Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dtls-connection-id-07

Achim Kraus <achimkraus@gmx.net> Sun, 11 October 2020 18:12 UTC

To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <0da9b525-ec78-bef5-6ceb-5f377019ade4@gmx.net> <4ca7c2f9-1e9d-0d16-0089-649f013b4565@gmx.net> <20201008233454.GF89563@kduck.mit.edu> <6185242d-8ba8-2d2f-5938-afad46c2e854@gmx.net> <20201009212240.GK89563@kduck.mit.edu> <fe7eab66-a14a-5f18-46be-7bae471c3b20@gmx.net> <CAOgPGoBWRyqQUNk3JQx2_Cna-7s-A7gENVwW-sh8+tRoJ_=V_Q@mail.gmail.com> <13a821d3-30cc-94b8-842c-22a87d280f09@gmx.net> <20201011075100.GA2518649@LK-Perkele-VII>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <1d223b9f-394e-d367-847e-5fe3593c97d2@gmx.net>
Date: Sun, 11 Oct 2020 20:12:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20201011075100.GA2518649@LK-Perkele-VII>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GTaQpu0jF9EgeVe290fdqZUE538>
Subject: Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dtls-connection-id-07
Precedence: list

Hi Ilari,

> The problem is the follows:
>
> Take the following input to the MAC (MtE case):
>
> <seqnum> 19 FE FD 63 01 00 05 04 00 02 FF 17
>
> There is no way to tell from that input if it is:
>
> - Application record on CID 63 containing 04 00 02 FF, or
> - Application record on CID 63 01 00 05 containing FF.
>

Maybe you check your example?

Does the 1. assume cid-length := 1?
And the 2. cid-length := 4?


The dtls-record will then contain:

(remove cid-length 01, cid-length is NOT encoded in the dtls-record!)

19 FE FD <seqnum> 63 00 05 04 00 02 FF 17

or

(remove cid-length 04)

19 FE FD <seqnum> 63 01 00 05 00 02 FF 17

For me this seems to be different input to the MAC, if the cid-length is
left out. My feeling is, your example proves my opinion, that it's
better to remove the cid-length from the MAC.

best regards
Achim Kraus

[TLS] AD review of draft-ietf-tls-dtls-connection… Benjamin Kaduk
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Achim Kraus
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Benjamin Kaduk
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Achim Kraus
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Achim Kraus
[TLS] Fwd: Re: AD review of draft-ietf-tls-dtls-c… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] AD review of draft-ietf-tls-dtls-connec… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Michael D'Errico
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Joseph Salowey
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Watson Ladd
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Ilari Liusvaara
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… antoine
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… antoine
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Michael D'Errico
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Eric Rescorla
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Eric Rescorla
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Eric Rescorla
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Peter Gutmann
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Achim Kraus
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Benjamin Kaduk
Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dt… Eric Rescorla