IETF Logo Mail Archive

[TLS] cTLS transport question

Thomas Fossati <Thomas.Fossati@arm.com> Thu, 25 July 2019 16:04 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4429D1202C6 for <tls@ietfa.amsl.com>; Thu, 25 Jul 2019 09:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=9dvK+vSY; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=k7jXN3iX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWlIdtTqkI8W for <tls@ietfa.amsl.com>; Thu, 25 Jul 2019 09:04:18 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on060d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::60d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E24B21202B7 for <TLS@ietf.org>; Thu, 25 Jul 2019 09:04:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GqSeWja71ebdX57tnB8kbFZc5trkrgCPUQpc8Sffegs=; b=9dvK+vSYNM/wkLxetStsrfIzEgQNJLOxuXtTAA9a7oKE+OG0CKz8xla5Idaxblblik7KuiTqRvdVQTUrZe5LqgIb/+FLoEvjltQs5DqBA6G3qMhLy2n7RkM4jC3abSR90Pte1l7XcAI0DAfiDgjm8V8YUmcHdAZ2ZQOkcBFNZvE=
Received: from VI1PR08CA0124.eurprd08.prod.outlook.com (2603:10a6:800:d4::26) by DB6PR0802MB2598.eurprd08.prod.outlook.com (2603:10a6:4:97::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Thu, 25 Jul 2019 16:04:14 +0000
Received: from AM5EUR03FT045.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::204) by VI1PR08CA0124.outlook.office365.com (2603:10a6:800:d4::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2115.13 via Frontend Transport; Thu, 25 Jul 2019 16:04:14 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT045.mail.protection.outlook.com (10.152.17.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Thu, 25 Jul 2019 16:04:11 +0000
Received: ("Tessian outbound cc8a947d4660:v26"); Thu, 25 Jul 2019 16:04:11 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: b519fe6783ac7672
X-CR-MTA-TID: 64aa7808
Received: from 7a79f0058187.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.2.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3549B274-8932-4A20-B9E1-88FA3E5B374C.1; Thu, 25 Jul 2019 16:04:06 +0000
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01lp2054.outbound.protection.outlook.com [104.47.2.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7a79f0058187.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 25 Jul 2019 16:04:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S0wWhAPzwFNBnHCPgtGt74FOaiyYuenzVa0WyZm9UPP3MvNYusifKudy2SQuXB8gOimGWeDU8q7Sli6jygijtr8UFX6g7+++Z3HAymU2pHAKJVUrsMcmzVqmuhC8o1tr8O1cpTTrhW4sru77X8tyvKTHepzIAoHtQGS8tOs6I+XLnIQ1U9Coeq8VMhBlXUg+6oKFeHVftaNS5m8q5xuVm0AIdR6yVF57tr5+RmuhFR6GeCEOVc3QsMUhd0tnguvinsJKocpY9H5IkqH8LHpNeSiXRGbP/xjs3A03htCWYvMHz3ol0zOTPgH2N5K2dKJaePQTGo+98USLcksNhwOMww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fwnBGbj+qyGC6zb9/XEN3h7vGkKWSpq/oPCnyv0rBgE=; b=EC+x/abv0YgUsqICqgdU0KvFCLp9gU7942PyqXumySyqBw0kWkTgXhg6mkINesKSGBJVIHTSo+NntI4y7GMlSVEC7shg2OMZ1uST3h4G+6ZIcBCZDzhO0J3NK0IARv5uPkLqVfajdYuaAg93IoGQm6Vallq4Ope99ISE0dbMj38BpOQapbH8DBggXCAdQALNAoOMCGipFBqdSW3KChjwAbJlQv5TVocOBCQvsoNRkXtvtHNVIOZayTWhm9DGds8FCN+lPRbdQZmvM8/a7a/wT+N8zQcTmDd341DU3bgrpw7hK6lAI9QJstAEyx0Bbtkr/myOl8rpeVy5drkI+z1EKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fwnBGbj+qyGC6zb9/XEN3h7vGkKWSpq/oPCnyv0rBgE=; b=k7jXN3iXizWT9/IfMqE1C93S016oYgjVLG9WG6mf/qxv6ADK07kBUuThV98Ejse5Xa25x9ugx1iEGFjCaUIGHRzq/sUylAyo5eultspthEqzntxxTDoBjbevvw+sMjhRuEHP+w2NqIBJRdWTeocz5/gQ2nQbRaalqNu+DRXJcbk=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.4.202) by AM6PR08MB4769.eurprd08.prod.outlook.com (10.255.97.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Thu, 25 Jul 2019 16:04:05 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::a0cb:7d43:97aa:b4fa]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::a0cb:7d43:97aa:b4fa%7]) with mapi id 15.20.2094.017; Thu, 25 Jul 2019 16:04:05 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: cTLS transport question
Thread-Index: AQHVQwKV/PVIdyCZAkGkRT5l9UavdA==
Date: Thu, 25 Jul 2019 16:04:05 +0000
Message-ID: <1772330A-AEE4-4510-A261-F2D5AF9762DD@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190715
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: f2adbc57-bcd3-4d86-23b7-08d71119bbe2
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM6PR08MB4769;
X-MS-TrafficTypeDiagnostic: AM6PR08MB4769:|DB6PR0802MB2598:
X-MS-Exchange-PUrlCount: 1
X-Microsoft-Antispam-PRVS: <DB6PR0802MB2598725F86BFF2022D244B879CC10@DB6PR0802MB2598.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0109D382B0
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(346002)(366004)(376002)(199004)(189003)(68736007)(966005)(8936002)(478600001)(26005)(6512007)(186003)(2351001)(25786009)(53936002)(2906002)(2501003)(6506007)(66556008)(5660300002)(2616005)(256004)(7116003)(76116006)(66946007)(102836004)(91956017)(66446008)(66476007)(36756003)(64756008)(606006)(4326008)(81166006)(81156014)(66066001)(8676002)(71200400001)(99286004)(71190400001)(486006)(33656002)(14444005)(3846002)(790700001)(86362001)(5640700003)(236005)(6306002)(6436002)(316002)(6486002)(7736002)(476003)(54896002)(6916009)(6116002)(58126008)(3480700005)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4769; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: YofqBQvtBnjVXgFhxSTrNmI/Mf/ChnARhhVeWBJRL3362D/KT/LeB2ALwgluNwOVJg85mh7dy+L0hdTOU5g5KxKSDaDu32PLoR4RueavpQa4ObN2piFgmUQWa998gcQJ3iX/We4sAk7DM5dyA7DKzhmhIzH9JNeAznwUeY/lcn3Q19yvQHI1ClpnN4pXX+WAVjeCIKU0o2GEdUAaZKxv7LjUVEMgqx/E4oz6XpQXT7Ahi86f38RS4n1n7YOkAeae2CznrKeU5XK/fTvkWAjQNIlrpvwyfEw5otn6qEa6d4gCbV5t/nn9wanFN/4Upi96/25Z+bD47IqeBTvlpt/nSzLA4RiLdzDAtRPNEeidjYNfA79q2SK9mLMiO8J+z76LWOwxupyrqpEtNXx9iiAOE+mO1IGi9U74vcVHPI1f3VA=
Content-Type: multipart/alternative; boundary="_000_1772330AAEE44510A261F2D5AF9762DDarmcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4769
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT045.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(346002)(136003)(376002)(2980300002)(40434004)(199004)(189003)(63370400001)(606006)(2351001)(45080400002)(7116003)(478600001)(76130400001)(2501003)(5640700003)(236005)(6306002)(25786009)(2616005)(6486002)(6916009)(30436002)(58126008)(26826003)(36906005)(6512007)(66066001)(54896002)(14454004)(86362001)(70206006)(5660300002)(316002)(2906002)(7736002)(8936002)(966005)(8676002)(790700001)(126002)(4326008)(70586007)(356004)(14444005)(71190400001)(81166006)(36756003)(3846002)(336012)(476003)(186003)(33656002)(63350400001)(3480700005)(22756006)(6506007)(5024004)(33964004)(81156014)(99286004)(486006)(26005)(102836004)(6116002)(4546004)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0802MB2598; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2b25a341-11df-4696-a806-08d71119b7ef
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DB6PR0802MB2598;
X-Forefront-PRVS: 0109D382B0
X-Microsoft-Antispam-Message-Info: 3+RFIiE3EEiR/NZOifoi/kZqEATF1EMCHuL7w+YTF5DTj2ou0vBOEMLTIJUQmRFkvuUPsPFnfC8frDQmw+QOH/FEqMExiszeTM2Px8BTvSNLn+1wFCoohNgRdroA2eq9uav6ybdEddzxciCs8DlAQtEwMIu9XJPj5YYLKhLQy+zIZr5NQekdC4c0WPPedYZJjWb2fV9I8SuOOuU/8u0HWEpZGY/gSZPZfc1o3kythNWZMbrNJMRCHMreKjt1QSODw9Bzhpdoy2zk9eTWQeg4BztaisdEtxxDhnipSymkIijdZkBq1xGgLb6WVlVxy/9UKjAE8cvLNiJ/YWqdU0AgMxQKnOWCqCh9nkiVfnCk6AyhaU/tj0dJCm040qg0hHAdyjGjLzj0eAiJOVOyoh4I/rcOn2UTvUwWUaAs3ULgero=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jul 2019 16:04:11.9258 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f2adbc57-bcd3-4d86-23b7-08d71119bbe2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2598
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Tr2_TdXxMpNni0pn1LJv520VAZw>
Subject: [TLS] cTLS transport question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 16:04:21 -0000

Thanks for presenting this work.  I really like this and I think
it'd be really useful for the use cases we have (IoT, M2M).

One comment: from a quick skimming of the draft, I'm not sure I
understand what the stated expectations on the transport layer are?

Since it's cTLS and not cDTLS I'd have thought it's the same as TLS
(in-order & reliable) but then I got confused reading section 3.2 [1]:

  "The CTLS Record Layer assumes that records are externally framed
   (i.e., that the length is already known because it is carried in
   a UDP datagram or the like)"

On Jabber Ben suggested that one could put CoAP between UDP and cTLS to
get in-order & reliable delivery with a datagram transport, but then I'm
not sure what the advantage would be since we'd be trading 2 bytes of
TLSPlaintext.length with 4 bytes (minimum) of CoAP header?

From the Jabber discussion, my current understanding is that there are 2
assumptions: a) the transport is in-order & reliable, and 2) there is
one TLS record per transport layer packet.

Is that the correct interpretation?  If it is, is it not too restrictive
a requirement?

Cheers, thanks

[1] https://tools.ietf.org/html/draft-rescorla-tls-ctls-02#section-3.2


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email