Re: [TLS] Add max_early_data_size to TicketEarlyDataInfo

Filippo Valsorda <ml@filippo.io> Mon, 10 October 2016 19:22 UTC

Return-Path: <ml@filippo.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A29B129471 for <tls@ietfa.amsl.com>; Mon, 10 Oct 2016 12:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=filippo.io header.b=eDv87F5Z; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=dH7pshKn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AfuYLl7VWxF for <tls@ietfa.amsl.com>; Mon, 10 Oct 2016 12:22:32 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16918129451 for <tls@ietf.org>; Mon, 10 Oct 2016 12:22:32 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 7BA6520817; Mon, 10 Oct 2016 15:22:31 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute3.internal (MEProxy); Mon, 10 Oct 2016 15:22:31 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=filippo.io; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ZuIrQUSeT36J+Dp+7maWZsU8UZg=; b=eDv87F 5ZUaC08ppr0dHxv5r0pKvq14gY7MvblfBvo3p745SDRWzaaNtyL7Pe+fewl01i6t IDfIr87ONcTxCWqaLoWxuvYKbwcUdZzwDfM7sWX/8EGxyaQ4lER3Db9BbJUa5l1+ OfRTMB2LifjoMCGhgB6AKig1M60GJ71LgSpJI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=ZuIrQUSeT36J+Dp +7maWZsU8UZg=; b=dH7pshKnoBwu3GSRhcFcVw0maZWpdHCV4pq4k1CI9dIxtRk xRSJQEyXuCHjtyWyhWbYBGFTx+q70UYTtSqSmjcdT4NURAN4OitHCFNsJCN1OfBI EjowmGX5OhU5xTEXH0PBsj7pF7PKX2k66AtJMecBupfVkPmaNRoPUSbm4jcw=
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 5673296EA2; Mon, 10 Oct 2016 15:22:31 -0400 (EDT)
Message-Id: <1476127351.3937248.751550105.203AFB6D@webmail.messagingengine.com>
X-Sasl-Enc: nroqix70MdJU+4IN1TRRXOGRkQte22G6P8fQLqeeIluN 1476127351
From: Filippo Valsorda <ml@filippo.io>
To: David Benjamin <davidben@chromium.org>, Benjamin Kaduk <bkaduk@akamai.com>, tls@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_147612735139372480"; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-cdbff290
Date: Mon, 10 Oct 2016 20:22:31 +0100
In-Reply-To: <CAF8qwaBhVdxyXUc=p0kFHrB=bfE7KaXf229nEfFh_uFSEiHTjw@mail.gmail.com>
References: <1475859457.3070375.749089329.59EED0F8@webmail.messagingengine.com> <82f39c83-0040-cf87-94ae-16c321eecc95@akamai.com> <CAF8qwaBhVdxyXUc=p0kFHrB=bfE7KaXf229nEfFh_uFSEiHTjw@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T-1UQRJwkozVmh_6zLYn4c8O4fQ>
Cc: filippo@cloudflare.com, aaspring@umich.edu
Subject: Re: [TLS] Add max_early_data_size to TicketEarlyDataInfo
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 19:22:33 -0000

2016-10-07 22:06 GMT+0000 David Benjamin <davidben@chromium.org>;:
> Units is a little interesting. For those purposes, this limit would
> kick in whether or not the early data could be decrypted, so the server-
> side limit would be measured in ciphertext, possibly even including
> record headers. (Although any inaccuracies in converting could be done
> by just advertising an underestimate and breaking peers that send
> pathologically silly things like all one-byte records. So it doesn't
> matter much.)

Yeah, I've been thinking about that. I went for plaintext because it
seemed to simplify the API on the client side, but maybe it's best to
count  the whole record size, and let the client worry about not doing
some silly splitting or padding.

I'll update the PR.