IETF Logo Mail Archive

Re: [TLS] DTLS 1.3 AEAD additional data

Christopher Wood <caw@heapingbits.net> Sat, 25 April 2020 00:30 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F553A11EB for <tls@ietfa.amsl.com>; Fri, 24 Apr 2020 17:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=TJVrTKsm; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dfWAD8zC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ehW-6RhVsIR8 for <tls@ietfa.amsl.com>; Fri, 24 Apr 2020 17:30:36 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FF0A3A11E9 for <tls@ietf.org>; Fri, 24 Apr 2020 17:30:36 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3279C5C0197 for <tls@ietf.org>; Fri, 24 Apr 2020 20:30:35 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Fri, 24 Apr 2020 20:30:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=jsoAm2WTwjZB5Z5N5XYQvs6fRyvYYut MHSYwf9QA60o=; b=TJVrTKsm1GiuYnWdjr7SeVCsEcE6H+ofzkIc91YSOnbqlDQ 1f5kHsQwpT8QUW6ShqF4FEO7O7L9e7g4UZv+BF47U/9aP1+gDZFUdLX86tJqZU3O gXZGNiRk/fLQ8JJ4z6RCBYHXMKsh18BrL7qCj093ZYzj6TMQm81oLxNlNjDUdXiD 4OMU4KK0RyC4WY5XXQY3z+mnYji3pY13W+glddnOTYhhtxoKrwLHSMyFS7rsVz2o iiF0wi9dgVlryjYTFKTOUD/wDKygooNholnLZIGhd+QNf/reMZkExEC0cw+mui1x rPNnhKIXTbHAp7hOiB3kIXT5Q6pueVcUliEJkaA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=jsoAm2 WTwjZB5Z5N5XYQvs6fRyvYYutMHSYwf9QA60o=; b=dfWAD8zCu0oW8BbXh6ZTBD jG9sFbURIQT6VK09OKerhfo8jRlbgMGLFt8tJ930ByE4PznV854mUmvC8Wgi7EXq t0GDu/WX0n9LEli+oCZ2DpPQj4kcncHQETU0A2ISo75LrZl7tkdUABqn/PHeh/PK GswiYNwRsSRCINcbmBeGqKVr6pRSIqvW7Aa3+Bij4S1LWkDrBgaNsHuM96DG+9+q bcydMcaX66BsvCGDjOTL8AI96vvjCEyC7xZgXM6e9hPQmaUgpba1nhcWtH5ALbjl YpbsWL1Ab9SxjDYeMNsbzCjequYAoedSvqWHBYk+nHyWU5k3t4osAAXMBwQcfJ8A ==
X-ME-Sender: <xms:qoSjXkq0yd37Qb8p6r8nWbgX3S4IFfQom-l-TjQRlrdDof7NkCuGtQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrhedvgdefhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:qoSjXoPUmfrpf8RcubndQFnEzk6l9HSOUOyp6G6PyHbWqV8g6MHY8g> <xmx:qoSjXiMmkzjBez-j-z1jwF-QXl9oUEPYfLhwuAzjYi0pE0KHouqSqw> <xmx:qoSjXmyLUVEFAOuipRIT-yWcBo2lTlJeZ0N7dkARPi76GwtWjyAGvA> <xmx:q4SjXuExjwJ_fn7YJ-ZAuEJdWb1jIKt-U6VbF2MOdk3tWDyW3eaADQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CAEE73C00A1; Fri, 24 Apr 2020 20:30:34 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <fd9e2ddd-a79d-4f52-be17-92ba688d618f@www.fastmail.com>
In-Reply-To: <CABcZeBPs7gOenD8Fs2uFXxY=hHyvwiKAvqkDPNzSZDTuReuBJg@mail.gmail.com>
References: <AM6PR08MB3318911C71C0DDB90480694A9BD50@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBMs+o4BU5VhqJKmQvnkEe9RkQXRv7Ej6pVD1-e1vdMoyA@mail.gmail.com> <CABcZeBM9Ri=Rz5kbWn08Vk-Y14MVSALwB1Bd9QV=HfWoq3XqSA@mail.gmail.com> <AM6PR08MB33184161239B6383EA7D776C9BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBM4wVkH_pdTZMakyV9Y=tk8PNDknHTFhjwX-sw3GOOaZw@mail.gmail.com> <AM6PR08MB3318D6A11587449627F6EA679BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <CABcZeBNcODKehe217nr2jSedy6N6Gun+QYcksFp2Oqv6gLrzzw@mail.gmail.com> <AM6PR08MB3318717D21E69A2373AC1ACE9BD20@AM6PR08MB3318.eurprd08.prod.outlook.com> <8371994b-799c-4196-a3cd-4b0f71e24b5e@www.fastmail.com> <CABcZeBNbehkW8FO29DS00m19+b=dH8V8esscu8OU-mmaJf6etQ@mail.gmail.com> <5b74a840-a1cd-4b5b-a0c5-65320b851325@www.fastmail.com> <CABcZeBOvm-nx6hKR79ChN=A4RFzWgt=-BzjORc=N7_A79tO6Ng@mail.gmail.com> <AM6PR08MB3318D5881B8D2BEFF938F2B79BD30@AM6PR08MB3318.eurprd08.prod.outlook.com> <1e6201d6-a078-4137-898d-d1554c22aa10@www.fastmail.com> <CABcZeBPs7gOenD8Fs2uFXxY=hHyvwiKAvqkDPNzSZDTuReuBJg@mail.gmail.com>
Date: Fri, 24 Apr 2020 17:30:14 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OdL0CiyA3TmEqE7gIEGeCcSF-_w>
Subject: Re: [TLS] DTLS 1.3 AEAD additional data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2020 00:30:38 -0000

On Thu, Apr 23, 2020, at 2:17 PM, Eric Rescorla wrote:
> On Thu, Apr 23, 2020 at 12:40 AM Martin Thomson <mt@lowentropy.net> wrote:
> > On Thu, Apr 23, 2020, at 11:49, Eric Rescorla wrote:
> >  > OK but we would expect the peer to process CID-less records if they are 
> >  > coalesced?
> > 
> >  I guess so. If we allowed them to drop them, then we're close to saying MUST NOT omit.
> 
> Yeah, I would make three points
> 
> 1. Allowing implicit CIDs is very recent (it was introduced in -34) 
> 2. The CID specification explicitly prohibits it for DTLS 1.2.
> 3. I haven't really heard a very compelling argument for this and I 
> note that QUIC forbids it [and in fact has much worse problems when you 
> mix epochs because the long header is so long]
> 
> So, given that the simplest and most consistent thing is to simply 
> forbid it: can someone make an argument for why this is important to 
> permit?

Thanks to everyone who participated in this thread so far! Given the points above, the chairs would like to hear arguments in favor of implicit CIDs. Absent substantial rationale, we'll assume rough consensus for explicit CIDs. 

Best,
Chris, on behalf of the chairs

v2.23.0 | Report a Bug | By Email