IETF Logo Mail Archive

Re: [TLS] [rfc9147] Clarification on DTLS 1.3 CID Retirement and Usage

"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Tue, 16 April 2024 13:54 UTC

Return-Path: <hannes.tschofenig@siemens.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B143AC14F680 for <tls@ietfa.amsl.com>; Tue, 16 Apr 2024 06:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a1e3W8U-pScU for <tls@ietfa.amsl.com>; Tue, 16 Apr 2024 06:54:28 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2056.outbound.protection.outlook.com [40.107.6.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF5E8C14F5FC for <tls@ietf.org>; Tue, 16 Apr 2024 06:54:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ms6PXdJOBa4BQlijaSlzOzARPWtTIcjheiW14+ZwGwNdNOWwfaIWj8xuKHF2FL33KZeWxI6SC9D/zrSfSJ8gS9f8i0K+A0uqll3ntwuMZ/lZtk0RT08p7xnuovFZ9J0rMT3sJB4E9ojJbqvlX8XUMUab4kk2EtoN2bqjNTfm7Nby3q/5+KyG6swjVxlBOKfrRKeOv5WY3XsNSuMQKJyiqTKlWkNakvfK8VexJDDArqju7P/7WExKLM+IFUu6BXkoj+dVqtH2KRnFWn6LWDL11+Q47l0YdBKiMQ5KIYcs5DYtlTCjmsADKif4JfkrLjNDocQnr/GjHYLoPie5Ttpjbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PtbGaB4UTb1wHDwuDF2WBw0Mbef8QswUOf5FNF4j0xk=; b=PSzq1bDdc88WmCxiG5dtB8MaUwixjhvglD0IZQttH1c21eyfif0nE5gxEEomX8y6HAOoKxGbJHUXMhKf7etSwuHqxok4ifijbxsOkFhmiUYp6hdBiToRuO8nHHTHCjkD3xnDrJ2OO/7GES8Rbmm9AuPmy1RaOsVtqEvvky78kh7TjUxv4w0T3EHz2FdbMnjA47+n953WJmwE+X+PlwgdCb6MxkAW4Zp8AnK6hhCAiChNTuXKxrEPYnKN0EEgg+AC7S90ln2IzLFuBkHGXhk9Vovzwj4tQPCi0SZ6vwANa76ct50P9oeXLUxXrVomyxDqgFwMM5FJd+8x+8DHXPD0ZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PtbGaB4UTb1wHDwuDF2WBw0Mbef8QswUOf5FNF4j0xk=; b=CXispOVwaXR3vidbFNSc6W49onMP0UKrs1mGoh2ZWfGmn+cxQJAGmdOd0eRaTtpHNtpmTLjE7J+vorTultqWCIKbu/GJtqwxMGMt4dZLPscS9on97wql6Bnk7NdsojFeExk71f0GOkoM5zHK43vg44u3leufnjKEkK9g0j6B0HzmY1k4o+Qi1kox+CUFkBti4CvYK/qzJ/8rk8iiNy79D4sLahtuHg1auLEVHrVE2FuNPv9sKZAJUhJRYY7LfOHS9/CAnetW+C4v4NKtR6bW2ul4tQRktEr6/550T3RJw5YbnATEvGOQUZ02b7kTest0OSPa899LOSZZ5BGooqMS4Q==
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5ab::22) by DB9PR10MB5690.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:30e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Tue, 16 Apr 2024 13:54:21 +0000
Received: from AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::9172:20d1:3f36:a3d]) by AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM ([fe80::9172:20d1:3f36:a3d%3]) with mapi id 15.20.7452.049; Tue, 16 Apr 2024 13:54:20 +0000
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: Kristijan Sedlak <xpepermint@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] [rfc9147] Clarification on DTLS 1.3 CID Retirement and Usage
Thread-Index: AQHaK1a7SOPZVXuP3E6RaNgR8b93VLFrsnNw
Date: Tue, 16 Apr 2024 13:54:20 +0000
Message-ID: <AS8PR10MB74278FEA0A60E2EC6AB579F9EE082@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM>
References: <CA+0B9y6VUV_D+XmPwfr2aQiSstHmnLZhV0AsSNLRg_j=LOX_jQ@mail.gmail.com>
In-Reply-To: <CA+0B9y6VUV_D+XmPwfr2aQiSstHmnLZhV0AsSNLRg_j=LOX_jQ@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=1a24f5f9-fc45-4c0c-82ac-0ff060740a63; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-04-16T13:47:04Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS8PR10MB7427:EE_|DB9PR10MB5690:EE_
x-ms-office365-filtering-correlation-id: 57890df5-d167-4f8d-4e10-08dc5e1cb75a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WfN3qDyf8pCv32Fx5PMA0EqOGN+AJ0W2j1WY9nc/DcOWID2BnflRKQZuOLLH/1OOj6VKqDU+K055VbNCD8dt+X6Ot2jQDE5tJF/zM7YhSAwVATFC9dVCCw4ujmRi3TD6larAUOBtE9NTeFJ1t8LrfhrLOJkxWq5Z+Bc8EcptRsnsGrcWSdQC/YsOVAyCi2cwZ7sSZotRo5Ub3kXDkLRM45fD4Nzr2P1aa7LIpE7ExgyP4rBhC/jsVRnD96q1zc1nI6jh9Uf3v/3Z/HwbzCT+n6buGU0TBX+bmiMs6yPQEKy7YPtbFHB7ZcAdgZiQXn0OmaWCjfIFutUvfQ+uOszEzF9E2/gs5sfnZx9yxQjTG1UDn/KgYfAo/jR5FTLiisufPcHkqFQa5g/FDfLUZTGOSoGz/zUdyjwUrjn+tA+bCJd1au2s+mqhgDqkjJ36R9V8UnejbY/yYySiwSvLPwiHq8HrOsp91i7ZFrROePJGRKajgUl1e6T9zXPOtGLxxj7AaHSX5Mcc8i0r/fPzg9YygTpqhOgCoImoWLiQg2GZmEM3Y2Skaq205cK/6LeStk5UMWumLuyukkTgBKYTzxmcu8ve6l7uB6BQF6n71bk3DYRXX+j0hQNF2zKdcXzxPDZw+ufQiKUqJRuNU13aSRYFHRgT+1GELU0j5JAb//dhu8tg1qMrjKuIr9TDL+OKIMNALL6CpxX5Cmbn62bkEmxYY7R+QRGckx9JlbMz0Y05vZE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: l3c/+U3DstGgaagFngjnowG10m9pX0VDnboXWmo4rkJrkt1KnDY9hJWZujw3VH/SXdfqWYtD8/74IhN/bsXqjGFRFT/27LCfjml9KzAYtpo/LApHMgmW9YsllZHlG/+Ac+20fmIJg846CLmzdX+dECgPA0IsAiRgV9AYoC6DVXhPuqUCTqfzD55/HFDXDHpLMOTqKnkNDrbOJk8HiCPSCfMSDGgnPibZMZoI/sC5gxi1jwDExbCSE1yadLQn8RQgYsbuuEQoZYzl2tCpDrffAdYRgrH2fJ0Cxd4GN4SQN4lo+i03HBT7EQb8so3UBzIJZ86aByxgKeHExZLUd4Jy/LqdubLAJTW5qU6SDSFMxMtG1BrH1r/FW7i0Ii6oW76qANLQW5OomFZLvGq0gB+FNzf9tdxTNSZUgDqDnsvjTEiAE6kniyZmw2FVFQMKxLm5o1urONVRhHdqxP0KMp9tgBJoG6qwkabaY4dBGSgjpFPsnatEKhyyb9XQqFPfOQ01SHAsjcIpnmMQzATJWZrDMdotfKCph8dS8T3X3aVfyPDpPzg0zKG2/qnVY/agZzHV0Jp/Fr9PXGBahSxB+1JnlIxEOBhw8o4JQfcnCRMzdyUziAYin3TtM+1berufLMR7SNkH5/0DX7XDUdRtXZZW7mQ1EXenck/BoqJ0npA8EpwPr5P3osESgxSYxi6tPeOJgT4KhzHrXXiHZDTOikfquMTkr3tG+DH4oN8U+RELTWCEue2CKc2t7SczZGMicR21psvXYfrjMSX5oQ1nGf6hbiHaffIt4PnxzMEkL12RaniM3OWNvKNWF5/oHV//0nuu8smGK+LJsiKDOimdS23foFDAJ6/BxRAwnyy0J4nF4XpI/LQjcbLDVKPkp2fT4CGKgED7iJ8ObUq9aT+LN3ZyyLxEeoQeRsOr2+cf2EUdmzhFTkFkDFCgVg+mqsTu6siTtWsU7Y2CISWCYDgXeir/XzIjJlRXjMTGQQuAuAcuySruR4i689PQrYiHjSjxecDUwo/VdzsCkx+puxBYFgx2KduOt3Ye2DEt4YgkNQAq2isijkQc/0P0Qael2DVO2wRHvpeLo3aUlRNgeemDn3bIyOC/RYb7Sg2h39wturAKp+s/61qi10ALFJt4n0V/y1dOeRipEBxBiyRNmYHN+SX8DufsCc3lRFrXz8sTw4Q6aDpeUmerBijNoV+7Ry939JN2hO+THKb+FkXSbyce7VFkYYKbTbeXlrTRfV/ebo/qinKDOAc9tjG3zqGQaA66kUaQP8tnHOfDU6G/3vHojwQ5aVBqnaSHFV2OAc006OF8IPaCgWzIYIpFUFklhyy06qLDoboF4J6Id/YceBZbcOOeeJCmcEfVfiFwrre5OTJef7rlYj40z5TISJemUh7LwK6BzuhFijrgH0C6Z3+JZuLdcrXmv9BOBdu2BVf83wA7CA5sdSs/rtiJkebqWjdXVwog7IW+f4sRpl5TKJHHIcfbXAt87k+JVodO41g4LNRk1usn7HU7CNEimRKHSCJtLyx6QOix2d/yqJJc+srObUEKN9/llVtLYtLEpK1Q3ZUNkOQ1rD33AcqMtL3OEnFVRYTEa0edz+nxgW/EyAfmTEScVg==
Content-Type: multipart/related; boundary="_004_AS8PR10MB74278FEA0A60E2EC6AB579F9EE082AS8PR10MB7427EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 57890df5-d167-4f8d-4e10-08dc5e1cb75a
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2024 13:54:20.7804 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +xR3zpU3AKqw5EhdZ2JYV214sWhJ4GWWJAgKo+GG40TUctFS6XgevHTETDBdNc55jbAwV1YCju/DPuzPKkra+gd/Ls59tOH69TeVegIZma4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB5690
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/N4B5jRJLR4ZT9GBsymQqVa9trto>
Subject: Re: [TLS] [rfc9147] Clarification on DTLS 1.3 CID Retirement and Usage
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 13:54:32 -0000

Hi Kristijan,

searching through the mailing list I found this mail. So, sorry for the late response.

The CID design in DTLS 1.3 has not been focused on multi-homing use cases. It was not a design goal; you have to design on an extension in the style of what is currently happening with QUIC or what was previously done with MOBIKE.

Ciao
Hannes

From: TLS <tls-bounces@ietf.org> On Behalf Of Kristijan Sedlak
Sent: Sunday, December 10, 2023 11:50 AM
To: <tls@ietf.org> <tls@ietf.org>
Subject: [TLS] [rfc9147] Clarification on DTLS 1.3 CID Retirement and Usage

Dear IETF TLS Working Group,

I am reaching out to seek clarification on specific aspects of Connection ID (CID) management in DTLS 1.3, as detailed in RFC 9147.

The current specification delineates the process for issuing new CIDs via a NewConnectionId message. However, the methodology for retiring old CIDs seems subject to various interpretations.

Is it correct to assume that an endpoint dictates the number of active CIDs it manages and that CIDs should be utilized in the sequence they are provided? For example, if the initial negotiated CID is 0 and an endpoint subsequently issues NewConnectionId with CIDs 1, 2, and 3, my interpretation is that upon receiving the first datagram from a new path (which is also applicable for an existing path), the records should ideally be tagged with the next CID (1, 2, or 3) rather than CID 0. This approach suggests that upon the reception of a higher CID, lower CIDs should be considered retired and later removed.

This understanding implies that CIDs in DTLS 1.3 are not designed for multipath operations, and it is anticipated that only one path (one CID) would be active at a given time. Could you please confirm if this interpretation is in alignment with the intended specifications, or offer additional insights into the appropriate management of CIDs in DTLS 1.3? Including such clarification in the RFC would be invaluable in mitigating potential confusion.

Thank you.
Kristijan

v2.23.0 | Report a Bug | By Email