Re: [TLS] Working group last call for draft-ietf-tls-dtls-heartbeat-02
Nikos Mavrogiannopoulos <nmav@gnutls.org> Mon, 22 August 2011 07:07 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C24721F86C0 for <tls@ietfa.amsl.com>; Mon, 22 Aug 2011 00:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hID5HKJ+lkyq for <tls@ietfa.amsl.com>; Mon, 22 Aug 2011 00:07:19 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 95E4F21F85A1 for <tls@ietf.org>; Mon, 22 Aug 2011 00:07:19 -0700 (PDT)
Received: by wyg8 with SMTP id 8so3867199wyg.31 for <tls@ietf.org>; Mon, 22 Aug 2011 00:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=pl2iGFOp8GZgm0auv2pGGM4gTAXdxe/3AF9IbQwqvZ0=; b=K9OT/2SBhMBQh/GeQ8kMqP8yETe8/CBV1Q3MsfQ1qBJRzz5JT+BuBFBGz2Mznw1RcC ZN62mTJu/WYz3NbiznlzwLaqvCHd9gGjiZjsxhihGFfcmQMUqEloCLdsKQbHeQ4Fb5v4 8hGD0eSlFm+NbLIJ0qlu4LImfwQNzeravAOck=
Received: by 10.227.32.129 with SMTP id c1mr1658571wbd.32.1313996902059; Mon, 22 Aug 2011 00:08:22 -0700 (PDT)
Received: from [10.100.2.14] (94-225-167-75.access.telenet.be [94.225.167.75]) by mx.google.com with ESMTPS id n20sm2183900wbh.50.2011.08.22.00.08.20 (version=SSLv3 cipher=OTHER); Mon, 22 Aug 2011 00:08:20 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4E520063.7020206@gnutls.org>
Date: Mon, 22 Aug 2011 09:08:19 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: tls@ietf.org
References: <67629EB8-CDF5-47B3-BC6E-C1A76E08C294@cisco.com>
In-Reply-To: <67629EB8-CDF5-47B3-BC6E-C1A76E08C294@cisco.com>
X-Enigmail-Version: 1.1.2
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Working group last call for draft-ietf-tls-dtls-heartbeat-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 07:07:21 -0000
On 08/22/2011 07:07 AM, Joe Salowey wrote: > This announcement is for the working group last call of > draft-ietf-tls-dtls-heartbeat-02. Please send comments to the list > by September 09, 2011. As I understand the draft this extension is 2 things: 1. A keepalive ping for TLS and DTLS 2. PMTU discovery mechanism for DTLS My unanswered comments on a previous post [0] still stand. I expand below. I believe more rationale is needed in the draft on _why_ should these issues be solved at TLS or DTLS level. For (1), TCP has a keepalive mechanism, so reintroducing it at TLS doesn't make much sense, and UDP throws the burden to user protocol. So why not throw the burden on the protocol above? The only discussion on text is: "Sending HeartbeatRequest messages allows the sender to make sure that it can reach the peer and the peer is alive. Even in case of TLS/TCP this allows this check at a much higher rate than the TCP keepalive feature would allow." So is this just a high-rate TCP keepalive? Why do we need that at the security layer? Why not propose a high-rate TCP keepalive? About (2) Both TCP and UDP don't bother with a special PMTU discovery mechanism. Why should DTLS or TLS provide it? Are there advantages on making a PMTU discovery at this level? Note that I am not opposing to the idea of providing those, if there is a good reason, but I don't see that now. regards, Nikos [0]. http://www.ietf.org/mail-archive/web/tls/current/msg07580.html
- [TLS] Working group last call for draft-ietf-tls-… Joe Salowey
- Re: [TLS] Working group last call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working group last call for draft-ietf-… Michael Tüxen
- Re: [TLS] Working group last call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working group last call for draft-ietf-… Michael Tuexen
- Re: [TLS] Working group last call for draft-ietf-… Joe Salowey
- Re: [TLS] Working group last call for draft-ietf-… Michael Tüxen