Re: [TLS] Omitting length in DTLS

Eric Rescorla <ekr@rtfm.com> Sat, 09 November 2019 21:55 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DED59120090 for <tls@ietfa.amsl.com>; Sat, 9 Nov 2019 13:55:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84cez6JZd577 for <tls@ietfa.amsl.com>; Sat, 9 Nov 2019 13:55:56 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BB34120088 for <tls@ietf.org>; Sat, 9 Nov 2019 13:55:56 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id m9so9815536ljh.8 for <tls@ietf.org>; Sat, 09 Nov 2019 13:55:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uNq9H2eD7SzORT0+iG2874bRZYzWHNC9g1n5QC6p91c=; b=R09qqKq7Y2orMxBqIDwzFYv47+0LZhfgd86okAxMPVQa12fA2eHoH9hjw+WmfcpNan R07LqTiCtNQ/SfOqDs7XRy7U51rTbVQeQMY3gWr455XwNJflP89346TXjrvRi9Jxqz8k w03VkEUx7p8ExegoGZNZpYfLEft351qGSUqgcztg9bEFmqzuB5KoZxD1Y03XNA7RN88u BJl7VcFGtbUOF7K7kC7WsDW8IJuKm90whunBFwPpUBjMTBkxX/bebnlcaRNvG0GHxUc3 GP/Hdy8wFPel6rWSfH7yPJRWgjvb0psIPiVQnj+fKQ4wr4+gKMkcwVBRkgGrMYHQCxxw FgIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uNq9H2eD7SzORT0+iG2874bRZYzWHNC9g1n5QC6p91c=; b=RY1g+bFcMQcxw62EudrTEkyY1o/jvAf4VQ4wHGT0QH9TPeMjfTiC6tVL65aNs2jHLv FyckoQZXSEH3i23zQ30tjpMlvhuH+khkXPuPxDM5tnVbnWv9245EQBP54zbDycR+4+YQ oQop6sfY3AVJYpe+BuSdYNKCnaENEpEV5fCVGWjzfsdXRtbXObJ+48PUvcw4ffzSZqTy 98ubHrny4FdAFA3G1hj/Gv1nEwMRdzqYS9PItTjR3Q7evOYUXOINvo8O18jz4Qm69ZBR cOnv5yrTn7kdia8/PHB44C3N75TDx6AjQzhT0YWDHAYYp6PdVZhR/5wvZmkK3othSHwP dxZQ==
X-Gm-Message-State: APjAAAVhRGI6XGqt7DmZQAnXxS3imz6JTZORWFcuE6iXcqMesx16H5rj VydnxvcRYK0xK66ozuR1PTOQmjHJ3/VAqzRosT3CYA==
X-Google-Smtp-Source: APXvYqz/VbJoZxNJ4EQTxY5MjjnQSXZZ98tkByFavKGIn8jiSJebfU8bL2qzGNqIGB+F0M4YwmbWJ0FDgV6+fXUDUgk=
X-Received: by 2002:a2e:7013:: with SMTP id l19mr3533899ljc.201.1573336554599; Sat, 09 Nov 2019 13:55:54 -0800 (PST)
MIME-Version: 1.0
References: <1d6cd21a-73a4-44af-9eac-cc0b50682b24@www.fastmail.com> <20191107062812.GA815049@LK-Perkele-VII>
In-Reply-To: <20191107062812.GA815049@LK-Perkele-VII>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 9 Nov 2019 13:55:17 -0800
Message-ID: <CABcZeBNEoR6JpGwdpyH9wwMbTOUx5ewy8JysfVLvqW5hGQbR1g@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Martin Thomson <mt@lowentropy.net>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007305560596f0f69c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/C2fhqDZ_Pcw5qOBYGeEi4qLCTP4>
Subject: Re: [TLS] Omitting length in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 21:55:59 -0000

I have filed a PR to fix this.

On Wed, Nov 6, 2019 at 10:28 PM Ilari Liusvaara <ilariliusvaara@welho.com>;
wrote:

> On Thu, Nov 07, 2019 at 11:18:28AM +1100, Martin Thomson wrote:
> > > Omitting the length field MUST only be used for data which is
> > > protected with one of the application_traffic_secret values, and
> > > not for messages protected with either
> [sender]_handshake_traffic_sercret
> > > or [sender]_early_traffic_secret values.  When using an
> > > [sender]_application_traffic_secret for message protection,
> > > Implementations MAY include the length field at their discretion.
> >
> > This seems like an unnecessarily strong requirement that I couldn't
> > find any discussion about.  I do seem to remember some discussion,
> > but I couldn't find it.
>
> I actually tried finding rationale for that, and concluded that it was
> likely a mistake.
>
> Originally the requirement was not to use short headers with initial
> handshake packets. That was sensible back then.
>
> However, when unified headers were introduced, that requirement was
> changed to prohibition of omitting length, which does not make much
> sense to me. And I could not find any arguments for it.
>
>
>
> -Ilari
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>