IETF Logo Mail Archive

Re: [TLS] Banning implicit CIDs in DTLS

Thomas Fossati <Thomas.Fossati@arm.com> Wed, 27 May 2020 10:04 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A9C3A0C77 for <tls@ietfa.amsl.com>; Wed, 27 May 2020 03:04:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=66tzJifr; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=66tzJifr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbY5U0j7B9J2 for <tls@ietfa.amsl.com>; Wed, 27 May 2020 03:04:09 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2088.outbound.protection.outlook.com [40.107.20.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2EC3A0C7A for <TLS@ietf.org>; Wed, 27 May 2020 03:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=66tzJifrzfZgAZLX791GuA4C8+r5KUAOpaw5bTYrt9HTZKzv/ArsKObgD1nmQznzGS8xlbntoLOR/7T7tldRysspTxjN8cPH5q4hUVTK1zcPfOl5W18oSsEeS4IlDv7k7fklWQ45jsOXxFiUPinl0usSneQAAb1t8MTEYlpH1kk=
Received: from AM6P192CA0056.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:82::33) by DB6PR08MB2648.eurprd08.prod.outlook.com (2603:10a6:6:17::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Wed, 27 May 2020 10:04:05 +0000
Received: from VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:82:cafe::36) by AM6P192CA0056.outlook.office365.com (2603:10a6:209:82::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.24 via Frontend Transport; Wed, 27 May 2020 10:04:05 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT005.mail.protection.outlook.com (10.152.18.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Wed, 27 May 2020 10:04:05 +0000
Received: ("Tessian outbound 444e8e881ac1:v57"); Wed, 27 May 2020 10:04:04 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: dfd7644a059016d7
X-CR-MTA-TID: 64aa7808
Received: from f5a01ea6415a.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4D0B243C-C37A-4691-B685-2EDFD2170654.1; Wed, 27 May 2020 10:03:59 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f5a01ea6415a.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 27 May 2020 10:03:59 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=od/B7IexRnCQBP1KpSR69wJ8BVjYj3NjY4WCp6jjzqmVRuenC11TZ0PGFrcpi12aLFlLR8NID9XwJgk/gVE85XymjhTRGdx6G+aF1sXj9Wfc6Xmcn3WN9Xxh1byJXSJifyH9WTU57rftsfuQHOt3RMh4fAq4lXgxWOzUGTvtA5xP3H9tdDWvJfoxIqgsdKE8wT3mFR8S6MDLEl0H1TY2rTs1+SrEyW01RieXSnW6wszGdmtwaRo/jYNEA4qdPRjzgR6vcSTKXKK++9BL0KzA0l7U2nKm9jq2+CJQs5lrEdejboKfcat+t1Y6oamiEmrNsA/F878tW/TKUNFVc4GD0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=lhiY9JzhvOa82DTBJxKfYXYTaXO2uOyCKao+2Yq2SLPdiXE3nrGj5p9rMwVxZwP9KynXLyqfRSolM3/YUxNY/VZ6mz74EK70uR8rKraSFFF189lCQ/VrKtTafhUiXtXRObosLUP6P0G6Nu1zfwsmwdT0WWhp+HeKGTedy+ky66GLbR9jC1Ptm+uzlI2/gkg1vUt22ouADQ/NeLQj5mHwbLQstDi2X6yV8Biy5oi3pb6TjRWopQtA33sqVIi96mr3stfTMWr/Ke7HhnOPFVOs4PN8ZoT5vO7Op0FdqFseYEUirw0V+C4EiPXU0eJ+IM/Yhr1M6eSZ1cVSFOABh4Vmkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCDbH7HyvMHpuyWpmEk2ZMffBogCOQzI3GZmjia1H5w=; b=66tzJifrzfZgAZLX791GuA4C8+r5KUAOpaw5bTYrt9HTZKzv/ArsKObgD1nmQznzGS8xlbntoLOR/7T7tldRysspTxjN8cPH5q4hUVTK1zcPfOl5W18oSsEeS4IlDv7k7fklWQ45jsOXxFiUPinl0usSneQAAb1t8MTEYlpH1kk=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (2603:10a6:20b:73::23) by AM6PR08MB5016.eurprd08.prod.outlook.com (2603:10a6:20b:e9::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.27; Wed, 27 May 2020 10:03:57 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::5e0:a53a:d4d6:2e8d%6]) with mapi id 15.20.3021.029; Wed, 27 May 2020 10:03:57 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <TLS@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [TLS] Banning implicit CIDs in DTLS
Thread-Index: AQHWL4jlXax4fI+63EScN0u04f2J/6iyyZ8AgABxsgCABGDagIAADFyAgAQlbgA=
Date: Wed, 27 May 2020 10:03:56 +0000
Message-ID: <F3DB7E1E-EA6C-4579-B77D-397F90FB3CF3@arm.com>
References: <df70e06b-ffdf-4402-b640-d99b2aafac6b@www.fastmail.com> <17230F7E-0983-4519-8BA3-50D3F1A66C22@arm.com> <b45dea1f-506a-420e-aa3b-4d6c0fae5028@www.fastmail.com> <780181FE-B9FE-452F-93F4-4268DFB4E47E@arm.com> <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com>
In-Reply-To: <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
Authentication-Results-Original: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 4603a02e-0c98-4a10-ebca-08d802254a0b
x-ms-traffictypediagnostic: AM6PR08MB5016:|DB6PR08MB2648:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB6PR08MB26484717932062588538E3649CB10@DB6PR08MB2648.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:10000;
x-forefront-prvs: 04163EF38A
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: EV9d6qnolfbg+y5Lp97LRhrenCS3nL+AYk6asQfI0u/okgxsWE8eP+l4XDTnvrkwu4dN6b1Vf2IPGpZmf8LoMNLw9WtwaX494wrY5W27VmD37ZNziXFHi1jq5n01uMkBMgMHvn5iTHGnuCvcfBJ5pohqK2MPFmfuv9gy/t1cggMiLcA8eXsjlut8de+CkoBYUXKFkPFRMZjANK8rAXRntCqLV0nNn/b5l8IC7P075FFDOiiJWaPHLFCY9o7PK8ZzJEkupk+HZFP/samKsgFg/YZDv1KnIOK+2WzhLC7PTm2HUlejboMwGh87l/LFstBuEhYEkVUdvBFSLNR1HIyU3w==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4231.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(376002)(136003)(366004)(396003)(66556008)(6486002)(6512007)(8936002)(76116006)(64756008)(71200400001)(2906002)(36756003)(86362001)(186003)(83380400001)(6916009)(8676002)(316002)(4326008)(26005)(2616005)(66446008)(91956017)(6506007)(66476007)(53546011)(54906003)(478600001)(5660300002)(33656002)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: z6hwcaS1SF+vktEGW5TkXzlIpJb+TQGoEe4IIRAnmVRuOl99MZbMoLxvFgi+dbxAJB5NuY8fvCBkG26PR8qEHG2DuYc9HIB2Vm3ku59Advf2Z74oWr8NL1f/SeG5//Kx+3H4kSuygaggszHXWESeDB0RuZHZAaBC5eZsrJJ5NLcBAh+417rC2lyxPqObSxcGV5LTHzdSBRR0ORxScuVIRwlLwZl5VeEWSFWbEqzXCuZzcuD+7wwDDch39NG+hy3zxeaTQp+3szkcpfVLmjGEQBHUuOeFhxANN52mTlTfKrkFmEo7tg8L+gO5nBKM7o6l6SuXNRbc8LxXYQvOny6E3fpjldXbZuVO+T4S30I3a8ZmatTgQzg4C9fWn2z6A7iph/WnRgjZ1hNoYvf6MDByi7aajQ4YCSbsW+5PVSEqO3FmNglqMigQb7nRRzlQ2RZdbWmw3Qf2SD0zrUZboavn0ZTtQoDLqtd+ns07VQJmRbU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <A611E9208915FA4E83850817712540DF@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5016
Original-Authentication-Results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(346002)(396003)(136003)(46966005)(5660300002)(186003)(26005)(70586007)(70206006)(2906002)(6486002)(478600001)(8676002)(4326008)(82310400002)(316002)(6512007)(356005)(36906005)(86362001)(83380400001)(6862004)(33656002)(336012)(53546011)(8936002)(36756003)(6506007)(81166007)(54906003)(47076004)(82740400003)(2616005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 077557da-96f5-477b-ce6f-08d802254531
X-Forefront-PRVS: 04163EF38A
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: j4hP2KL71fY+jY/u8gCnz/1uhbnsug5Tl+mAYSzWoJdQV07iD9jiqVE077l7rnj/r61oFQJpHSlqQaDX6lMytb04796bD5xRaMoabZo1s8cyzg+tjZhLLZ7ThmaTpd1/R9GFJg31iZlFfNAy1gdkXlORk1fw8J/9uK5uniljHsngtviRR74JKInZ3J7NvWVr45dt0Da/Z2HmMZGm7nN/ncueHp8gWKWVY4O4PHiE3t3uzNEPKRbdltX62NVvQSeX0w84PCYBrelhusXw0Ce3FdACJxt7ga3GoKasWt54jap1f0RFmRCkWAylRfL6k4lLk13R2vH82XmCnHLTO93RawSLUrXNbGAZ/kaeiboAnzhdfJcv2UK5Mu1YiotArLxhl+u+ZrGxLUAJAB+M10M+5A==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 May 2020 10:04:05.1156 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4603a02e-0c98-4a10-ebca-08d802254a0b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR08MB2648
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ASaJ0beu4znEmJZGEiNRxqoqCLc>
Subject: Re: [TLS] Banning implicit CIDs in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 10:04:11 -0000

On 24/05/2020, 20:45, "Eric Rescorla" <ekr@rtfm.com> wrote:
> In what context do you have a use for implicit CIDs?

The specific use case I had in mind is that of an endpoint sending small
and frequent application data units to the same peer - e.g., sensor
readings through CoAP observe.  In this (and similar) situation(s) where
the payload / header ratio is low one wants to have as little transport
overhead as possible.

Now, it turns out in the specific situation (and whenever the data
framing is provided by a higher layer protocol - CoAP, SCTP, DNS) one
might as well buffer and coalesce all the application stuff into one
single record, making the need for CID compression moot.

So, I am now convinced I don't have a compelling case to bring to the
table and might as well move into Martin's "vanishingly small use cases"
camp, therefore subscribing the gist of PR#148.


PS  A note about the more general argument of a pure pseudo-header
approach: it'd enable compression boxes at ingress into a constrained
network, which would be really useful.  Without a thorough analysis wrt
header malleability this is unfortunately out of reach.

--

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email