Re: [TLS] Martin Vigoureux's No Objection on draft-ietf-tls-record-limit-02: (with COMMENT)

Martin Vigoureux <martin.vigoureux@nokia.com> Thu, 05 April 2018 13:35 UTC

Return-Path: <martin.vigoureux@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 789661275FD; Thu, 5 Apr 2018 06:35:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DzorXqymLceU; Thu, 5 Apr 2018 06:35:49 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0096.outbound.protection.outlook.com [104.47.2.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B25012D887; Thu, 5 Apr 2018 06:35:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bjsudhQeJNnsIFoaKYMXfHWkIe/eyo8B5Sm5XSIUS9k=; b=OaN/wdaXy9H/TOw+9yIcMcOgyPS8NZ83l70gC9A8g5g1kpt4OouvZiw3XE0BD+QODlkv/Y+zhL6DoogOEAgvCo0i5ZmCIS+ph1bsmZk5Ww9mmtcOac/1Ha0i8KDSAYQ6OASmbRqEVSt5a4553tkjA/6zT/yeugBiIahHDNOQgJ0=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=martin.vigoureux@nokia.com;
Received: from [135.244.230.53] (135.245.212.53) by HE1PR0701MB2139.eurprd07.prod.outlook.com (2603:10a6:3:2b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.675.4; Thu, 5 Apr 2018 13:35:45 +0000
To: Martin Thomson <martin.thomson@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-record-limit@ietf.org, Sean Turner <sean@sn3rd.com>, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
References: <152292067172.25904.6713770378882293720.idtracker@ietfa.amsl.com> <CABkgnnWMwOvTM5dARv=zS5sEZw479N_LuL4=gfG2n8bLNOZQwA@mail.gmail.com>
From: Martin Vigoureux <martin.vigoureux@nokia.com>
Message-ID: <237e9364-6b9a-28eb-da0d-5e032cae86eb@nokia.com>
Date: Thu, 05 Apr 2018 15:35:41 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnWMwOvTM5dARv=zS5sEZw479N_LuL4=gfG2n8bLNOZQwA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Originating-IP: [135.245.212.53]
X-ClientProxiedBy: VI1PR0501CA0003.eurprd05.prod.outlook.com (2603:10a6:800:92::13) To HE1PR0701MB2139.eurprd07.prod.outlook.com (2603:10a6:3:2b::12)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 852e844b-2083-4333-b8ca-08d59afa231d
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:HE1PR0701MB2139;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB2139; 3:cX/QTmXnzwBOMwD+cV1DYdRTGk7DwcJKUoXhuziHgWr7dZX3yXZ01nRKC+8eeBg0/EUssUaNQ+kgX8VoXJOyrYdUQSCr7f/hHffAHKJMEEe2iuYc/x0NVxgGkITpDXDHU+WrGy37hYx0N86Bqg5j+BJ8fhGSTtp3i+5GIxlMS/tkWhRGS5x0asQHFpufG+nTnKakW8kYD6ydMDwJDfEXM14I3bGEdvdvX47dmN/rlts/oCiZxTpZrkBugpHDQj6Q; 25:dFRF2XXJzYAei+BX8MzAM8W2iukMAivCxzIWQ23PjpP8F1PgKpYs4/uronPcmw24bQPjq8c2EJbh98tlZOgl/NsSplIkeuuwzoTCnUvKr0CoXDz5vlJgvqcYa2zoHZbgOFkITTVaOjqt985S9Hj4QvrSgN3ZTygNRCtfHqeDNzQJV+H5AFbsObVqTH55nQFNeMT4wl8eHAQPBClMObMILGER/1zvFxcG8DJ1GsHF5TW+XV+F0LJxctqa+KrD5JYX8wePSYRVYA1yWBadWAHYwypY089UE6QrfdFmiwWNiaG2Rj5enz8wjCOmeAm5XBi4KUvVWNFEJovsBv3djOXOgg==; 31:nTrnyDsQyzjDyV9aDk8aZw/sBefTMNmS7OmDoJSTp67HMu5fyxWdOTv8wxKJmZs6f2+CWnYk/w0M9mAtq8ZIMlHDZAlIDkrmV6bJRopW5uZxP69E6BF8HnY5OU1z4Wdc3xte4Ccrg2FzVUbZqLdpZVrF/TBw8B5kaCUvmBhVmCNvZheL0kuFpzb5mGS0xHdM4+ns65vWY1Vky9NXVQNxB9UPZKuqrdbWAcrFi+Dh32I=
X-MS-TrafficTypeDiagnostic: HE1PR0701MB2139:
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB2139; 20:FPybOz5Puy5xMIFZ+jqYqZxtzWwUjwmLE0tblGJMA2m0p2R+dA/HPlrWDKsMSek/SybliqJRC2G8prGgf6lYnzrbxxRlt3pYWQmZVHxVu+ewLlsYRlJuPnsEP7NBu4fbvc0EysGhiRCJAbZM4qD21JJUrWjKA60EUBGqxDDlJCMd0/Pp6kS0GSjZCV6htyLTaElcolKpl43O95D2FjEysqNuuaw4YG7KG73CgGbGIMz57T/DmvAsWFLaVz10wnlqd2YjLEkZC9zRMRqMgwV7bQAwSp0UBJ11e6ycsOwKgFLxC8nEEAp8KqVh1oVjRkrjVOFwFKX/M/9/MJqBkrQoSCNKMksssMRstoJnyUyo0wFkYWIJbuiVx0XGSKNXyZ8Ztabd9xnFQKJOuYI0gObVT0l0TpHxAb3Cl6wCybBd7XfIZvchPA4E62HRMIk33s8trLuv3lcvdeopV1Dh0Yi2WKep4Xkxcyzhj2NANc+hNlkJ2x09tOZ9h2mcTnOZxbKy; 4:YCF3rdeefk1HkG/g9zXNgNnsWwEURXOcGYHpfTPrEohbEGqiEltHdFBPW/fmsZG7nEl+tfqMeKUaZ10vFbn2Nkd0j4tfLUdoxSOwlWoeBazm+jd100yD6ASMoHCTg0c3+1T91W0/KMsXt3c6cKn+UV0IoZpEyyTenWukLFcLqPy4KV3crSHjmjEY3OJgBaL2tzUGzAnu5r1jaIFvnti5gIx4kGiT3llViznY7V0dj9iHXqrNagqrGn6QKERleb0qz76P+rus9f4IgDsFjdJIQvyGTxCdw5y7qp/WTKxacx7+6AaoYOpSXOK6RInJllMmXAdTtiwYpJVPUdQmG9latOK8K0cBFRjh2Kc9+o36rdQ=
X-Microsoft-Antispam-PRVS: <HE1PR0701MB2139334C906B757682B9AC748CBB0@HE1PR0701MB2139.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(82608151540597);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231221)(11241501184)(806099)(944501327)(52105095)(10201501046)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:HE1PR0701MB2139; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0701MB2139;
X-Forefront-PRVS: 06339BAE63
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(376002)(39380400002)(366004)(346002)(396003)(39860400002)(51914003)(189003)(199004)(377424004)(26005)(31696002)(6486002)(68736007)(305945005)(97736004)(50466002)(53546011)(386003)(36756003)(59450400001)(5660300001)(76176011)(64126003)(58126008)(65806001)(11346002)(8676002)(66066001)(316002)(86362001)(446003)(16576012)(81156014)(81166006)(31686004)(7736002)(65956001)(106356001)(16526019)(956004)(8936002)(229853002)(6916009)(49976009)(39060400002)(2616005)(186003)(67846002)(25786009)(3260700006)(65826007)(53936002)(4326008)(52146003)(2486003)(6666003)(47776003)(52116002)(54906003)(476003)(3846002)(486006)(6116002)(2906002)(6246003)(2870700001)(105586002)(23676004)(478600001)(78286006); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0701MB2139; H:[135.244.230.53]; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB2139;23:OGjGA8jbmVXzI02IRoAG9YHbSlN7R2ec1tCpf/PCq67YbP0sQRV7Ji6jVfXjCpwwpClvqgvrJ1AtEEiU9h/w5MHoNlA2/xTh76R3wFyj12talXBPSSfT+yiQQ51QhUA8S2FTKM3CrhT5KMFKYRQNTh+5SE++3uxXjSVIt8FwMBUrbieHWO0mSzTlpR/NxkdWN0a3sYPGOuUxO3M48rLJStTnV1QeFURZ1MAqclW4KD2KwGVPY3ayFFpx61Q06ouQUM/6xXMUROJCGpRCuLLT8yu4y2Jih3yV04hfgzQeMz/FjlYgugAlC07YXusc+eVKT80z7SvemEQIcQcJfO8ps6a9buH+jKvMOcEweqYrzrjxA4wDp1Bwwko7eynmqRneqpntqJCVRrWttPY/XDY92iJ78n6i9IrmIdMp+7FfSoSfxO1n2/TLsJGExlcqmvxXxdRpVGGATcJzWVZcGT7812pUYrBNk+KrZr+wkHvONp7g4tgVqLM8smh6R+U4Ihkn4mNiAaClVLdLBT0KFaKW2uGj/QGb6EIIsnWSbiD7q2iW5TuXziIVSzAYy/1HEIfynde+7y2AM93Jli72P6R8FcfSWj7YRSQla+LQkH+79y0JavJj04nZ8AdwXjeNPOJ8NWgTO9/2Lki6GTeyxCMrQTkNHpjEdier/3gSwWv/NhM/UIVBWap562AH0ttpN7C+aTIatRv69UrvcVWMe+5t1v02PBEyVcS0yAmytFBjg0ob19NQU/cll2ZaJhiAdbxkTsppcuKBtbc8M1JmY92ypMu3XQ7Cy5LGAJRwt8Ts2Vl537rsAGj2vs9Cu26PUBh+O3HsBcO5BbRmIbz72fAbRxAfmmPDJ4f+qmeC95wbI1xbpoLQaVPZ38qCGLl71DIcrAzgnoqfMzfQFHN66R0j5POE/bJc1lweJQNgLw33W2puk4Hd+Vd6c7/Zf4AbuZQl5spQBoNCeHcUvIxB4fK6xQu3Az52n8PM5MjNfk5QxIv09DBYr76WYKc4yTv/3Py0FDTls94ZTyhZ6FMfyhrwvjIQm48gr0B/wPtIpkRnyXaYfM8iL6phfKwQPE5ga1HRYukX+UTtZ3sIGcfN+nQbyk2WRevEeiJzPpQUrTVHbVSYWhexl8dzcJSWQ+I0YvcC9bd7lWMJ3KFfteXNZNSU8Kz7pmOlJ+QmPzQJG8MAM68dS+/KzyqSEtwim4Cciu3zNsH/h0+7cA3/27NL/pwmZhBjmqK+Fmu5iYQvhyHneNXp/aUSOEY0p6aMe1txGB18Hcc1E1yVEonjUnyep3FcXur2knCH9XYF7tB9WLpe0h69PA67ELye4qFgGU8jWxZq/rONdq6zYEW359YQ3ItQ07bRsBuEXkkXlfoMfGLLdLn2jgQCtzjBurd6aTfGGYw2SF8O3dYEDNgzduvaCRpUSTLFJ1s3AS2/zAVl3pyZxMtR4HxQmOl/rlOPjxjUyRwGIN5vttZhYmW6NylitJLrC4nUOqMFNqRYgYmC3d2ohkZbCPnCzvF5LnLIQfCRTeB1sPVbL9bICBRSpCENloI1tld5Rg7g5kHMSwi0IYS95pGs/93gFnM1EoB4Afgr4f+STAnpExoKC7vgWF7e2ffxIw==
X-Microsoft-Antispam-Message-Info: Hdq8c4lTG3ICLKEJOVBX2TxAz8u5Tzk1+tMzk4H1UrVTPmDxZrKRIItfe5Im42TUJpHUe+VFe67wThMvzYF3EJg6eKpuxzKacdMJaFFdJI0CySLsiqUNBOnLp2SzF4lr3Cxh3Rvu18Skai6j2V1EAnqFMeyIO/GemdKVk15D5iWsRP7A9Oy7A7yP2IvO5nclcVunCKAVFgSR7XDQ86XP+qJBgBh8dfpcR+VzqxyNyjqTH2bU41Ulb7bbsyCUUGe0
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB2139; 6:3HnmpGeIw8Jsuk6pYguSAqed/naFwbVaAqSMbj/K1BJnk2Tp2qzTBJt71GF1SOz3HfrKC2pIcCOgELh43Z2uJO1USR2stHsAsRMbDybyQ5wcw0uPpPn+zntyxlVktW3KTPLNz7VrDRlbyvHAYmE1FWINLg0VlQVKCKEtAgvzbwSDzC5d/0Wl5JRi7fuuFp3iQBID+LqaDyai7eq24Dvnxb8JPruYEVjH9kFKgmZ/YVFCUyBQbJUJshWANEWdWFnN7twQNvvJPFpB4PyfffeVEdHx0qMywGSeC82niiD3q37KiXxgO0P44VFE/YjHMqEJED8M1/ylHTWVI5hafkkRTPzSyIP1rWNFlWumHzf8UEzceV4iU2ryhKj6VgTjfZJkkthEVE+8Ne0Mtio1uZJwEA9r48VBUBkp/CU16bburXOj0f/6kfmlYlyN4B0kTmXgfD/pP6yfdzUOoxo0Yz5Q2g==; 5:2gc625mSM82e0k87w3bdN3Go058Br6WXB8D1GsG17aSpMKqOUFHqhLr8rfR+oQTIGY/5dZQtr4T7OmJfxceREKkifu1J1AjWAkAhLMY+nZU96p2//AENDBueWk+t9ew4qjTz4M1LGWkDV0h4dKQ8Ke/i3skhPlxduYg3cq/EL4o=; 24:8iyCGkajKxDTB8+UJVyb5z/8pVU3xnjPsEj8ZWwOYrZ/x237v8sDzTP3HMEDp7f/4AMlGrhTFWUI8ivKrJggIUiPY5DqdRgWRmmv1DD/FSk=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB2139; 7:Wn880Tz+3KYvrKakTtxwm91CHpEjYST9HuZnW7mc2sSUIFtKqZR256+JJUVqKvN3J/OGrcrVmejFU3cJR4jlibQnbn8rLak0nM4ekNj6B4aQd8qP3JVWhIladyx99adrVrXpfU5Z7hnPORtrEXJUzX8hv3htyHbqoN/5eatjT6kdPjrClW0HGxG5p3oZNO2dEIpmCYVYe8K/7GgKHJUzhGUA5/HXb+0lzUE4aJusJN1rEg/VBYsuZ89aVcN6rGYG
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2018 13:35:45.8149 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 852e844b-2083-4333-b8ca-08d59afa231d
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2139
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GUtR98Ura8QR3FA8osqRGqU8XjU>
Subject: Re: [TLS] Martin Vigoureux's No Objection on draft-ietf-tls-record-limit-02: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 13:35:51 -0000

Martin,

thanks for the quick reply. That clarifies.
I asked because the paragraph above that sentence somehow already 
implies that clients may continue advertise the "max_fragment_length" 
(at least that's ow I understand it), so I felt that this sentence must 
mean something different.

-m

Le 2018-04-05 à 12:28, Martin Thomson a écrit :
> On Thu, Apr 5, 2018 at 7:31 PM, Martin Vigoureux
> <martin.vigoureux@nokia.com> wrote:
>> Hello, I'm not a TLS expert so please disregard if this is irrelevant.
>> Document says:
>>     Clients that depend on having a small record size MAY continue to
>>     advertise the "max_fragment_length".
>>
>> Do you mean:
>>     Clients that depend on having a small record size MAY continue to
>>     advertise the "max_fragment_length" *only*.
> 
> It's "also".  The idea being that if you aren't sure if the server
> supports the new thing, you might offer the old thing in addition to
> the new thing in the hopes that if the new thing isn't supported, the
> old thing might be.
> 
>> If so, what would be the behaviour of a server that supports both
>> "max_fragment_length" and "record_size_limit" in that situation?
> 
> If you don't include record_size_limit, you can't use it.  If the
> client includes both, then the text from the preceding paragraph
> applies: "A server that supports the record_size_limit extension MUST
> ignore a max_fragment_length that appears in a ClientHello if both
> extensions appear."
>