Re: [TLS] a slightly different DTLSShortCiphertext
"Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com> Mon, 05 March 2018 00:13 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7C3126C89 for <tls@ietfa.amsl.com>; Sun, 4 Mar 2018 16:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_Cwaci8tyIQ for <tls@ietfa.amsl.com>; Sun, 4 Mar 2018 16:12:59 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0114.outbound.protection.outlook.com [104.47.2.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF66F126C25 for <tls@ietf.org>; Sun, 4 Mar 2018 16:12:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hcXUVwFbGoEK+7QuUiLWbAKOP3st3BasyG9KsBC2vdQ=; b=NQHI5B7NrmwigSWuL9BGNFqvHERC+M17C5+667jiTRh9bKU9Y5Og1VXtyiF2Tytskhv7ctel19kqlK8HHI/1GFLiJQoFT1gjzbno838cJAJJHl3tSSaXYUVqUBWod0AfB/74izB+LOG60viAhyDqHUPIs1+wcL5vTpl7UzTzOs8=
Received: from DB3PR07MB0747.eurprd07.prod.outlook.com (10.160.53.12) by DB3PR07MB074.eurprd07.prod.outlook.com (10.242.147.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.6; Mon, 5 Mar 2018 00:12:55 +0000
Received: from DB3PR07MB0747.eurprd07.prod.outlook.com ([fe80::785f:6cea:95a9:4688]) by DB3PR07MB0747.eurprd07.prod.outlook.com ([fe80::785f:6cea:95a9:4688%10]) with mapi id 15.20.0567.010; Mon, 5 Mar 2018 00:12:54 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "tls@ietf.org" <tls@ietf.org>, "Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com>
Thread-Topic: [TLS] a slightly different DTLSShortCiphertext
Thread-Index: AQHTsxW/6qFSEpXqqES2EPxAc891oKPAtjUAgAARB4A=
Date: Mon, 05 Mar 2018 00:12:54 +0000
Message-ID: <E843546D-9D12-46C4-A4FA-B08E49FDA72F@nokia.com>
References: <E531E112-CCA8-4C7C-B96B-66A7434940CD@nokia.com> <CABkgnnWc3GnGJd80-W=tJ+LpSbaioMOC3jh7CmEkYp=4=Y29SA@mail.gmail.com>
In-Reply-To: <CABkgnnWc3GnGJd80-W=tJ+LpSbaioMOC3jh7CmEkYp=4=Y29SA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.a.0.180210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.111.122.102]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR07MB074; 7:4m3e4/9LcAkMVsSNqat+sdEYhhgsXSa0P4ZyPc8M3hZLoZT8/g2RR6kK3doUhvCK9v//lNKwywLbyO0QV0AmVcbMwpHerTzIuaI6/nztVgdhMR6L0o2oYe0RWJN7hdWsH9NiSbsH9XC5wq26LuLW8wn8Qt82MQQMJR5vgitXpkRMLl5EGvyPF0xR2DBRRNypyyoaIhKDFcZDKxCQnhCgQ+tE78uiAmxTzlIfewXMk016QnSztNHpGlglLQkSMdv4
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(396003)(366004)(39380400002)(189003)(199004)(6246003)(7736002)(305945005)(6436002)(107886003)(2906002)(6116002)(6486002)(3660700001)(5660300001)(76176011)(53936002)(33656002)(8936002)(99286004)(81156014)(83716003)(81166006)(8676002)(5250100002)(106356001)(6512007)(58126008)(316002)(14454004)(3846002)(97736004)(105586002)(4326008)(186003)(26005)(2950100002)(102836004)(229853002)(86362001)(68736007)(478600001)(53546011)(59450400001)(6506007)(66066001)(2900100001)(82746002)(39060400002)(6916009)(3280700002)(25786009)(54906003)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR07MB074; H:DB3PR07MB0747.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 01e080bc-896b-4ff6-8170-08d5822dd7bf
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:DB3PR07MB074;
x-ms-traffictypediagnostic: DB3PR07MB074:
x-microsoft-antispam-prvs: <DB3PR07MB074BFDD9F9BF8D169E6933D80DA0@DB3PR07MB074.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(85827821059158);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231220)(11241501184)(806099)(944501244)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:DB3PR07MB074; BCL:0; PCL:0; RULEID:; SRVR:DB3PR07MB074;
x-forefront-prvs: 06022AA85F
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: IEImRVBdk5D+Rj7fqiYhg5Ol19pSkbSZbRQhyDsNp7LvL2rCQo+1iTsNR4Weft+pNQfuO1cxVTaqswwp3rIgC+D0swP+8LjsJqlAhasaHr6P4tYyvx6u3KjCaz5zHFwtR7RVRoHqd9wT7m5Vy3k1JMyzCOVF8lrARz39rZbbp+hCbA27nJFvxV/920P6AVUWWlcKOjk/JniOtAIQW31kypQXyRMCuoAQw7pWIMqXsH4frresKCy+ii4svMx8J55vcl1qF9tjCB8Jq0hCV0clDDhGjVLnOG3NIEAuC+cOo+t1YPPCjnfAhOQloz/EeGz6YK6X0LgSNeSMdpyO/YrCk6jAL2Ts6E2cEB6x86yOtIH179vvK7pmde9Tn+WUsuAv
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <8702BD75ED3A35458D65DBA848970453@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01e080bc-896b-4ff6-8170-08d5822dd7bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2018 00:12:54.6083 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR07MB074
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PYZt-9ZC1RtV1QvPWKtnDpQRJUs>
Subject: Re: [TLS] a slightly different DTLSShortCiphertext
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 00:13:01 -0000
On 04/03/2018, 23:12, "Martin Thomson" <martin.thomson@gmail.com> wrote: > We are about to remove that bit from the QUIC packet. I don't see any > advantage in adding it here. > > Can you explain in more detail who you think consumes this bit? Server or server-side middleware that doesn't know whether the packet that needs parsing belongs to a session that negotiated CID or not. I'm not sure the analogy with QUIC holds here: AFAIU, in QUIC the server can always say "use CID when you are talking to me"; in DTLS, the server has to live with a mix of CID and non-CID sessions. On-path diagnostic tooling. E.g., if you have a huge fleet of sensors deployed behind a NAT where rebindings happen basically every time the sensor sends the update upstream (the 5-tuple is totally ephemeral), and you need to do anomaly detection, being able to extract the CID from the flows is pretty handy. But in general, when you don't own the endpoints and are asked to debug, having a working wireshark is nice. I genuinely can't see what advantage we get by not having its presence explicitly signalled. Could you elaborate a bit on that? Cheers, thanks
- [TLS] a slightly different DTLSShortCiphertext Fossati, Thomas (Nokia - GB/Cambridge)
- Re: [TLS] a slightly different DTLSShortCiphertext Martin Thomson
- Re: [TLS] a slightly different DTLSShortCiphertext Fossati, Thomas (Nokia - GB/Cambridge)
- Re: [TLS] a slightly different DTLSShortCiphertext Eric Rescorla
- Re: [TLS] a slightly different DTLSShortCiphertext Fossati, Thomas (Nokia - GB/Cambridge)