Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt

Michael D'Errico <> Fri, 23 October 2009 04:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7F2073A681C for <>; Thu, 22 Oct 2009 21:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9xlORAyr55Q3 for <>; Thu, 22 Oct 2009 21:28:22 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 62F623A68DE for <>; Thu, 22 Oct 2009 21:28:20 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id AAB6D827D7 for <>; Fri, 23 Oct 2009 00:28:30 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=V+kHTVGji599 NOXj63lispUESf8=; b=xdK/IoUIdjfqTtYcP4nrZap6n0eY9jwOLGKWnTUWoznE yVI1CpaUKuPqRB1qaOaHPjmK7VujZ3gKmo79Qj9Zc9K79oLqdolq0Gb3i88+6rzF CjIwG5g1eJG7GumLoe1jfX0C9sJ0HmtAWp3nJ6kP7Ckbs8FSAMcKa4pRsIQI0Ew=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=Y8dhMR /Mr4pCuJXfS4xIxiB1OwVxcHmp8Hqb+NCdmeRvw7fVr/rITsc5aAJzHmSyklxGVU fx5lT4n2Znup4pHuffly5AWdVYgSJ6hrfn5IpAaSpPhF/H9PKuR+gaGHMNGGwQTR Ahr7iiTBVbVTqrNQ1bLm5AjaxJZm4qvwABmdQ=
Received: from (unknown []) by (Postfix) with ESMTP id A634B827D6 for <>; Fri, 23 Oct 2009 00:28:30 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id B6288827D5 for <>; Fri, 23 Oct 2009 00:28:29 -0400 (EDT)
Message-ID: <>
Date: Thu, 22 Oct 2009 21:29:18 -0700
From: Michael D'Errico <>
User-Agent: Thunderbird (Macintosh/20090812)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 84769944-BF8C-11DE-986F-A67CBBB5EC2E-38729857!
Subject: Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Oct 2009 04:28:23 -0000

The link appears to go to the correct version of the draft, but the
header of each page says it is draft -00 dated June 2008.

Overall the draft seems to be good, but one thing I think is missing
is for the server to be able to somehow tell the client to switch to
a different port for DTLS over UDP (I don't know about other types
of transports).  The simplest scheme I can envision is that the
HelloVerifyRequest and ServerHello messages would be sent from the
port the client initially contacted.  The ServerHello would contain
a DTLS_PortChange extension listing the new port number.  The
remainder of the handshake and subsequent data transfer would occur
on this new port.

Comments on the draft:

In section 3. Overview of DTLS, it says:

     1. TLS's traffic encryption layer does not allow independent
     decryption of individual records.  If record N is not received,
     then record N+1 cannot be decrypted.

I don't believe this is always true -- if a block cipher is used,
then since there is an explicit IV given, you can decrypt the record.
The MAC, however, will not calculate correctly due to the wrong
sequence number, so the missing record will be detected.  Stream
(and AEAD?) ciphers would fail to decrypt as stated.

Near the top of page 9, the abbreviation CSS is used.  I think that
should have been CCS, but I would suggest spelling out ChangeCipher
Spec rather than abbreviating.

At the very end of section 4.2.1 (top of page 17) it mentions a
HelloVerify message (not HelloVerifyRequest).  Should that be a
ClientHello message (with cookie)?


   - last line of page 3: "they typically requires" strike the s.
   - section 4.1.1 second line, "that clients" remove "that"
   - top of page 14 - "forget" should be "forgery"


Joseph Salowey (jsalowey) wrote:
> This is an announcement for working group last call on DTLS 1.2 (RFC
> 4347-bis).  The document is available here:
> Please send any comments to the list by October 26, 2009.  It is useful
> to send an indication to the list if you have read the document and
> think it is ready for publication even if you don't have specific
> comments.  
> Thanks,
> Joe