Re: [TLS] Last Call: <draft-ietf-tls-dtls-connection-id-10.txt> (Connection Identifiers for DTLS 1.2) to Proposed Standard
tom petch <daedulus@btconnect.com> Fri, 12 March 2021 10:38 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10FD53A1812; Fri, 12 Mar 2021 02:38:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2AwJxyIBtls; Fri, 12 Mar 2021 02:38:40 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130130.outbound.protection.outlook.com [40.107.13.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D6693A1807; Fri, 12 Mar 2021 02:38:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NoHP29rdbm4uQx0mTtANYnH7yyNK5JwEGF9FJ9/urw3tzEKW7ZU7klUt0LlQPfF+/VZxcDXf3su44QYP2EIjZ3ynMwflIvb2qr4b4dcLh0nin+hVPEDA3NEqrJkpJ74oKHV4t7DA/qeJogPlfrEESo+FSIMLLRvMl80nKy1Gxr6u52iZTm6Gs60C45ISd5S33IFI/2ufyUChfkqSAcicttmaFUA/cM6n1ZuZYP13eQ7pXN2ZJA2np/f0/PZ2gRC8Qw7Nupzyu4YGN8LvVZ1qsY2Hs8LXb5/jRYmH4OFpN++uu7Bfumml9WFzfdfqq6cX1FJak86piurQ7DhFo+5WEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SYG1IwoRiO1UWsfEs4LGoYCGoakZcXyE+SNYAtXOIDY=; b=C4GJbVlaAoQ9XeQTsFSHla7QsWtxvPlNz9fKKSNWHa6p2TeqM4Ogkmdcx/FJ6IzBiJN4ZDJ0Dd1LfaM12/KHI2fCX9m7cbxXGi/F0SAQhjINugBVu3dQuuu6nr0cR7ECgZKzqvKazGtEVCNznmqw87cnah7edahWamuyQq65Q6waoIkhHEkdwUJqQKe0an+M0/daqlAtwlhUfB4j70Pvgf+5/+ZULSGNLIE4xli9ophWrL2DX6BIWsb7sOeHYd5hs+FMKNIY+BVDrwavQ9No8na2eoxARQ6NiPczhfQumas8csu+zAc+vHEjyQboplR1EN1HGnILFZhwSvZ0/NMjww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SYG1IwoRiO1UWsfEs4LGoYCGoakZcXyE+SNYAtXOIDY=; b=VqpOtpqr1bF0HbntPglcol48gmXRh6/RAocmWM36EOEECjCsBL1lTaeJAlJY56knmJ9HA31C7HVgN+RQ8b/IiFPDYbOqDZwB4dEi7BvND8PTGkZYqhKULpjP24MJnvlnPidT+hp0s/RnS5oxZWF1kXdUbd54GZt/x2Q7xING7Ww=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB5711.eurprd07.prod.outlook.com (2603:10a6:803:d0::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.10; Fri, 12 Mar 2021 10:38:36 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::95a0:b8b0:8c8c:1fea]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::95a0:b8b0:8c8c:1fea%7]) with mapi id 15.20.3933.029; Fri, 12 Mar 2021 10:38:36 +0000
To: last-call@ietf.org
References: <161520236528.11780.2852731535612070466@ietfa.amsl.com>
Cc: tls-chairs@ietf.org, draft-ietf-tls-dtls-connection-id@ietf.org, tls@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <604B44A4.6070400@btconnect.com>
Date: Fri, 12 Mar 2021 10:38:28 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <161520236528.11780.2852731535612070466@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0507.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:13b::14) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0507.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:13b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3912.26 via Frontend Transport; Fri, 12 Mar 2021 10:38:35 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4ce20a2d-4029-48bb-f412-08d8e542fdd5
X-MS-TrafficTypeDiagnostic: VI1PR07MB5711:
X-Microsoft-Antispam-PRVS: <VI1PR07MB571140E39E493490F7986A1AC66F9@VI1PR07MB5711.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6108;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: JHpPgzp4qdcSqzyMuxc6EiRuNGPctQSvXx4Bi4zVP7PmsHRuusn4yQD75IAlecSQcTSiczjql8qe5Knxa68wfaHWjKvwP9exT/xMMHqR9fjRWn0cBx7I8ZfYrPFtGA2G0Irji5n+mTvum8tVmEExujKVtRByxX5ofnpxQ7sLjVw/oOXj+2+4Lto4MjCEtY5a2o+7NWeuYUk2AvInRoCHwroZxeeWLylm32DMMfTHQp9oyz28WCgMbQgtnicckoU4isobpjnxFRGqx1yD0/XjHm4EzZC/Ki8XG+G7Gm/JDMw+kwy2Z567ge9T3WfeO4kdEEG8GLfpqa3zUvODlsR8gv2OXXy0MhWpaMu6pxoZ9BnuZ4qcAr9By3kSDl0bUhTRIh+p9rXqY2WuQsN4fZEkWEvTzvRkxWsBo7rt4ll7gsqPdxd6x5+lrWP2hV7OL7n29PsEU7UH/t1PlWGIszv4E6T9JtF9WaXXT02AkN7IAXFQXwTUpFPN1gjXvpOOK+JXQr00cDKm727CEuHe16lJpmT4q01tkUI7lTdBayuwF3/UoJKeSxlI8w7c10F7krbgs39F1SxnfiWBUZL+o0sTKbeHDe8p26Th4qiMRfyP7MyS3NyaZoG+1CcJoBuMFvUu
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(366004)(39860400002)(136003)(376002)(396003)(86362001)(5660300002)(66556008)(66476007)(66946007)(2906002)(8936002)(6916009)(8676002)(87266011)(52116002)(53546011)(36756003)(33656002)(6666004)(6486002)(83380400001)(966005)(26005)(956004)(2616005)(16526019)(186003)(316002)(16576012)(478600001)(450100002)(4326008); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: PG0MFqoqHUmNS81XPocSoaLa6xRAd222jQmRDu2AOc2O1m0wj09nfTPIW0ByBdphWD4fa4MDKHy23N2TWOpArJmOo+AwipXg1U6RyNy/pBEd6FdhBDY3gc9fWu/kYMZzMZ1OeI5/ddz8/jRo7wKs9FhBC7AeawB2WiPPYudaEs+lpd8q1N+hOqiP5gTvbKMdqenKTQJawgP32pv8qHau0n2iX//Xou13t14VSUTPJleRm/uUqqc2sH/ymYvuNOwvsAdlTMggwia88clGtguUE6snSS6dY3lNWITGj+kbqfJPyTTCHazei8OPEtA8JPLFEe+IV17R0k1Hsat1OZqWPadVWJleIp6lguBGLhaXodSnYgzAP4GPuzj/KWXRly5EDBrJhMU2DX8mtP+u2GO1G9mcGHmKs/Q04UbSfpID3AhsQnZ0VYV/kD58XPCD4xuAy6EguBnpCYnlyyqqGQmybZT3ET26yKYlA0wXudfbpFpJPOucuxnTafakP7jM2yr1TwRoFVj4JLJ5Gzm85sYiOvOLGlMTauSfXk7C8v7M9YB/x0eDFWSAwBLfNe+53D2hUSZzkbFU9PYiClD49jRFs8CQmxOw4FmUgeIkHl06BO4vkTW0QP9CL0V4JPr4cfzVbMy/pSXZZi2VD2ToEd0chNq7zJwLM8HycPFnZgobt0ft8COTRKPF+Hk7WeVAa3/cgHp/U3LgjwqXCbxLurgGVH7Pms4ejKV+us6bFAQLhvfc2JNbotXFVI3UNLcho8MT0hNHdsGBIVYNWq+mE5a4LBBgs5TLCGPsaPIx4Bbs0QYRDzuJ4X9IwFSlMjs1LcHTrLtITwEOKveBbq+KOyaANekFQ/7AO+pR0H7XPx7n8LblO1p0BKpFkzb1Iq5rf7oGectJsi06X5XeTp/Yb/+o35BxNk+Sy4rgAyFbEsTnxVMBxDFtDBPdrDHdilJm8ncaPZ660+/NSLjdv0a1vqiaVKCjicGNDdjlSwcFo5vVxW+yhK7QG8TFTDuI3HOmWkQG2U15t5Khw6LVZvOYOzoo1d8xDhWBYVH3VkdELM8XUyGvWgG6zuUS1zhPMUJJ0Sbb3uNyuU0IQjZh92jJ8QNQfBnUl8FVSWDV6z6Qlsj9pA9y7Xw7sj3HDzeV211AHTZF64mP1ZzgaJTKJPWwo6yigmEQnyvHUwZgImXKUm89Qi87kDKzjOnyzrmIH6iQ+5N4sluRley7A0avqCojdLGH/44KJ4AOmayMMAMldCduZk7aZx2fwKZHkGl5NwNaKfmZfP5RMSlOyT1EWH4HM7aa7daDb7yiVHeRqZzKj5tDOMxZVUsm/8846RY4r1nTpXt8
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ce20a2d-4029-48bb-f412-08d8e542fdd5
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2021 10:38:36.4972 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 0Nn1kfae0GjefhBjLFgEs6ziH9qs3CAu0xzlqHw7jNjjXTfs+8uiqWh1Fo/ZIOghME0Gdr4FfTATTIVbdu7g1g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5711
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Opmv1JCmY10uBKP1SrzfUpxhzCY>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-dtls-connection-id-10.txt> (Connection Identifiers for DTLS 1.2) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 10:38:50 -0000
Some editorial quirks
s.2
lacks the boiler plate of RFC8174
s.3
I found this unclear until I had understood it all (or perhaps I do not
understand it)
"...or again, alternately, to use a zero-length CID)."
This suggests that a zero length CID is valid in Application Data which
later text seems to contradict; otherwise I cannot see what this is saying.
" If DTLS peers have negotiated the use of a CIDs using the ClientHello
and the ServerHello messages "
arguably sending a zero CID and receiving a zero CID is a successful
Hello negotiation perhaps
" If DTLS peers have negotiated the use of a non-zero CID in at least
one direction, using the ClientHello and the ServerHello messages"
"The DTLS peers determine whether incoming and outgoing messages need.."
seems not to cater for unidirectional CIDs; perhaps
"The DTLS peers determine whether incoming or outgoing, or both,
messages need.. "
s.4
/always recieve CIDs/always receive CIDs/
s.5.1
"the with Encrypt-then-MAC processing described in [RFC7366]."
I do not understand why 'with' is needed
s.5.2
ditto
s.8
/this aspects SHOULD refuse/these aspects SHOULD refuse/
s.10
I would find this clearer as three sections for the three IANA actions
10.1 new column for ExtensionType
10.2 new value for ExtensionType
10.3 new value for ContentType
" IANA is requested to allocate an entry to the existing TLS
"ExtensionType Values" registry, defined in [RFC5246],.."
well no; whatever you think of RFC8447 the name has changed
" IANA is requested to allocate an entry to the existing "TLS
ExtensionType Values" registry, defined in [RFC5246],.."
or, if you are picky (which I am not),
IANA is requested to allocate an entry to the existing "TLS
"ExtensionType Values" registry, defined in [RFC5246], and
renamed by RFC8447
An extra column is added but I cannot see what value should be placed in
that column for existing entries.
"The tls12_cid ContentType is only applicable to DTLS 1.2."
Good information but I struggle to see what IANA will do with it; I see
nowhere for it to go.
Tom Petch
On 08/03/2021 11:19, The IESG wrote:
>
> The IESG has received a request from the Transport Layer Security WG (tls) to
> consider the following document: - 'Connection Identifiers for DTLS 1.2'
> <draft-ietf-tls-dtls-connection-id-10.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits final
> comments on this action. Please send substantive comments to the
> last-call@ietf.org mailing lists by 2021-03-28. Exceptionally, comments may
> be sent to iesg@ietf.org instead. In either case, please retain the beginning
> of the Subject line to allow automated sorting.
>
> Abstract
>
>
> This document specifies the Connection ID (CID) construct for the
> Datagram Transport Layer Security (DTLS) protocol version 1.2.
>
> A CID is an identifier carried in the record layer header that gives
> the recipient additional information for selecting the appropriate
> security association. In "classical" DTLS, selecting a security
> association of an incoming DTLS record is accomplished with the help
> of the 5-tuple. If the source IP address and/or source port changes
> during the lifetime of an ongoing DTLS session then the receiver will
> be unable to locate the correct security context.
>
>
>
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/
>
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
>
>
>
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce
> .
>
- [TLS] Last Call: <draft-ietf-tls-dtls-connection-… The IESG
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… tom petch
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Thomas Fossati
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Hannes Tschofenig
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Achim Kraus
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… tom petch
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Thomas Fossati
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Achim Kraus
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… tom petch
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… Thomas Fossati
- Re: [TLS] Last Call: <draft-ietf-tls-dtls-connect… tom petch