
> >>> Authors, and WG participants in general, are reminded again of the
> >>> Intellectual Property Rights (IPR) disclosure obligations described in BCP 79
> >>> [1]. Appropriate IPR disclosures required for full conformance with the
> >>> provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of
> >>> any. Sanctions available for application to violators of IETF IPR Policy can
> >>> be found at [3].
> >>>
> >>> Thank you.
> >>>
> >>> [1] https://datatracker.ietf.org/doc/bcp78/
> >>> [2] https://datatracker.ietf.org/doc/bcp79/
> >>> [3] https://datatracker.ietf.org/doc/rfc6701/
> >>>
> >>>
> >>>
> >>
> >
> 
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org

v2.37.1 | Report a Bug | By Email | System Status