Re: [TLS] Multiple records in record limit (was: Secdir review)
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 26 February 2018 10:28 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320DA12D7F6 for <tls@ietfa.amsl.com>; Mon, 26 Feb 2018 02:28:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmRKWF8Xzl1F for <tls@ietfa.amsl.com>; Mon, 26 Feb 2018 02:28:22 -0800 (PST)
Received: from mail-wr0-f173.google.com (mail-wr0-f173.google.com [209.85.128.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49263126D74 for <tls@ietf.org>; Mon, 26 Feb 2018 02:28:22 -0800 (PST)
Received: by mail-wr0-f173.google.com with SMTP id k9so20608702wre.9 for <tls@ietf.org>; Mon, 26 Feb 2018 02:28:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=rPh1hY2bNk6fHyvTnhjykYWs+CNtfVziFTuWaRdZmqM=; b=e5MZS1rLnPeAmoZBwKwDw8EL5D0hOgpgfZfgrG+esh5CjKRbICUY2lG1GOfNm1G4/B xlGmnWCHBZyun1Vk2J1GkyO/2Tn4LhhwFsinCm+w7BE45mugFKTBwZje/6aw9E646w25 EwWXKrst3w/bpJ8PDGa+31epZ6YSClISKKT7TN9mGWUsWvRHfOwI5cBn9Nv0HvCtL5RA AFBJE3GwxukcKjjfWEDdbhBXLqB6i1RMcopVP9DCXmfXCuCaprNmTP7WtH5WU7zFGhJF DTeHIPcUgIfnKPL8KQatfM8mb3Wua3WPf9bZKcs+eTWSvpf2Nj2+gugYv7HBkkwJfWtw 7HfA==
X-Gm-Message-State: APf1xPCOOOzTOnL70njGrdvslSBFHEh6CwQc0IbzKof6ECaroH/v+T76 Exhs+jT33bFq/oQ69IjT0BYHU828VMQ=
X-Google-Smtp-Source: AH8x227cmhpO17cP0zUHNLMW/WFIIXUTcx+dIlitA/eXdL0Usn6bOCYmRs0jjk01udvCqbnPyhUFcg==
X-Received: by 10.223.136.72 with SMTP id e8mr8407188wre.163.1519640899971; Mon, 26 Feb 2018 02:28:19 -0800 (PST)
Received: from dhcp-10-40-1-102.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id l11sm6167912wrg.71.2018.02.26.02.28.19 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 26 Feb 2018 02:28:19 -0800 (PST)
Message-ID: <1519640898.10011.48.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: tls@ietf.org
Date: Mon, 26 Feb 2018 11:28:18 +0100
In-Reply-To: <CABkgnnX_RpLXVLw+hFrOQJDQkFO9Gjz9Qc2intv7ECgcowNLVg@mail.gmail.com>
References: <CABkgnnX_RpLXVLw+hFrOQJDQkFO9Gjz9Qc2intv7ECgcowNLVg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.5 (3.26.5-1.fc27)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RP76bVxg0ujb9mf7HessELH9hDg>
Subject: Re: [TLS] Multiple records in record limit (was: Secdir review)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 10:28:24 -0000
On Mon, 2018-02-26 at 12:39 +1100, Martin Thomson wrote: > Out of the secdir review (thanks again Alan!), I realized that the > draft never actually said this: > > PMTU governs the size of UDP datagrams, which limits the size of > records, but > does not prevent records from being smaller. An endpoint that > sends small > records is still able to send multiple records in a single UDP > datagram. > > I think that I should add that explanation. > > Does anyone think that this should go further and advise against > putting multiple records in the same datagram? I'm not sure which part of the protocol text this would refer to, but DTLS1.2 says in https://tools.ietf.org/html/rfc6347#section-4.1.1 ``` Multiple DTLS records may be placed in a single datagram. They are simply encoded consecutively. ``` so even though I agree that the advice against putting multiple records in the same datagram is a good one (I'm not even sure if that works today with existing implementations), the advice seems against the original protocol. Shouldn't that text be in the upcoming DTLS1.3 rather than an update like record size limit which seems unrelated? regards, Nikos
- [TLS] Multiple records in record limit (was: Secd… Martin Thomson
- Re: [TLS] Multiple records in record limit (was: … Eric Rescorla
- Re: [TLS] Multiple records in record limit (was: … Nikos Mavrogiannopoulos
- Re: [TLS] Multiple records in record limit (was: … Alan DeKok
- Re: [TLS] Multiple records in record limit (was: … Eric Rescorla