IETF Logo Mail Archive

Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt

Nikos Mavrogiannopoulos <nmav@gnutls.org> Sun, 13 June 2010 08:22 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 460223A68DD for <tls@core3.amsl.com>; Sun, 13 Jun 2010 01:22:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kwdrylt7Rrwo for <tls@core3.amsl.com>; Sun, 13 Jun 2010 01:22:47 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 3DCDF3A688E for <tls@ietf.org>; Sun, 13 Jun 2010 01:22:47 -0700 (PDT)
Received: by wyi11 with SMTP id 11so1883463wyi.31 for <tls@ietf.org>; Sun, 13 Jun 2010 01:22:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=RmD8DndEZlE7J8vO6XapfkRrhr/3ryNkXVjTRr+q9rw=; b=sJ8JyZPCynliGDvkjy4snpeJCQX5tC/2JPOi43e5wCCoCkqPzfprVqIJ/5daiCZIQp R9OviXCjGU0whc+5iVYh4D8wB90+MDtbeoPGDZhfMlm7+uQ2xcBBzGwhY4x5xcVxZW+D b5nc+8u1qFnlSjiqF76K/w3qJVKxH3o66FdH4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=P8S2iKOCvZi4Q60/F8XvMzsUwTT/5tJTV+QIINf1+DWvpO/p/4unoBNkj7oy+7RR4y iINtcUCfSQ/CK0rm+VNVXdAdqIys/i0BOgbu7nb8cSdLs44pn0ZfblQTEe8LuGjSDeA/ obPyqkRHqKI7QsKTaLtE1JlEwwh7XI1iAMy3E=
Received: by 10.227.137.204 with SMTP id x12mr666924wbt.57.1276417367177; Sun, 13 Jun 2010 01:22:47 -0700 (PDT)
Received: from [10.100.2.14] (78-23-67-218.access.telenet.be [78.23.67.218]) by mx.google.com with ESMTPS id t15sm25825023wbc.11.2010.06.13.01.22.46 (version=SSLv3 cipher=RC4-MD5); Sun, 13 Jun 2010 01:22:46 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4C149556.7040008@gnutls.org>
Date: Sun, 13 Jun 2010 10:22:46 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz>
In-Reply-To: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz>
X-Enigmail-Version: 0.95.7
OpenPGP: id=96865171
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2010 08:22:48 -0000

Peter Gutmann wrote:
> Nikos Mavrogiannopoulos <nmav@gnutls.org> writes:
> 
>> I have no exact information about where 2^14 the limit itself is coming from 
>> (it dates all the way back to SSL 3.0), but I can imagine it has something to 
>> do with values 2^15 and up being negative if signed 16-bit integers are used. 
> 
> It may also have been because it's a convenient upper bound for memory 
> buffers, particularly in embedded systems.  There's an awful lot of SSL 
> running in little controller boards for various devices, having to allocate 
> potentially 2 x 64kB buffers (the limit for 16-bit lengths) instead of 2 x 
> 16kB would have been a deal-breaker for some of them.  In addition, as you
> say, on 16-bit systems (some of which are still in use today, again in 
> embedded devices) you run into risky conditions once you get close to 2^15.

This is not really a stopper. Since it is being negotiated it should be
obvious that those clients will accept the default or less. The
intention is to give choice to more capable clients and servers.


regards,
Nikos

v2.23.0 | Report a Bug | By Email