Re: [TLS] TLS 1.3 Record Layer Format

Martin Thomson <martin.thomson@gmail.com> Wed, 08 March 2017 21:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BE6B12961B for <tls@ietfa.amsl.com>; Wed, 8 Mar 2017 13:50:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cHtsQ54AXx0Y for <tls@ietfa.amsl.com>; Wed, 8 Mar 2017 13:50:27 -0800 (PST)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 585671296FF for <tls@ietf.org>; Wed, 8 Mar 2017 13:50:25 -0800 (PST)
Received: by mail-qk0-x230.google.com with SMTP id y76so90056838qkb.0 for <tls@ietf.org>; Wed, 08 Mar 2017 13:50:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=T9qMUe1ar3MdXSeI2R97GOt6z2VK7s7b1dAJ2HzZduI=; b=ENj7p+8XtMuI8+jJDFyvWVO4v5kbSm3FPZru3ssuwzJc2yVPkmBeuWWhwsnM8xCI1Z KU96sqpWhDEmUYx+1r4FRZvTnF15bqrhCpeHULrRX8b/jPkmqGeyG1DbW/HHiBi7NSEv JF+8zJy4YNJ9hPpsleG4Ym634Np3WdlKnG8CY7K4OA+tiBR+IVircPZTqdJwM+SdSi49 AsW2kLpLyKv2UG8nDrPPuxpQxEEpOrrPyal+qg88zxLYNHmGyeuHPXNrB44HIxwkG7gb S4bbBnP1Nksh9lh2ZL7hJH07hnslITcpJkRK1OJxlX1V5PnrRuqDXmt8TxufmZNxIw8t fsqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=T9qMUe1ar3MdXSeI2R97GOt6z2VK7s7b1dAJ2HzZduI=; b=SmQiYYrZc9Mv+S0YnJOOuWTpE386IDKIrjzDuo60gGikfOLpqiQNLl9ELPsrZLOqhM /IwbvB/T4iwa52afzQ+Ju0L/6if7RKCXxFFRtxXv/haWk7c5L8Vzn/Oszh76woDY0cLx iTw4cqukqQcvV1cC8UNtKFus4JDzJuyqyjcHDzjekR4j5VImIb+szsz0P+fmbxrsPhjk g399hh9/svqlEdpbLuG7Wyev3tw6SwteJvvhCZEPgCzUFhMkllr47RjvMsUDgoIlSqx+ 8WgfleObbk7AsF7YeGPG9s+q7FtkshxEwPpa3iLUg/bk6x6Ce1sQf/CBjGVCQRF0gt9y +PJQ==
X-Gm-Message-State: AFeK/H0KYcjpm2coBQ1aaYrggC/WEAA8W8oanHrW5hoyTBXrWcLcOspiaBh3Ge1EgOR2t7I3wHiKH061gd/1rQ==
X-Received: by 10.55.5.146 with SMTP id 140mr9533981qkf.202.1489009824514; Wed, 08 Mar 2017 13:50:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 8 Mar 2017 13:50:23 -0800 (PST)
In-Reply-To: <CABcZeBMUwcvxOXQru4nhpbdSt-B+3qbcC+V7j9+zVk3-iNmfWw@mail.gmail.com>
References: <296debba-b5a5-d063-4e01-59a3f110fe14@gmx.net> <20170306155516.GA24925@LK-Perkele-V2.elisa-laajakaista.fi> <f306a798-2ee6-6927-c1da-5236f0cc8ce8@gmx.net> <920ab06c-f0f1-2d43-52d8-d76d718b3121@akamai.com> <CABcZeBMUwcvxOXQru4nhpbdSt-B+3qbcC+V7j9+zVk3-iNmfWw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 9 Mar 2017 08:50:23 +1100
Message-ID: <CABkgnnU5-4RB3Lj8Kfb6WFQRRV8yoUpXAdgScZ=sSq2bqWnX1A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LAyEsByFpAB3f662AMEkd6nzCYE>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 Record Layer Format
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 21:50:28 -0000

On 9 March 2017 at 08:46, Eric Rescorla <ekr@rtfm.com> wrote:
> FWIW, I think DTLS 1.3 should just do this (and other header shortening
> stuff).
> I don't know of any evidence that there are policy enforcement boxes for
> DTLS

Definitely.  I also think that DTLS 1.3 could stand to lose a few
sequence number and epoch octets at the same time.  We have some
lessons from QUIC that will help there (for instance, we only need to
signal three epoch values, and two octets of sequence number space is
probably too lean).