Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dtls-connection-id-07

Achim Kraus <> Tue, 13 October 2020 04:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 970333A0E05; Mon, 12 Oct 2020 21:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.313
X-Spam-Status: No, score=-2.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VoDCYeoIS5N4; Mon, 12 Oct 2020 21:51:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3FA0A3A0DFF; Mon, 12 Oct 2020 21:51:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=badeba3b8450; t=1602564654; bh=00T/IBcLEF8rDWD/gqKnW3STfwlbZh+6/ZnxhFAvrRo=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=J2+wPiy7wKfCtiVUjQkdmtnxEcihSCpKwQ0wdQ0DMyJ6FvQ12RMoAIoaexpkVfQBY Qq2Q4xv2vCW08CyuOSTrLgf1zpd4EOAzpRrBbFCWb4YF/B2v9jBtubCom4ZLT6xcu7 eB0KDvwFovSg0cffpBWx5I9kozcR9rsytGm/nOIM=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [] ([]) by (mrgmx005 []) with ESMTPSA (Nemesis) id 1M2wL0-1kTJGT3uDU-003JqM; Tue, 13 Oct 2020 06:50:54 +0200
To: Benjamin Kaduk <>
Cc:, "" <>
References: <> <> <> <> <> <> <>
From: Achim Kraus <>
Message-ID: <>
Date: Tue, 13 Oct 2020 06:50:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: de-AT-frami
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:H2UKOh5b/CYdTH2ACkDxt1SZlA4lQi7XYKfkveBD/0n1wJV/n32 X7QXO/TtFFTY7Lhb86i6Y5Bq61aTUnXTqveF+sCCEZKssFZyytMBAsMlqqzMjfTYbxuk43k Tr7o+w3W8cOenmsRRimvP14IS9ixwBlF+aHa8Dt8XLG+SVu8sLlATXEWJxZk3+9YXITnsXX mepw/kKNETetFw1awXCpg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:lectw8KQvkI=:70P/RUw1WR6olkgKqVYCxh LIdoIC6ZAdrN/z26YUL3Vwjgof5myt9TCiQkt37jjOFW4OSAo//hambPKCHw554mk9ewS9MjI D9Z6JD/MYIDjh3eSHJPDAmBlqza16UlfjbQiCcFizLStX8r/sxkn5vrKw5Ieyz2Fxj9vJOs+Y K6Qf/l9bemYWkPgyS8bDIKtc88RM3Z3ch23d5ztB5MevBfUlNCG9qzuN6Hsqbz3ru9VjMG3NA +6gBXh000DIoxg2ZEJNJfZ8OkKlgS3Qo/iT4MxS7v8AsNc9oPqJe9VUybhiDdV1o+rx0RsSOK j1rDgzwsXmfFkrVHgg97ReKFUrvpNE1iRSzL8wD06mGQOsea32K9pW4XnKs20ZaVXpipMQj8V GJmif7A2HTOOhGD8YBOkSBcudRLCgXSFcAR2kEtwnZPJsRotChGoRcjlOBLyIeUKv+bmEOlmE gHarvAnSuxAk+dAw3ppU6275bcodAJsFBmXLUVPIZJLOoWVsLlAWF9//ZykIrr6/hXm4+lZfF wcVL3h/sf0iFOvtR5IjRSSQkpWvhVYiBOFVudK+5KBLBvAjHFP5FdsmG7bVd2qLOvzWvBriiZ oyU8PPeLLTUAUFRWuqxMIAJdmYS9WFlyEZ14VvO6leA+/UyT0YtIemYlZ8WqtFvTZ+21wzVbl HDyCt8D6SJsP6v64zYJkgkvdVqv1dHuCbrPaUM2KzxVFfz9+uNzUxXqAOPHv0MyW7a764fBqk 2GIeRmWtNVYelKEJTM1HYz7d+maEbQzz7/BeOj8SzMFKqs4ta0zyh1dXzxqDRF2I77loy3EOe /j1wjkN8LzluxcscVfzjJwLvs5LJs0c2V4bWitYUpNha3hOadovfGqECgJoegNL9P/Evv+HF2 Pi8xFUjx4yjs5sDbuk9LVkPoP9DRLiPgr1TRjSpiANW+kqYqvVBd7DBpQvZClJq4jcHlXQAEd jKxg5s99mmB3ijr3NTbgW/rPzm1mperKuEvDFJ76XB30PVVyqQQVoZadkWbBWoZxohU39i84T /MQyAiKY215Z/5y4kbp55ejGpNxfH3efBUCtXDa9N4/acJLV5n3EgYSjS4Dt5hqjVedDpBKsl Njg9gT8c+AACsXPxC6Oo5r9RMhii20shRo4Z3qEQ3YDAZo1ipPFZSyD60Tm23L2rQa0zd/O33 hOAHanUBXpXhKe93MWdphvkBDCG+h+StIwl2javhGdJNUnhoVYVMuqavo1BQ8ojQn/4A6t28g V+vESEDUABp4PBDKJcHZPk6Znn1CkjRhhip90mg==
Archived-At: <>
Subject: Re: [TLS] Fwd: Re: AD review of draft-ietf-tls-dtls-connection-id-07
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Oct 2020 04:51:08 -0000

Hi Ben,

> Sure, there's pretty standard common-knowledge guidance, though I'm not
> sure it's documented anyplace particularly discoverable:
> - include in the MAC as much application/protocol context and protocol
>    fields as you can without breaking operation of the procotol
> - ensure that the mapping from (set of protocol fields and values derived
>    from application context) to (bytes given as input to the MAC function) is
>    an injective mapping
> In some (many?) cases, there is not any additional contextual information
> available, and the protocol header itself has a deterministic/fixed-length
> encoding, so both points can be achieved by just using the protocol
> header/payload as it appears on the wire as MAC input.  For better or for
> worse, the current construction in the -07 diverges significantly from the
> actual protocol header, so we have to do a bit of thinking to ensure that
> we are compliant to the guidelines (that I just described, so I assume you
> did not previously think about them in that formulation).

Hope, I'm not again catched by my bad english :-):

If the forumlation refers to draft-ietf-tls-dtls-connection-id-07 (and
not my e-mails), I can't say, what was thought or not by the authors. My
role in that discussion quite a year ago, was just to ask, which of the
many variants should then be chosen in order not to change it every year.

That's also the main thing, which drives me to this endless discussion.
If it changes again, try to change it that last time.

best regards
Achim Kraus