[TLS] DTLS 1.3 ACKs
Eric Rescorla <ekr@rtfm.com> Tue, 24 October 2017 01:15 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55B14139EF2 for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 18:15:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7K4L_4tJNE91 for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 18:15:15 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 883F8138BE2 for <tls@ietf.org>; Mon, 23 Oct 2017 18:15:15 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id t71so13727894ywc.3 for <tls@ietf.org>; Mon, 23 Oct 2017 18:15:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=6oB+cK6jJQn/ckljqYOkrUH3NA63dpmmKmnT333rWRk=; b=vWO/Df+eWv1TeVU2+QRHGB+ffMtTe1aBUE7zvEkVBjr+Fy2jY9BK7rpw7EMV2bHrO5 dZzipsUopvTWSv0YQCXZD19RjpAQCjlfg2egG3o/XrWQiPgQMWAnXYbqpqB06cvBXZ5W IFRvoT/2FleQJdd8iTW+Gkx4LzoKwuWQ4mUrohQsu98VwbFHgZf4gnNAPD8IhYIe29lz lNHcnRfR116NUi58CVzuOeQ6klqhf9ZttdDm5+l0tX8eyqdWk+wgwJgVU0xqWLj2lbkH mYadO2g7v/yv5+6+SUu9MfXd0A5Yfx5sYg3za8fQxaAo09ZR+fgcqHRrgAQTBzP+W56u TIMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6oB+cK6jJQn/ckljqYOkrUH3NA63dpmmKmnT333rWRk=; b=Qj5UPyHsc94fAP7WMZvFtuLCZ1UqdyZYcVec7bdtEPYnkw0MNbnYrM0XRBSWGf9inA DmRbmMr42eyMjGiOIiWtjwP9IBIfA5tuGoL9Rk6RV3SGFYg4Bgcv2eZ3lnBFlrTZqsTC zO7MRl3RYTIcu2VSUt1OaUaNz4omGAdLQ37aRNLB+mtjCRSFVMpiYg/5c3TV4bBFXNtu TYU19gVUhpdUC2qQUfroXnktO86BuisCAmDNWsfX1DN9Yx42/0ZO2GQDbv+QNEWo0TnZ ez1kD8mRO3447mWvmdz2cZ562dXO2tGcR8MhuMH2umjPf0DFdgcxODn3n1mur65BDYRM tHQQ==
X-Gm-Message-State: AMCzsaVmjvmqx1k+xthrPTn8C+W7aUiFReZqZLwlaRx4tDY3sCWq9zoM KmDwBGITYjhPtvWc2AMO8l9QajchhaAVego6a+sH6xGT0oM=
X-Google-Smtp-Source: ABhQp+TIWHCtGT9hG3iQMj9LN4MJztLPzxhnmCJpKV0VvQZIAZOPi6Y81xuRi0/620NHP01/eh2xb3HMZbC6pbBJ9WE=
X-Received: by 10.37.20.6 with SMTP id 6mr9801513ybu.339.1508807714428; Mon, 23 Oct 2017 18:15:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.194 with HTTP; Mon, 23 Oct 2017 18:14:33 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 23 Oct 2017 18:14:33 -0700
Message-ID: <CABcZeBNvaZmbvUTmzvGznqSBmEDn4KAeFXxyxHcR25bV9WVUDg@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d2b94da6eed055c40abda"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Arw1N2QRyjkpxTKP6XzEfrd0J5I>
Subject: [TLS] DTLS 1.3 ACKs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 01:15:17 -0000
We now have DTLS 1.3 implemented in NSS, which went pretty cleanly. The one thing we ran into was the potential need to ACK in cases where you can't process *any* records (e.g., you receive what's actually EE, but you can't decrypt it). In this case, you want to send an empty ACK. See PR: https://github.com/tlswg/dtls13-spec/pull/14 This will be going into -02 modulo big objections. -Ekr
- [TLS] DTLS 1.3 ACKs Eric Rescorla
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara
- Re: [TLS] DTLS 1.3 ACKs Martin Thomson
- Re: [TLS] DTLS 1.3 ACKs Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 ACKs Ilari Liusvaara