Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbeat-00.txt
Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Sat, 19 June 2010 19:37 UTC
Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C970C3A684E for <tls@core3.amsl.com>; Sat, 19 Jun 2010 12:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.136
X-Spam-Level: ***
X-Spam-Status: No, score=3.136 tagged_above=-999 required=5 tests=[AWL=-1.502, BAYES_50=0.001, HOST_EQ_DIP_TDIAL=2.144, HOST_MISMATCH_NET=0.311, MIME_8BIT_HEADER=0.3, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DqQFC743lkcL for <tls@core3.amsl.com>; Sat, 19 Jun 2010 12:37:59 -0700 (PDT)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by core3.amsl.com (Postfix) with ESMTP id DD5843A6820 for <tls@ietf.org>; Sat, 19 Jun 2010 12:37:58 -0700 (PDT)
Received: from [192.168.1.190] (p508FD667.dip.t-dialin.net [80.143.214.103]) by mail-n.franken.de (Postfix) with ESMTP id DCA751C0B4613; Sat, 19 Jun 2010 21:38:02 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="iso-8859-1"
From: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <C5CC73C4-E849-41B7-B337-F680910FB6F8@iki.fi>
Date: Sat, 19 Jun 2010 21:39:01 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2EC10EDD-E596-4C4B-8E1A-6A0745E4FDE9@lurchi.franken.de>
References: <20100618201502.5F5763A6950@core3.amsl.com> <094A6AB6-2E1B-41B8-A66B-BE4F907ED29E@iki.fi> <AANLkTim5aw6SINvj0-E0X430G_QvFkazCRk39d-AvblH@mail.gmail.com> <C5CC73C4-E849-41B7-B337-F680910FB6F8@iki.fi>
To: Juho Vähä-Herttua <juhovh@iki.fi>
X-Mailer: Apple Mail (2.1081)
Cc: Adam Langley <agl@imperialviolet.org>, tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbeat-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2010 19:38:00 -0000
On Jun 19, 2010, at 9:34 AM, Juho Vähä-Herttua wrote: > > On 19.6.2010, at 2.58, Adam Langley wrote: >> On Fri, Jun 18, 2010 at 6:12 PM, Juho Vähä-Herttua <juhovh@iki.fi> wrote: >>> The notation "opaque payload<0..2^14-5>" is strange, usually this notation is used like "opaque payload<0..2^16-1>" which means "two length bytes followed by N data bytes". There is no common data type that would have a maximum value of "2^14-5", but there is a common data type with maximum value of "2^16-1", that is the unsigned 16-bit integer. Since the maximum total length of 2^14-5 is already explained in the following sentence, it should be no problem to change it as "2^16-1". >> >> RFC 5246 section 4.3 is quite clear about the meaning of 2^14-5. It's >> better to be precise in the structure. > > It does, however both 2^14-5 and 2^16-1 are not real ceilings because they depend on each other. In RFC 5246 variable-length vectors are only used in handshake protocol, which can be fragmented into several records, and therefore additional restrictions regarding the vector length are not necessary. Also if max_fragment_length of RFC-4366-bis is going to be also supported by the implementation, using length of 2^14-5 will also break the heartbeat protocol. Hi Juhu, need to look into max_fragment_length, but we can use a symbol instead of the constant. > > > I would prefer something like: > > struct { > HeartbeatMessageType type; > opaque payload[HeartbeatParameters.payload_length]; > opaque padding[HeartbeatMessage.padding_length]; > uint16 padding_length; > } HeartbeatMessage; > > The padding_length could be uint8 as well, unless there's some reason for it to be uint16. Also it should be mentioned that the total length of HeartbeatMessage shouldn't exceed the length of maximum TLSPlaintext fragment size, instead of just using 2^14-5. uint8 is not enough as stated earlier. What I do not understand is what you gain by putting the padding_length at the end? You do not save any space, I think. And it is also not complicated to use the format the ID currently describes. At least it was implementable in a pretty straight forward way in OpenSSL. Best regards Michael > > > Juho > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Juho Vähä-Herttua
- [TLS] I-D Action:draft-ietf-tls-dtls-heartbeat-00… Internet-Drafts
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Juho Vähä-Herttua
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Adam Langley
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Adam Langley
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Michael Tüxen
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Michael Tüxen
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Michael Tüxen
- Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbea… Juho Vähä-Herttua