Re: [TLS] TLS 1.3 and max_fragment_length
Benjamin Kaduk <bkaduk@akamai.com> Tue, 14 March 2017 20:44 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D59A31314D0 for <tls@ietfa.amsl.com>; Tue, 14 Mar 2017 13:44:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Level:
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ei4wA7VYwyf for <tls@ietfa.amsl.com>; Tue, 14 Mar 2017 13:44:05 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB7E1314CF for <tls@ietf.org>; Tue, 14 Mar 2017 13:44:05 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 889A9496C0E; Tue, 14 Mar 2017 20:44:04 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 5EE7E496C0B; Tue, 14 Mar 2017 20:44:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1489524244; bh=z0NY+wXD4AumiBueq9Ow6QBcjJcwQ1HscZ9/R1It2nE=; l=4234; h=To:References:Cc:From:Date:In-Reply-To:From; b=INlAaXNzUJM/Mtr+dTNjWN7zD8o9PA3gPvLJUJaeflT41DfWvXWYX1Yo6jNSB+niH fuitAYz+GSKcKU520ciJLWlCexwIYVEs7AwO7s9LyvFh0QdrfPwha2/idem0Pf1+jS lCwULJEqyNPSRNu3Sly2v2iuxuWxvr5L7q3mtyRg=
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id EC58898082; Tue, 14 Mar 2017 20:44:03 +0000 (GMT)
To: Yoav Nir <ynir.ietf@gmail.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <CABkgnnWZgo5xs=+26j6C=o+AMgWHmyQwuMWw7vL=+xvRnpZgog@mail.gmail.com> <ECEFBB0A-43C5-4DB2-8C2D-75763669957B@gmail.com> <20170314110443.GB18882@LK-Perkele-V2.elisa-laajakaista.fi> <C0EB8EFF-8972-4FD7-8EB7-3C8FC2DF0759@gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <9bb67da0-5810-0dd3-a8b7-53fe3e66c6ee@akamai.com>
Date: Tue, 14 Mar 2017 15:44:03 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <C0EB8EFF-8972-4FD7-8EB7-3C8FC2DF0759@gmail.com>
Content-Type: multipart/alternative; boundary="------------C5377E4A0F537E757E3BEAE0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VBWCQA9TmXLYurt5t3VDSpvS9fE>
Subject: Re: [TLS] TLS 1.3 and max_fragment_length
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 20:44:07 -0000
On 03/14/2017 06:26 AM, Yoav Nir wrote: > > > Seems we’re in agreement. So how about modifying the sixth paragraph > in section 5.4? > > OLD: > The presence of padding does not change the overall record size > limitations - the full fragment plaintext may not exceed 2^14 octets. > > NEW: > The presence of padding does not change the overall record size > limitations - the full fragment plaintext may not exceed 2^14 octets. If > the maximum fragment length is reduced by the presence of the > max_fragment_length extension from [RFC6066] then the reduced limit > applies to the full plaintext, including the padding. > That's probably fine, but maybe this one is better: NEW: The presence of padding does not change the overall record size limitations - the full fragment plaintext may not exceed 2^14 octets. If the maximum fragment length is reduced, such as by the max_fragment_length extension from [RFC6066], then the reduced limit applies to the full plaintext, including the padding. -Ben
- [TLS] TLS 1.3 and max_fragment_length Martin Thomson
- Re: [TLS] TLS 1.3 and max_fragment_length Ilari Liusvaara
- Re: [TLS] TLS 1.3 and max_fragment_length Yoav Nir
- Re: [TLS] TLS 1.3 and max_fragment_length Ilari Liusvaara
- Re: [TLS] TLS 1.3 and max_fragment_length Yoav Nir
- Re: [TLS] TLS 1.3 and max_fragment_length Benjamin Kaduk
- Re: [TLS] TLS 1.3 and max_fragment_length Martin Thomson