Re: [TLS] Banning implicit CIDs in DTLS
Thomas Fossati <Thomas.Fossati@arm.com> Wed, 27 May 2020 10:04 UTC
Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A9C3A0C77 for <tls@ietfa.amsl.com>; Wed, 27 May 2020 03:04:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=66tzJifr; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=66tzJifr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbY5U0j7B9J2 for <tls@ietfa.amsl.com>; Wed, 27 May 2020 03:04:09 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2088.outbound.protection.outlook.com [40.107.20.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2EC3A0C7A for <TLS@ietf.org>; Wed, 27 May 2020 03:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=66tzJifrzfZgAZLX791GuA4C8+r5KUAOpaw5bTYrt9HTZKzv/ArsKObgD1nmQznzGS8xlbntoLOR/7T7tldRysspTxjN8cPH5q4hUVTK1zcPfOl5W18oSsEeS4IlDv7k7fklWQ45jsOXxFiUPinl0usSneQAAb1t8MTEYlpH1kk=
Received: from AM6P192CA0056.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:82::33) by DB6PR08MB2648.eurprd08.prod.outlook.com (2603:10a6:6:17::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Wed, 27 May 2020 10:04:05 +0000
Received: from VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:82:cafe::36) by AM6P192CA0056.outlook.office365.com (2603:10a6:209:82::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.24 via Frontend Transport; Wed, 27 May 2020 10:04:05 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT005.mail.protection.outlook.com (10.152.18.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Wed, 27 May 2020 10:04:05 +0000
Received: ("Tessian outbound 444e8e881ac1:v57"); Wed, 27 May 2020 10:04:04 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: dfd7644a059016d7
X-CR-MTA-TID: 64aa7808
Received: from f5a01ea6415a.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4D0B243C-C37A-4691-B685-2EDFD2170654.1; Wed, 27 May 2020 10:03:59 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f5a01ea6415a.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 27 May 2020 10:03:59 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=od/B7IexRnCQBP1KpSR69wJ8BVjYj3NjY4WCp6jjzqmVRuenC11TZ0PGFrcpi12aLFlLR8NID9XwJgk/gVE85XymjhTRGdx6G+aF1sXj9Wfc6Xmcn3WN9Xxh1byJXSJifyH9WTU57rftsfuQHOt3RMh4fAq4lXgxWOzUGTvtA5xP3H9tdDWvJfoxIqgsdKE8wT3mFR8S6MDLEl0H1TY2rTs1+SrEyW01RieXSnW6wszGdmtwaRo/jYNEA4qdPRjzgR6vcSTKXKK++9BL0KzA0l7U2nKm9jq2+CJQs5lrEdejboKfcat+t1Y6oamiEmrNsA/F878tW/TKUNFVc4GD0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=lhiY9JzhvOa82DTBJxKfYXYTaXO2uOyCKao+2Yq2SLPdiXE3nrGj5p9rMwVxZwP9KynXLyqfRSolM3/YUxNY/VZ6mz74EK70uR8rKraSFFF189lCQ/VrKtTafhUiXtXRObosLUP6P0G6Nu1zfwsmwdT0WWhp+HeKGTedy+ky66GLbR9jC1Ptm+uzlI2/gkg1vUt22ouADQ/NeLQj5mHwbLQstDi2X6yV8Biy5oi3pb6TjRWopQtA33sqVIi96mr3stfTMWr/Ke7HhnOPFVOs4PN8ZoT5vO7Op0FdqFseYEUirw0V+C4EiPXU0eJ+IM/Yhr1M6eSZ1cVSFOABh4Vmkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=66tzJifrzfZgAZLX791GuA4C8+r5KUAOpaw5bTYrt9HTZKzv/ArsKObgD1nmQznzGS8xlbntoLOR/7T7tldRysspTxjN8cPH5q4hUVTK1zcPfOl5W18oSsEeS4IlDv7k7fklWQ45jsOXxFiUPinl0usSneQAAb1t8MTEYlpH1kk=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (2603:10a6:20b:73::23) by AM6PR08MB5016.eurprd08.prod.outlook.com (2603:10a6:20b:e9::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.27; Wed, 27 May 2020 10:03:57 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d%6]) with mapi id 15.20.3021.029; Wed, 27 May 2020 10:03:57 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <TLS@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [TLS] Banning implicit CIDs in DTLS
Thread-Index: AQHWL4jlXax4fI+63EScN0u04f2J/6iyyZ8AgABxsgCABGDagIAADFyAgAQlbgA=
Date: Wed, 27 May 2020 10:03:56 +0000
Message-ID: <F3DB7E1E-EA6C-4579-B77D-397F90FB3CF3@arm.com>
References: <df70e06b-ffdf-4402-b640-d99b2aafac6b@www.fastmail.com> <17230F7E-0983-4519-8BA3-50D3F1A66C22@arm.com> <b45dea1f-506a-420e-aa3b-4d6c0fae5028@www.fastmail.com> <780181FE-B9FE-452F-93F4-4268DFB4E47E@arm.com> <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com>
In-Reply-To: <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
Authentication-Results-Original: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4603a02e-0c98-4a10-ebca-08d802254a0b
x-ms-traffictypediagnostic: AM6PR08MB5016:|DB6PR08MB2648:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB6PR08MB26484717932062588538E3649CB10@DB6PR08MB2648.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000;
x-forefront-prvs: 04163EF38A
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: EV9d6qnolfbg+y5Lp97LRhrenCS3nL+AYk6asQfI0u/okgxsWE8eP+l4XDTnvrkwu4dN6b1Vf2IPGpZmf8LoMNLw9WtwaX494wrY5W27VmD37ZNziXFHi1jq5n01uMkBMgMHvn5iTHGnuCvcfBJ5pohqK2MPFmfuv9gy/t1cggMiLcA8eXsjlut8de+CkoBYUXKFkPFRMZjANK8rAXRntCqLV0nNn/b5l8IC7P075FFDOiiJWaPHLFCY9o7PK8ZzJEkupk+HZFP/samKsgFg/YZDv1KnIOK+2WzhLC7PTm2HUlejboMwGh87l/LFstBuEhYEkVUdvBFSLNR1HIyU3w==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(376002)(136003)(366004)(396003)(66556008)(6486002)(6512007)(8936002)(76116006)(64756008)(71200400001)(2906002)(36756003)(86362001)(186003)(83380400001)(6916009)(8676002)(316002)(4326008)(26005)(2616005)(66446008)(91956017)(6506007)(66476007)(53546011)(54906003)(478600001)(5660300002)(33656002)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: z6hwcaS1SF+vktEGW5TkXzlIpJb+TQGoEe4IIRAnmVRuOl99MZbMoLxvFgi+dbxAJB5NuY8fvCBkG26PR8qEHG2DuYc9HIB2Vm3ku59Advf2Z74oWr8NL1f/SeG5//Kx+3H4kSuygaggszHXWESeDB0RuZHZAaBC5eZsrJJ5NLcBAh+417rC2lyxPqObSxcGV5LTHzdSBRR0ORxScuVIRwlLwZl5VeEWSFWbEqzXCuZzcuD+7wwDDch39NG+hy3zxeaTQp+3szkcpfVLmjGEQBHUuOeFhxANN52mTlTfKrkFmEo7tg8L+gO5nBKM7o6l6SuXNRbc8LxXYQvOny6E3fpjldXbZuVO+T4S30I3a8ZmatTgQzg4C9fWn2z6A7iph/WnRgjZ1hNoYvf6MDByi7aajQ4YCSbsW+5PVSEqO3FmNglqMigQb7nRRzlQ2RZdbWmw3Qf2SD0zrUZboavn0ZTtQoDLqtd+ns07VQJmRbU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <A611E9208915FA4E83850817712540DF@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5016
Original-Authentication-Results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(346002)(396003)(136003)(46966005)(5660300002)(186003)(26005)(70586007)(70206006)(2906002)(6486002)(478600001)(8676002)(4326008)(82310400002)(316002)(6512007)(356005)(36906005)(86362001)(83380400001)(6862004)(33656002)(336012)(53546011)(8936002)(36756003)(6506007)(81166007)(54906003)(47076004)(82740400003)(2616005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 077557da-96f5-477b-ce6f-08d802254531
X-Forefront-PRVS: 04163EF38A
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: j4hP2KL71fY+jY/u8gCnz/1uhbnsug5Tl+mAYSzWoJdQV07iD9jiqVE077l7rnj/r61oFQJpHSlqQaDX6lMytb04796bD5xRaMoabZo1s8cyzg+tjZhLLZ7ThmaTpd1/R9GFJg31iZlFfNAy1gdkXlORk1fw8J/9uK5uniljHsngtviRR74JKInZ3J7NvWVr45dt0Da/Z2HmMZGm7nN/ncueHp8gWKWVY4O4PHiE3t3uzNEPKRbdltX62NVvQSeX0w84PCYBrelhusXw0Ce3FdACJxt7ga3GoKasWt54jap1f0RFmRCkWAylRfL6k4lLk13R2vH82XmCnHLTO93RawSLUrXNbGAZ/kaeiboAnzhdfJcv2UK5Mu1YiotArLxhl+u+ZrGxLUAJAB+M10M+5A==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 May 2020 10:04:05.1156 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4603a02e-0c98-4a10-ebca-08d802254a0b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR08MB2648
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ASaJ0beu4znEmJZGEiNRxqoqCLc>
Subject: Re: [TLS] Banning implicit CIDs in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 10:04:11 -0000
On 24/05/2020, 20:45, "Eric Rescorla" <ekr@rtfm.com> wrote: > In what context do you have a use for implicit CIDs? The specific use case I had in mind is that of an endpoint sending small and frequent application data units to the same peer - e.g., sensor readings through CoAP observe. In this (and similar) situation(s) where the payload / header ratio is low one wants to have as little transport overhead as possible. Now, it turns out in the specific situation (and whenever the data framing is provided by a higher layer protocol - CoAP, SCTP, DNS) one might as well buffer and coalesce all the application stuff into one single record, making the need for CID compression moot. So, I am now convinced I don't have a compelling case to bring to the table and might as well move into Martin's "vanishingly small use cases" camp, therefore subscribing the gist of PR#148. PS A note about the more general argument of a pure pseudo-header approach: it'd enable compression boxes at ingress into a constrained network, which would be really useful. Without a thorough analysis wrt header malleability this is unfortunately out of reach. -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [TLS] Banning implicit CIDs in DTLS Christopher Wood
- Re: [TLS] Banning implicit CIDs in DTLS Eric Rescorla
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Martin Thomson
- Re: [TLS] Banning implicit CIDs in DTLS Christopher Wood
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Eric Rescorla
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Achim Kraus
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Richard Barnes
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Hannes Tschofenig
- Re: [TLS] Banning implicit CIDs in DTLS Christopher Wood