Re: [TLS] Mail regarding draft-ietf-tls-record-limit
Jim Schaad <ietf@augustcellars.com> Mon, 19 February 2018 17:56 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AF6A124319; Mon, 19 Feb 2018 09:56:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4ypUN8dkVzH; Mon, 19 Feb 2018 09:56:00 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7932D1241F5; Mon, 19 Feb 2018 09:56:00 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 19 Feb 2018 09:54:13 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: ilariliusvaara@welho.com
CC: 'Martin Thomson' <martin.thomson@gmail.com>, tls@ietf.org, draft-ietf-tls-record-limit@ietf.org
References: <008b01d3a94e$1cc174e0$56445ea0$@augustcellars.com> <CABkgnnUMKhnQS59Xt2=WaJp9Ywbzej6_vZ1u9R1dHE02ocir3Q@mail.gmail.com> <00a401d3a99f$28679e90$7936dbb0$@augustcellars.com> <20180219171827.GA28597@LK-Perkele-VII> <00ae01d3a9a6$e3757f70$aa607e50$@augustcellars.com> <20180219175043.GA28923@LK-Perkele-VII>
In-Reply-To: <20180219175043.GA28923@LK-Perkele-VII>
Date: Mon, 19 Feb 2018 09:55:51 -0800
Message-ID: <00b001d3a9aa$e3700460$aa500d20$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQIj8Qn+aH0ker1+WmRwus+Llm0/1QMa1TzpAZp39z4CjXJtMgFPrUKCAXzf5qeiuvjhcA==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bn1j4mwYnQyfTdhjz2DxwCyBd4o>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 17:56:02 -0000
> -----Original Message----- > From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] > Sent: Monday, February 19, 2018 9:51 AM > To: Jim Schaad <ietf@augustcellars.com> > Cc: 'Martin Thomson' <martin.thomson@gmail.com>; tls@ietf.org; draft-ietf- > tls-record-limit@ietf.org > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit > > On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote: > > > > > > > -----Original Message----- > > > From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] > > > Sent: Monday, February 19, 2018 9:18 AM > > > To: Jim Schaad <ietf@augustcellars.com> > > > Cc: 'Martin Thomson' <martin.thomson@gmail.com>; tls@ietf.org; > > > draft-ietf- tls-record-limit@ietf.org > > > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit > > > > > > On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote: > > > > Martin, > > > > > > > > I think that the wording I would prefer would be along the lines > > > > of > > > > > > > > A server MUST NOT error on the value of the extension when a > > > > higher TLS version is requested. The server MUST use the minimum > > > > of the requested value and the maximum value for the TLS version > negotiated. > > > > A server MAY error if a the value of the extension is exceeded for > > > > the version of TLS requested. > > > > > > You need to consider the case where there is some unknown-to-server > > > extension that happens to alter the limit. > > > > I am not sure how, as a that server, I could possibly do that. I > > can't act on something I don't understand. > > Because the server can not know the semantics of unknown extensions, it has > to assume any such can alter the maximum limit. Of course, when it comes to > that, the server could just not error on too large limits regardless of other > extensions. But if the server does not understand the new extension, then it would not be returned to the client so that the client would understand how the server decided on what the maximum value that it is going to use for the client is. The client can then abort the connection if it does not like the new limit. However, I think that this would only affect the MAY in the proposed text. Jim > > > -Ilari
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Martin Thomson
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara