[TLS] DTLS RRC and heartbeat
Thomas Fossati <tho.ietf@gmail.com> Thu, 21 October 2021 09:36 UTC
Return-Path: <tho.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C02E3A13F0 for <tls@ietfa.amsl.com>; Thu, 21 Oct 2021 02:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pAkpeCIXdxrf for <tls@ietfa.amsl.com>; Thu, 21 Oct 2021 02:36:11 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC4A13A13F1 for <tls@ietf.org>; Thu, 21 Oct 2021 02:36:10 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 145so1590008ljj.1 for <tls@ietf.org>; Thu, 21 Oct 2021 02:36:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=E0pxoj+qxe1sezOIlC7zxQqEgNwDCUImzd7ajwurd0c=; b=fFk0OAW+xW3R8q0dpPsodZH6TRH7ct5FMQa3XuHnYvxakpfWu+m6H/nY1rYFmeB1tv pu8DURuPVRa66591iXWqLpkWuXw7FOnu0Nl87/3l5SZHYj1eioA6cmBn+G9lQTxJWQSZ GuZr+4i58XcpsQEOcXsE0cGq8NufWoBFUwgqg0PkJrqBoJriRU/7hXIR9H/Wm7CfBu5b R7h0CQLEDRsv/8EQmQnsuhJ2kA4bm3fHqPZ772nKic7yP2T1hMw2jCqxImaQWYY/b2un 1FwgipJN5CcJDS5hY/M441dJN02Qzk8O2WuBieN50DWMYDNFJwWY6ceuu6ikjn3Cm68o ySxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=E0pxoj+qxe1sezOIlC7zxQqEgNwDCUImzd7ajwurd0c=; b=EkfmXaPMJ5NI9fFBZB5hnb34bt+eO6cdkPcMZZQYZxdBKt5tYKj/bAHKhqIwRDH3bp +k9gMErxxz/Ub2gIC0UpmsD2RNcnGKrb8IVbhyJn0OlQTVNr9hyT72Nr8zW+jEGzgQDG dicz/Z8rT9UIz8jLpsUYNyO19re5t7gCdroh1g/MiMyP4KbBo7na5lbqjbVL8qC5MhAU RI7Hdwe8dGQEvBQHCFB+j3FNep8QPbc+ufmfKddUTvMIxQkIOqH25cBksn6DDxslCVzC TFBX/uBZ0jQnRtkbFWcYm/fKXEAjIWtvbwyu1MLE7EN7NrqGxibZEHp85wfjsKhTWBk3 TwTw==
X-Gm-Message-State: AOAM532Lun0A+x8kIiqN7ntydSTKH6+v0broPon4xQpbgEqSDY41mSfE F4xR9AencV6U4gRFOGHJzx+pqkb905EDkZIk6ulsT0AnaWI=
X-Google-Smtp-Source: ABdhPJxocjPN9NVaOfWpPLWMJmkVyHtWZM+QMmgBlmDbQNvyPedIENq+JxHicTYin/Ld9y8JHP5zvsUOYkFvlpa2IH4=
X-Received: by 2002:a2e:2c09:: with SMTP id s9mr4748173ljs.231.1634808965630; Thu, 21 Oct 2021 02:36:05 -0700 (PDT)
MIME-Version: 1.0
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Thu, 21 Oct 2021 10:35:54 +0100
Message-ID: <CAObGJnObgKwJE6dHUE_bPOHAzYNgaSDguXCz6gZ1Ld9bVKfecg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OnrU-alIaPn2_YWS6h69Qk4HF6U>
Subject: [TLS] DTLS RRC and heartbeat
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 09:36:20 -0000
Hi, Hannes, Achim and I are working on the DTLS return routability check (RRC) draft [1]. In the process, we realised that what we were building was heartbeat (RFC6520) just with a different name. If one looks at RFC6520's use cases [2], path MTU discovery and path liveliness are listed already. So we could update the existing RFC with a path validation use case and profile the probing algorithm to support the more subtle threat model that QUIC assumes, which we are reasonably sure we want to do. Enhancing the heartbeat mechanism with a "path validation" sub-protocol for DTLS seems quite logical (to us). This would be incremental work rather than reinventing the wheel. To us, this appears to be an attractive approach. One problem is - as Hannes put it - that heartbeat has a "somewhat tricky history", making its marketing a slightly intricate operation, and the code reuse story a bit more complicated than desired (see for example [3]). So, we are not entirely sure what we should do, and on Chris's suggestion we are bringing this to the group to ask for direction. Thanks in advance for any thought, opinion, ideas you may want to share with us. [1] https://datatracker.ietf.org/doc/html/draft-ietf-tls-dtls-rrc [2] https://www.rfc-editor.org/rfc/rfc6520#section-5 [3] https://github.com/openssl/openssl/pull/1928 -- Thomas
- [TLS] DTLS RRC and heartbeat Thomas Fossati
- Re: [TLS] DTLS RRC and heartbeat Hanno Böck
- Re: [TLS] DTLS RRC and heartbeat Mohit Sahni
- Re: [TLS] DTLS RRC and heartbeat Achim Kraus
- Re: [TLS] DTLS RRC and heartbeat Achim Kraus
- Re: [TLS] DTLS RRC and heartbeat Salz, Rich
- Re: [TLS] DTLS RRC and heartbeat Salz, Rich
- Re: [TLS] DTLS RRC and heartbeat Thomas Fossati
- Re: [TLS] DTLS RRC and heartbeat Salz, Rich