Re: [TLS] About the contents of Record Layers
1.41421@gmail.com Sun, 01 August 2010 17:01 UTC
Return-Path: <1.41421@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B32F63A6964 for <tls@core3.amsl.com>; Sun, 1 Aug 2010 10:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.545
X-Spam-Level:
X-Spam-Status: No, score=-0.545 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8IsBrjO+CRP for <tls@core3.amsl.com>; Sun, 1 Aug 2010 10:01:20 -0700 (PDT)
Received: from mail-gw0-f70.google.com (mail-gw0-f70.google.com [74.125.83.70]) by core3.amsl.com (Postfix) with ESMTP id 0986C3A69AA for <tls@ietf.org>; Sun, 1 Aug 2010 10:00:24 -0700 (PDT)
Received: by gwb1 with SMTP id 1so4657840gwb.1 for <tls@ietf.org>; Sun, 01 Aug 2010 10:00:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.110.4 with SMTP id i4mr2875130anc.4.1280682051675; Sun, 01 Aug 2010 10:00:51 -0700 (PDT)
In-Reply-To: <AFBE0D66-F4C9-4E81-B53D-C2B1039CF35E@iki.fi>
Message-ID: <0016e645abb0c2aae1048cc6067a@google.com>
Date: Sun, 01 Aug 2010 17:00:51 +0000
From: 1.41421@gmail.com
To: Juho Vähä-Herttua <juhovh@iki.fi>
Content-Type: multipart/alternative; boundary="0016e645abb0c2aace048cc60677"
Cc: tls@ietf.org
Subject: Re: [TLS] About the contents of Record Layers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2010 17:01:21 -0000
My thanks Juho and Brian for your feedback. On a similar topic, my understanding is that a Record Layer can encapsulate several protocol messages, all of them belonging to the same protocol. This makes sense for Alert and Handshake protocol messages, for they contain all the information necessary to find out where protocol messages of those types end (which may happen only after many Record Layers have been received.) The same applies to ChangeCipherSpec messages, albeit I do not understand why one would want to encapsulate more than one such message in a Record Layer. Now what about Application data messages? I believe that as far as TLS is concerned these messages are just blobs of data; ie it's beyond the scope of TLS to know where they end. Thus, is it not the case that a Record Layer can contain one, and only one, Application data message? Obviously, the application can spread its data over many Record Layers, but when TLS receives a Record Layer with Application data it automatically knows that the whole of the Record Layer's payload is a single, structure-less (as far as TLS is concerned) string of bytes. Is this a correct assessment? On Aug 1, 2010 10:42am, Juho Vähä-Herttua <juhovh@iki.fi> wrote: > On 1.8.2010, at 18.08, JCA wrote: > > Does the TLS 1.* specs allow to send a Record Layer with an empty > > body? That is, a Record Layer containing only the protocol ID, version > > and length fields? I don't see why would anyone want to do that but, > > is it legal? > The specification seems to be quite clear about this, in TLS 1.0: > 6.2. Record Layer > The TLS record layer receives uninterpreted data from higher layers > in non-empty blocks of arbitrary size. > ...and clarified in TLS 1.2... > Implementations MUST NOT send zero-length fragments of Handshake, > Alert, or ChangeCipherSpec content types. Zero-length fragments of > Application data MAY be sent as they are potentially useful as a > traffic analysis countermeasure. > So in case of application data they can be sent, in reality I would do > serious testing with existing implementations to see how they behave. If > they are TLS 1.2 compliant and negotiate a TLS 1.2 connection they should > all accept the empty records though. > Juho
- [TLS] About the contents of Record Layers JCA
- Re: [TLS] About the contents of Record Layers Brian Smith
- Re: [TLS] About the contents of Record Layers Juho Vähä-Herttua
- Re: [TLS] About the contents of Record Layers Juho Vähä-Herttua
- Re: [TLS] About the contents of Record Layers 1.41421
- Re: [TLS] About the contents of Record Layers Michael D'Errico