Re: [TLS] draft-ietf-tls-record-limit-01
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 13 September 2017 14:18 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DD65133048 for <tls@ietfa.amsl.com>; Wed, 13 Sep 2017 07:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NRSblKgnUFWc for <tls@ietfa.amsl.com>; Wed, 13 Sep 2017 07:18:08 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60D09133039 for <tls@ietf.org>; Wed, 13 Sep 2017 07:18:07 -0700 (PDT)
Received: from [192.168.91.203] ([131.111.5.143]) by mail.gmx.com (mrgmx003 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MFuC6-1dgWqD0aF4-00Et5k; Wed, 13 Sep 2017 16:17:55 +0200
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
References: <d146477e-85c1-5b09-490e-ed2f386f0915@gmx.net> <2127515.TzRoSAlNJ7@pintsize.usersys.redhat.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <591ffde5-6ca6-e9a1-e99e-2ee8bc61708b@gmx.net>
Date: Wed, 13 Sep 2017 16:17:54 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <2127515.TzRoSAlNJ7@pintsize.usersys.redhat.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:TJ0IKDtAQVbuGCT8rkvHqgBBBmVNyXscpCP9pan/NJkEbueQ5ZV uxqI+fXAe96X2mmHbnEno113yTCloZ30PSTpPGMWgEKhMxatAExfsBb3FrGpqiJvNaHzIjH 08orGz/IAdKSY4aBZx89P8KmdFwmmIuw7Qwexr7JgYzJhgtpEneUkNRfclyCsMFdWXmriy8 3GCCTJGJUjT5IYxNwpvCQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:HN6zokdPtDA=:G5ft0xEtUlxtSxmObIIgNB P/+HVMBHqsQI/62PQH/aLs42gFjhAfPLZW/mD5fam5y6p2Zq+zg6UyNrvxn4uTObXZaHoYU5w bd1FbllgNsR/C9B4ZTeWfBFpw3sjioLQ8icy6+3nOnG0b6lkwQ/XZK4PBUl2Mtr7BjjY5GwKA miW4BcM3QZip+3sQc8e4+suOWN3C4ArI5voC0wyFQqapW91eqrqALUeC3LN33eJrriD6Z+Y1K vRzYp+MJK+q9Kl6C/jgT8V6gIsToCICNZLCeEddzTk1iyWxHAHRSfW8UBKL68vuJh9xywH4oH FEz2Y+jhbBRVlqtd4wCS1LVzjjA8yVB/UjG+rlPuPz4a9kJAdBlT2ihCoxOFCpe7lH3En9z89 /maOeVrNZVBVIlz0lOvUgTloDMdNs+jIz+d0m3y/+S/ndB1QnNyzjp3cU8aI6YSRThmctbZDU 1VLPr0IOmO7LFhwRrNckpQ0Rn7qDRsBmAi48NhPKJmqDyHO6CPIhsB7jBiJYbqapk3h43zkNM B91eIkLbjo+/NAAnDNZa3QotBEWy7V/LA49oKKPFoLMWDQnPKv+WEHCQVmwJFkrRxzj2s6rT4 Mr75Y9BicCex/hY4O1DyUIDIGNfTbk9sdoVZFG48eQKRNIATTyUM07t5bHcZj4vakOv/+DegT XLpFYSX+xixmr2m1b80qmiICZPUz3CRbrmUrWNAiKrXh/RwVR3iXtro04Ow+NquXmfPBrS74b LybZogSKvcO1011ccCraNitlu0PfnMEDPdQKBUhbgXwheWUlAxJP7G0dH8aOTawCzz6oQB99t GCSNYnaEXDtB+HdQASRwVSk8NFpmlLNVh3U1lNSmQt1EA4L8MQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WRZ5Q7MURIetoRQS_TpEbtSXTos>
Subject: Re: [TLS] draft-ietf-tls-record-limit-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 14:18:16 -0000
Hi Hubert, your proposal to include the worst case calculations are indeed another possibility. It provides more information for the developer than the current version of the document. A few additional remarks: On 09/12/2017 08:11 PM, Hubert Kario wrote: > On Tuesday, 12 September 2017 14:30:48 CEST Hannes Tschofenig wrote: >> Hi Martin, >> >> I have implemented the record size extension into mbed TLS. It can be >> found at https://github.com/ARMmbed/mbedtls/pull/1088 >> >> There is only one problem that remains to be addressed IMHO. This >> extension was developed to address the problem of devices with small >> RAM. Application developers have to configure their embedded TLS stack >> in such a way that the parameters configured with this TLS extensions >> match the available hardware. >> >> The record_size_limit helps a lot already but does not quite to the >> final goal since it uses an artificial metric for deciding when to >> fragment records. >> >> Currently, a developer has to understand various security concepts to >> get this right, namely >> * Ciphersuite negotiated (and the overhead associated with it, such as >> tag length), >> * DTLS vs. TLS record layer header differences, >> * potential compression being applied. >> >> Additionally, there is, of course, other header information that needs >> to be considered in the overall buffer size calculation, such as TCP or >> UDP, IP and potentially any lower layer headers. >> >> I just think that this is too much to ask for from an ordinary developer. >> >> Hence, I would suggest to use a different metric so that the developer >> can be certain that at least from a DTLS/TLS layer there are not records >> being sent that exceed the indicated threshold. >> >> If you think that this idea is worthwhile to entertain then I will make >> a proposal. > > yes, I too found the necessary calculation rather complex and thus hard to get > right > > that being said, if you are ok with "good enough" solutions (for memory > allocation, for verifying correctness of packets it should be exact), the > actual receive buffer for encrypted TLS records has to be only 85 bytes longer > than the value you send to server: > - max MAC size - 48 bytes > - max IV size - 16 bytes > - header size - 5 bytes ... unless DTLS 1.2 is used where it is 13 bytes. For DTLS 1.3 is most likely different since we are trying to optimize the record layer format. > - max block size for CBC ciphers - 16 bytes > - max padding - 16 bytes ... unless TLS/DTLS 1.3 is used where padding is a different meaning. > since MAC size is the exact multiple of block size, the padding starts in > worst possible place if the MAC size is arranged on block boundary. Thus the > worst case scenario padding length is 16 bytes. Same in case of EtM. Ciao Hannes
- [TLS] draft-ietf-tls-record-limit-01 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-record-limit-01 Hubert Kario
- Re: [TLS] draft-ietf-tls-record-limit-01 Hannes Tschofenig
- Re: [TLS] draft-ietf-tls-record-limit-01 Martin Thomson
- Re: [TLS] draft-ietf-tls-record-limit-01 Hubert Kario
- Re: [TLS] draft-ietf-tls-record-limit-01 Martin Thomson