Re: [TLS] Mail regarding draft-ietf-tls-record-limit
Benjamin Kaduk <bkaduk@akamai.com> Mon, 19 February 2018 18:06 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 680FA124319; Mon, 19 Feb 2018 10:06:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0u-JKy40icw; Mon, 19 Feb 2018 10:06:26 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6400A12420B; Mon, 19 Feb 2018 10:06:26 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1JI4AgT000976; Mon, 19 Feb 2018 18:06:17 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=sGX1UwKMoxi3OUH0fnVvw7Tl3JZkJ7cT07si4WzYtMA=; b=NYIiqx8Wx5SZ3L8IFJtbXqT+/07is0PlEYY9InqAD1lxSY8j4iQgYNt07A6TtYNaBHKm MkXwxUVJFcDnWtJNPPTwiKRNCOvuEzBRgfV9y4uftL1mDvBZBrhHZpwZk0cGCh//r8bi CMjsT4KqhPPcoklqfHPJ6cDgmSxfJaZFkPjSwZFAz0I99mi/lAEUgLanT2JkBGZ2CV8T miaNVcwxj31Y1J1dfbr9ZY4Ag4mdC1s/p2tLbLRhumpQbagxTMN/cnjZ7iVOHgCLQHSo Ps8gTfiBaesXip2BVCU2N7PxZchPx+9x6Q23XD9SY/cULUU7WBrv1iRH8MdIGkC/Ohkd 8g==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050093.ppops.net-00190b01. with ESMTP id 2g6chqf66y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 18:06:15 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1JI16Jv003513; Mon, 19 Feb 2018 13:06:14 -0500
Received: from prod-mail-relay11.akamai.com ([172.27.118.250]) by prod-mail-ppoint2.akamai.com with ESMTP id 2g6gmep4tc-1; Mon, 19 Feb 2018 13:06:14 -0500
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id EAAF3338BB; Mon, 19 Feb 2018 18:06:13 +0000 (GMT)
To: Jim Schaad <ietf@augustcellars.com>, ilariliusvaara@welho.com
Cc: draft-ietf-tls-record-limit@ietf.org, tls@ietf.org
References: <008b01d3a94e$1cc174e0$56445ea0$@augustcellars.com> <CABkgnnUMKhnQS59Xt2=WaJp9Ywbzej6_vZ1u9R1dHE02ocir3Q@mail.gmail.com> <00a401d3a99f$28679e90$7936dbb0$@augustcellars.com> <20180219171827.GA28597@LK-Perkele-VII> <00ae01d3a9a6$e3757f70$aa607e50$@augustcellars.com> <20180219175043.GA28923@LK-Perkele-VII> <00b001d3a9aa$e3700460$aa500d20$@augustcellars.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <bfd6c186-d5df-3b30-3402-d5ca646b1be0@akamai.com>
Date: Mon, 19 Feb 2018 12:06:13 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <00b001d3a9aa$e3700460$aa500d20$@augustcellars.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-19_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=466 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802190222
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-19_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=445 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802190223
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QuB49imGC21fxDVvDONuxbmOxmM>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 18:06:27 -0000
On 02/19/2018 11:55 AM, Jim Schaad wrote: > >> -----Original Message----- >> From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] >> Sent: Monday, February 19, 2018 9:51 AM >> To: Jim Schaad <ietf@augustcellars.com> >> Cc: 'Martin Thomson' <martin.thomson@gmail.com>; tls@ietf.org; draft-ietf- >> tls-record-limit@ietf.org >> Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit >> >> On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote: >>> >>>> -----Original Message----- >>>> From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] >>>> Sent: Monday, February 19, 2018 9:18 AM >>>> To: Jim Schaad <ietf@augustcellars.com> >>>> Cc: 'Martin Thomson' <martin.thomson@gmail.com>; tls@ietf.org; >>>> draft-ietf- tls-record-limit@ietf.org >>>> Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit >>>> >>>> >>>> You need to consider the case where there is some unknown-to-server >>>> extension that happens to alter the limit. >>> I am not sure how, as a that server, I could possibly do that. I >>> can't act on something I don't understand. >> Because the server can not know the semantics of unknown extensions, it has >> to assume any such can alter the maximum limit. Of course, when it comes to >> that, the server could just not error on too large limits regardless of other >> extensions. > But if the server does not understand the new extension, then it would not be returned to the client so that the client would understand how the server decided on what the maximum value that it is going to use for the client is. The client can then abort the connection if it does not like the new limit. However, I think that this would only affect the MAY in the proposed text. > > Consider the hypothetical case where we define an extension my_mtu_is_absurd, that lets you send 2**16-1-byte records, so the client sends that extension as well as a record_size_limit extension including the 2**16-1-byte value. A server that does not know about my_mtu_is_absurd might say "this value 2**16-1 is way too big; I'm going to abort", and that's the behavior that we're trying to prevent. -Ben
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Martin Thomson
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Jim Schaad
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Benjamin Kaduk
- Re: [TLS] Mail regarding draft-ietf-tls-record-li… Ilari Liusvaara