IETF Logo Mail Archive

Re: [TLS] RFC 6066 - Max fragment length negotiation

Joseph Birr-Pixton <jpixton@gmail.com> Sat, 18 March 2017 10:18 UTC

Return-Path: <jpixton@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973CE126B6D for <tls@ietfa.amsl.com>; Sat, 18 Mar 2017 03:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ftQzf-VHhngt for <tls@ietfa.amsl.com>; Sat, 18 Mar 2017 03:18:44 -0700 (PDT)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29385126BF6 for <tls@ietf.org>; Sat, 18 Mar 2017 03:18:44 -0700 (PDT)
Received: by mail-oi0-x22c.google.com with SMTP id w81so5421595oig.1 for <tls@ietf.org>; Sat, 18 Mar 2017 03:18:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4QJ9hb1dMnLkuXPTFQId0g1X/tev/YPiSkUQ3DpFX1Y=; b=huddLhc2PzmgZXXuSGl+nkbdrzq0xNBjPZdMfd/pHdz8hMQd0I4beYaxRz0/PK9QcD ianRcPX3XMx0VkDyRarsbUQHkqUJHSDemMj+ESl2h9mEP9wZHca1RyGsyQFktkwdjdIJ RH7XmEcfYQa2cJsLxSppMEKWlHZ6Dj+rdpffa6DSz1p7iWY5iAbwVnahIsmpCD5aY+Wl Q6obvAgeGJlezNPl3yX6u1LIuAkDoZ1dHy8ZvPbeAzaDGJEPSPJ4V2H3u2OLzHEO1gwE PlBA2HujUhIRActAgaqHthqQbJPRzMhVlOqMbIXm/QX/YR0X0igA2owcG9EnznqZwqTh GORA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4QJ9hb1dMnLkuXPTFQId0g1X/tev/YPiSkUQ3DpFX1Y=; b=I+rM/QjMUeDCTQwJ/9JuCv3F2THyy1EccolHeJloR3aQ0h3KvPf/jtN2lBbTGcvSFl f8VmEuaMGmiWbZpudbZqTTiXcgoR8aFlGZraCtnxmmvXrXZrRpfU0eaxPn1v4YX4xBny XPyiEY6Nfp+7oTu0G9G9b7BijrTQC9C6nb1nJnzRKntJGbLKsW8LPBQPvv0jemTFBats Eh0IqmvDJrukEdxM3AUcZ/aqrcpCIVChP6sbmGN2f07H9wDEIsIXpemtu89OvBHuos+e zxIH0ezeWb8isnRJ2XGyOH0Q832en75faqEkmxUu6e6ZRqvQRdRjjnhPW9+E/gmXmP2v tIcg==
X-Gm-Message-State: AFeK/H0y3BMfFoACmwzBt+cnBK0jAA7NUQDjDIw/ZkleRBlVn5v9PSYw/DKOevaLRBJsy1O24LXxQE/y3JBoUg==
X-Received: by 10.202.195.148 with SMTP id t142mr6355233oif.54.1489832323494; Sat, 18 Mar 2017 03:18:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.103.15 with HTTP; Sat, 18 Mar 2017 03:18:03 -0700 (PDT)
In-Reply-To: <1489829754868.16595@cs.auckland.ac.nz>
References: <CACaGApnuePX7x4_4nj=z6=+xXbEyHRL9yr7TW96_yxVDo2eKkw@mail.gmail.com> <1489829754868.16595@cs.auckland.ac.nz>
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Sat, 18 Mar 2017 10:18:03 +0000
Message-ID: <CACaGApmjD7XVMKs00P48PNaUkCsGh_BkxN85-JX5dkf3B0UnRw@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/P1nnYqiDSLVA13kY6nbbTQVf6N8>
Subject: Re: [TLS] RFC 6066 - Max fragment length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Mar 2017 10:18:48 -0000

On 18 March 2017 at 09:36, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> Joseph Birr-Pixton <jpixton@gmail.com> writes:
>
>>With the greatest of respect, mbedtls *doesn't* implement
>>max_fragment_length[1], because it doesn't fragment handshake messages as
>>required by the spec. Attempts to use it with a conforming peer will fail to
>>handshake.
>
> What's the largest handshake message it sends?

In my case, a KB or so of client certificate.

> I would assume that for at
> least the larger fragment sizes it'd be OK, because no handshake message would
> get large enough to require fragmentation.

True. Personally I was interested in the 512 byte max_fragment_length,
because this is the best match for devices with the minimum IP MTU of
576 bytes. As a server, that breaks sending really any kind of
certificate chain. As a client, it breaks client auth for similar
reasons.

> Incidentally, has anyone else who's implemented this dealt in the weird
> omission of 8K by using the logical value 5 that follows 1, 2, 3, 4 for 512,
> 1K, 2K, and 4K?  In many cases 8K is just what you need, it halves memory
> consumption while being large enough to not have to worry about fragmenting
> handshake messages.

Mmm, that is a strange omission. Personally I think this extension's
encoding of the available lengths is too much policy and not enough
mechanism. For want of an extra byte!

Cheers,
Joe

v2.23.0 | Report a Bug | By Email