IETF Logo Mail Archive

[TLS] A question for TLS middle-box/middleware vendors/implementers

"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Sat, 27 January 2018 16:30 UTC

Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3FB124234 for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 08:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ByrL99d02e_p for <tls@ietfa.amsl.com>; Sat, 27 Jan 2018 08:30:07 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0108.outbound.protection.outlook.com [104.47.2.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25DC61241F8 for <tls@ietf.org>; Sat, 27 Jan 2018 08:30:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+gjgpNkARNhlqVNjFgfx2nP5Jo+HpnHAsa80D5vk/aQ=; b=CWqMdd5QXIGqY7l+FpNoKa1pVsrwlAqkn2IR/klhpmp4SjMsjqwZfFzcDVO1HXWBliFNe7FNcvKgeKVFCQXKXcuONgIsBufT2LCt+GmVPv2GGM2cEQ3wsmQjte9qsvVtSnyHe3RpvWAQahxYp1yu/J3YV07/3lgsZvPA4JE781Y=
Received: from DB5PR07MB1094.eurprd07.prod.outlook.com (10.163.103.148) by DB5PR07MB0919.eurprd07.prod.outlook.com (10.161.200.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.6; Sat, 27 Jan 2018 16:30:04 +0000
Received: from DB5PR07MB1094.eurprd07.prod.outlook.com ([fe80::a5f5:9a87:94aa:58da]) by DB5PR07MB1094.eurprd07.prod.outlook.com ([fe80::a5f5:9a87:94aa:58da%13]) with mapi id 15.20.0464.008; Sat, 27 Jan 2018 16:30:04 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: A question for TLS middle-box/middleware vendors/implementers
Thread-Index: AQHTl4wVsEsS32ldTEGo2Z4sXyi6/Q==
Date: Sat, 27 Jan 2018 16:30:04 +0000
Message-ID: <7CC4F5F0-DCC1-420E-B91A-A4D5B9FC5D53@nokia.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.9.0.180116
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.111.107.3]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR07MB0919; 7:rCAOgZqIqp2LlHfQZGEUZPgRgfZSR7goLN/++c61nfbpn6PptYLA527rj4a6i0J1PdtOOESO/J4moeXfBLgRl47O0ROEE1/BIVYXMZOkpgtcGq62RQjV3x3MoKylRqKx04JpzxfodJYHBFbaw+7QWqSHHD4VFK2OSoDedEbaMvyNMGvmC22XdjVzJDNH8vftMKoA911OF6kvi/dszyvkaI6oTqDFmmhxKd+DpI0C2dvjrj/6C0F4ONr813ybpTn0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a0e2f143-99af-4c48-2c36-08d565a3384f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:DB5PR07MB0919;
x-ms-traffictypediagnostic: DB5PR07MB0919:
x-microsoft-antispam-prvs: <DB5PR07MB091917D8DF9E5C2BC2BCDAB880E70@DB5PR07MB0919.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231089)(11241501184)(806099)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DB5PR07MB0919; BCL:0; PCL:0; RULEID:; SRVR:DB5PR07MB0919;
x-forefront-prvs: 056544FBEE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39380400002)(366004)(39860400002)(376002)(51874003)(189003)(199004)(8936002)(86362001)(106356001)(66066001)(82746002)(36756003)(5660300001)(14454004)(2900100001)(2501003)(8676002)(5640700003)(25786009)(83716003)(1730700003)(186003)(81156014)(81166006)(6436002)(966005)(83506002)(99286004)(478600001)(105586002)(26005)(33656002)(68736007)(2906002)(6506007)(97736004)(102836004)(3280700002)(3660700001)(58126008)(53936002)(3846002)(2351001)(6306002)(316002)(6916009)(305945005)(7736002)(6512007)(5250100002)(6486002)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR07MB0919; H:DB5PR07MB1094.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: hGn3iWV6SYeBptGlG/3YePoSqBDXn4ReBjhGwq+coOOGrkIgGELs39SQCjuaQV5ZxAI5yAqt//o3uNKcpvDYyshzcPEi9GmvLjIYjDEW5p8/5O11R8vnsrw22yqTX3UA
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D7A84C97A0DD94BA26AAFCDBB01DBFB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a0e2f143-99af-4c48-2c36-08d565a3384f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2018 16:30:04.0643 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0919
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NI8B6O8XSjNtnM0YZbfOZpzwQXQ>
Subject: [TLS] A question for TLS middle-box/middleware vendors/implementers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jan 2018 16:30:10 -0000

Hi TLS middle-box/middleware folks,

If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is
set, how does your software react?

Is it going to drop the session/record or not bothering at all?

I'm trying to understand a bit better whether and when it'd be safe to
grab that bit and give it new semantics (e.g., for signalling the
presence of a DTLS connection-id, an ext-header, or anything else
really) and your answers would help shedding some (*) light on the
matter.

Based on previous experience on similar (but not identical) changes to
the record format, Adam ([1], [2]) suggested that this bit is likely to
have already ossified in TLS, whereas DTLS might be still OK.  So, I'm
curious to hear from those who own the boxes' logics if they share the
same opinion - in particular if DTLS is in better shape than TLS?

Thanks in advance for your time.

(*) I'm pretty sure not every TLS middle-box vendor on earth is
subscribed to this list and, even among those who are, not everyone
might be willing or able to share this information with the wider
community.  This is to say that I'm aware of the limited value a poll
like this has, but I'm not in a position to do a large-scale measurement
campaign at the moment, so better start from somewhere... OTOH, I think
there is a valuable discussion to be had in cases like this with folks
that don't own the endpoints but are going to (or have already) put
their logics on the e2e path, so hopefully I'm not wasting everyone's
time :-)

cheers, t

[1] https://www.ietf.org/mail-archive/web/tls/current/msg25299.html
[2] https://www.ietf.org/mail-archive/web/tls/current/msg25304.html

v2.23.0 | Report a Bug | By Email