[TLS] A question for TLS middle-box/middleware vendors/implementers
"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Sat, 27 January 2018 16:30 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3FB124234 for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 08:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ByrL99d02e_p for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 08:30:07 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0108.outbound.protection.outlook.com [104.47.2.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25DC61241F8 for <tls@ietf.org>; Sat, 27 Jan 2018 08:30:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+gjgpNkARNhlqVNjFgfx2nP5Jo+HpnHAsa80D5vk/aQ=; b=CWqMdd5QXIGqY7l+FpNoKa1pVsrwlAqkn2IR/klhpmp4SjMsjqwZfFzcDVO1HXWBliFNe7FNcvKgeKVFCQXKXcuONgIsBufT2LCt+GmVPv2GGM2cEQ3wsmQjte9qsvVtSnyHe3RpvWAQahxYp1yu/J3YV07/3lgsZvPA4JE781Y=
Received: from DB5PR07MB1094.eurprd07.prod.outlook.com (10.163.103.148) by DB5PR07MB0919.eurprd07.prod.outlook.com (10.161.200.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.6; Sat, 27 Jan 2018 16:30:04 +0000
Received: from DB5PR07MB1094.eurprd07.prod.outlook.com ([fe80::a5f5:9a87:94aa:58da]) by DB5PR07MB1094.eurprd07.prod.outlook.com ([fe80::a5f5:9a87:94aa:58da%13]) with mapi id 15.20.0464.008; Sat, 27 Jan 2018 16:30:04 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: A question for TLS middle-box/middleware vendors/implementers
Thread-Index: AQHTl4wVsEsS32ldTEGo2Z4sXyi6/Q==
Date: Sat, 27 Jan 2018 16:30:04 +0000
Message-ID: <7CC4F5F0-DCC1-420E-B91A-A4D5B9FC5D53@nokia.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.9.0.180116
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.111.107.3]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR07MB0919; 7:rCAOgZqIqp2LlHfQZGEUZPgRgfZSR7goLN/++c61nfbpn6PptYLA527rj4a6i0J1PdtOOESO/J4moeXfBLgRl47O0ROEE1/BIVYXMZOkpgtcGq62RQjV3x3MoKylRqKx04JpzxfodJYHBFbaw+7QWqSHHD4VFK2OSoDedEbaMvyNMGvmC22XdjVzJDNH8vftMKoA911OF6kvi/dszyvkaI6oTqDFmmhxKd+DpI0C2dvjrj/6C0F4ONr813ybpTn0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a0e2f143-99af-4c48-2c36-08d565a3384f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:DB5PR07MB0919;
x-ms-traffictypediagnostic: DB5PR07MB0919:
x-microsoft-antispam-prvs: <DB5PR07MB091917D8DF9E5C2BC2BCDAB880E70@DB5PR07MB0919.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231089)(11241501184)(806099)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DB5PR07MB0919; BCL:0; PCL:0; RULEID:; SRVR:DB5PR07MB0919;
x-forefront-prvs: 056544FBEE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39380400002)(366004)(39860400002)(376002)(51874003)(189003)(199004)(8936002)(86362001)(106356001)(66066001)(82746002)(36756003)(5660300001)(14454004)(2900100001)(2501003)(8676002)(5640700003)(25786009)(83716003)(1730700003)(186003)(81156014)(81166006)(6436002)(966005)(83506002)(99286004)(478600001)(105586002)(26005)(33656002)(68736007)(2906002)(6506007)(97736004)(102836004)(3280700002)(3660700001)(58126008)(53936002)(3846002)(2351001)(6306002)(316002)(6916009)(305945005)(7736002)(6512007)(5250100002)(6486002)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR07MB0919; H:DB5PR07MB1094.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: hGn3iWV6SYeBptGlG/3YePoSqBDXn4ReBjhGwq+coOOGrkIgGELs39SQCjuaQV5ZxAI5yAqt//o3uNKcpvDYyshzcPEi9GmvLjIYjDEW5p8/5O11R8vnsrw22yqTX3UA
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D7A84C97A0DD94BA26AAFCDBB01DBFB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a0e2f143-99af-4c48-2c36-08d565a3384f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2018 16:30:04.0643 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0919
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NI8B6O8XSjNtnM0YZbfOZpzwQXQ>
Subject: [TLS] A question for TLS middle-box/middleware vendors/implementers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jan 2018 16:30:10 -0000
Hi TLS middle-box/middleware folks, If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is set, how does your software react? Is it going to drop the session/record or not bothering at all? I'm trying to understand a bit better whether and when it'd be safe to grab that bit and give it new semantics (e.g., for signalling the presence of a DTLS connection-id, an ext-header, or anything else really) and your answers would help shedding some (*) light on the matter. Based on previous experience on similar (but not identical) changes to the record format, Adam ([1], [2]) suggested that this bit is likely to have already ossified in TLS, whereas DTLS might be still OK. So, I'm curious to hear from those who own the boxes' logics if they share the same opinion - in particular if DTLS is in better shape than TLS? Thanks in advance for your time. (*) I'm pretty sure not every TLS middle-box vendor on earth is subscribed to this list and, even among those who are, not everyone might be willing or able to share this information with the wider community. This is to say that I'm aware of the limited value a poll like this has, but I'm not in a position to do a large-scale measurement campaign at the moment, so better start from somewhere... OTOH, I think there is a valuable discussion to be had in cases like this with folks that don't own the endpoints but are going to (or have already) put their logics on the e2e path, so hopefully I'm not wasting everyone's time :-) cheers, t [1] https://www.ietf.org/mail-archive/web/tls/current/msg25299.html [2] https://www.ietf.org/mail-archive/web/tls/current/msg25304.html
- [TLS] A question for TLS middle-box/middleware ve… Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] A question for TLS middle-box/middlewar… Yoav Nir
- Re: [TLS] A question for TLS middle-box/middlewar… Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] A question for TLS middle-box/middlewar… Yoav Nir
- Re: [TLS] A question for TLS middle-box/middlewar… Fossati, Thomas (Nokia - GB/Cambridge, UK)