Re: [TLS] TCP Keep Alive Question: draft-ietf-tls-tls13-11

<nalini.elkins@insidethestack.com> Mon, 04 January 2016 15:59 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22BD01A8A06 for <tls@ietfa.amsl.com>; Mon, 4 Jan 2016 07:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PjiL09sbe9Qt for <tls@ietfa.amsl.com>; Mon, 4 Jan 2016 07:59:56 -0800 (PST)
Received: from nm19-vm5.bullet.mail.ne1.yahoo.com (nm19-vm5.bullet.mail.ne1.yahoo.com [98.138.91.241]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3B3F1A89FD for <tls@ietf.org>; Mon, 4 Jan 2016 07:59:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1451923196; bh=IB9Z7j5o9XRo4LdxPkog3bd0SiRtWDf07PDexN9cXw0=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=SxLWxxo8YTObKOFyrfauEgNBlakSWMicbSIPrzuZeOgJZnpwHer4sQeqdKHKfCrzhkvDbqxh7X98S3dnW4XUhQFwjxyj5GVGowu9JhNbrsjcIJXuTx7+QCeB1BQZ6cMgv2LEIJ0a4lfGaxNfJwvjcHb+a2FX/syrp/YAJHC1f6TGjz7jJtQkQh9ow0Da5kg7wTR521J5lOv+rIB+DTvlt+fArG4TaXLPc0mB/tqgXbBUYFFuL82JBl/7tn1f6QReXxQUw+WJ3KqCEYYY+G+347gRmeerim+RXiWnjSJ7J+JLAnlB6p7N1g+jii7Gsd7uzMWyrIXgTAtFzmxFHsqmRQ==
Received: from [98.138.101.130] by nm19.bullet.mail.ne1.yahoo.com with NNFMP; 04 Jan 2016 15:59:56 -0000
Received: from [98.138.89.192] by tm18.bullet.mail.ne1.yahoo.com with NNFMP; 04 Jan 2016 15:59:56 -0000
Received: from [127.0.0.1] by omp1050.mail.ne1.yahoo.com with NNFMP; 04 Jan 2016 15:59:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 189734.60932.bm@omp1050.mail.ne1.yahoo.com
X-YMail-OSG: hAZKNEQVM1meL.B2ly4NZw9QUR_4AKdSuHpjBvUu0HUv0JvDgwiwIIUgC5XQp.9 SG9craEMgn7GCxBZOte9f9zXqbeLGN55vwNaPebmnXM4V1mx.kdketH9TPduURfCgnup18WJjfqL L4qAiW0tYurcM8vdEV6xCq_IP2l..JlzSwOB2ZeYBLUTrM2TgAt9ZA1kahKJAZ1lNlC58fp_Rskr _PMIJ.MY60AiNVflSUtKoHBOk2bqxV1jd0UkREMp_VfUi11NtFMf1oW4Uo3C4sWaLw8rTfpdRQBN YcX_qlMQc8UpaRh4uzOZkMn3.sWJWqs1O8Wnh.hgeDJmN56mEVAnQXGt.s..E2mwb5t9Oqq3eLR8 Lp1qKpr7OI84oX5wfyf6MM6miuXZyMYzDuXF23cxGPdXV1.fl0OKisZZQ6su3eKOb6HKc.XUxn7x i_PjiI9KBFcpwsbHkb61FjjUejw_thLAQbv3UBR.4ySAWqBAYxogvqlJ4e0NM3kN909w95VfPP.x ECYrrvn2TeJcBbiqdWAY8hRV_D4paGtCFV_j9GePbWzo0klyWVfSbMoPHVg--
Received: by 98.138.105.220; Mon, 04 Jan 2016 15:59:55 +0000
Date: Mon, 4 Jan 2016 15:59:55 +0000 (UTC)
From: <nalini.elkins@insidethestack.com>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <652841533.487342.1451923195258.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <CACsn0cnGTqmYm0zF0C4LKxQj8oERNBhKz_CtyFCZckUgtXGKBQ@mail.gmail.com>
References: <CACsn0cnGTqmYm0zF0C4LKxQj8oERNBhKz_CtyFCZckUgtXGKBQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OAHOWG9gqE0KFQnX88o-frAf32M>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] TCP Keep Alive Question: draft-ietf-tls-tls13-11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: nalini.elkins@insidethestack.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 15:59:58 -0000


On Mon, Jan 4, 2016 at 7:45 AM,  <nalini.elkins@insidethestack.com> wrote:
>> Hello All,
>>
>> Please excuse if this topic has been previously discussed.  I have a question about TCP Keep Alives.
>>
>> Section 5 of draft-ietf-tls-tls13-11 reads:
>>
>> "Three protocols that use the TLS Record Protocol are described in this document: the TLS Handshake Protocol, the Alert Protocol, and the application data protocol."
>>
>> Then continues with:
>>
>> "Implementations MUST NOT send record types not defined in this document unless negotiated by some extension.  If a TLS implementation receives an unexpected record type, it MUST send an
>> "unexpected_message" alert."
>>
>> In the wild today, I see many TLS connections which use TCP Keep Alive (NOT TLS Heartbeat).   I take it that this will not work going forth?

>TCP Keep Alive is invisible to the TLS connection.

I see. Then, is it that PACKETS without the TLS record protocol may be sent on the TLS connection, but IF the TLS Record protocol IS used, then the record types must be one of those described? 

Or is it that TCP Keep Alive is taken out by the TCP stack and not passed to TLS?



>  Thanks,
>
> Nalini Elkins
> Inside Products, Inc.
> www.insidethestack.com
> (831) 659-8360
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.