IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt

"Christopher Wood" <caw@heapingbits.net> Sat, 05 October 2019 12:09 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70F41201DB for <tls@ietfa.amsl.com>; Sat, 5 Oct 2019 05:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=oNL/hGeO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=eCBxCG2Q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xaHzH0ykAVtX for <tls@ietfa.amsl.com>; Sat, 5 Oct 2019 05:09:07 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 608C3120116 for <tls@ietf.org>; Sat, 5 Oct 2019 05:09:07 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id B34A82E9 for <tls@ietf.org>; Sat, 5 Oct 2019 08:09:06 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Sat, 05 Oct 2019 08:09:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=6uR7J2kASpJm/L5Dje3Xr2r35ucRgiw KcN2O5lqzuPM=; b=oNL/hGeOKlvvHGXjJ0RPwWCY4nyUk+mta/FH9PHjo3Gfpdg fU039Z+cJBoLITXFW5V6oWh8XM3Udnhp/kBpCmjpo+0eVce4gGOPhTAFq0Bt5RFl WrNCL4cZiICqNhwg0uJcFG2n/Q8VbjvHK08SixuHuFMHIHsUT1nX9skJ5kcQ5EgA ZJDHyYFg4ub3bUakYszZyWp7fjnqOY9K6g5Zxlam8wQ22wVKX7dj8lSFD4p6U61u X8uc90xofM9v22VsZR5GbC3oKN9fvKhz5ItQDRGJHm6/dERRNDfiFbtvRbS7DBvX MFvHVx6ziYc71XpNufQ4t9zssCmsFhtZwYSbReQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=6uR7J2 kASpJm/L5Dje3Xr2r35ucRgiwKcN2O5lqzuPM=; b=eCBxCG2Ql1RUdopqdUJZnf sexE240Cn2t3D8gpNpw3z9ngMw3U0KgW/mmGERfb+jXinvJ7BOqmsORyBbJ12Cjt nWE9bqeaFDqMRdlVX/h3tK6hVYEjaiDg7uImLQ/FmElzCOGTOcUoJ1DzIap6VHui CVB1AG3QhM4oRQR2vkZDBO2AQwSqmckgPTFFvvOMnY2Cz6UHeeHOUuMcRAa1EhQ2 PZB9tL7sCA8lx2wSlwSKZxyXkTa1RbdZS8J+Z5mlkQQ9AcmoHKladsWf/x9SEXMS cP1jc8JHlfrkZ5d121EW6H2xjb1jGQEmwsrFSbdAs+TkfY1X4EQbN7wkkjRrb5+w ==
X-ME-Sender: <xms:4oeYXdqrfdjefXcnSW0cWdyq77KFMlBPabCYQ4Mt2DyxdN3w9rB2Yg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrheefgdeglecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrg ifsehhvggrphhinhhgsghithhsrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:4oeYXXqnU3BW3DGqigkT1v_Z49_Kxwqud1THrXaSEZIJh77D804pyA> <xmx:4oeYXa3ASl4J97ezpfFR63zZNYD-VlKukugLuW8zpKmBg0iy25qTrQ> <xmx:4oeYXYeqWJF7c4G4LYPhQunqhz16Nc3c2x6AumDwGttyMO4ilxrxlg> <xmx:4oeYXWC_nF0K7peKKSh8HM9c6IyUP-pVbSEuuVh7Gi5uEt1FDljjaw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 152E23C00A1; Sat, 5 Oct 2019 08:09:06 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-360-g7dda896-fmstable-20191004v2
Mime-Version: 1.0
Message-Id: <f7a22127-21a2-4d7f-83da-c4bffb306d9d@www.fastmail.com>
In-Reply-To: <8055839.FEiR5CbC9I@pintsize.usersys.redhat.com>
References: <156962803631.24993.3421537129925787732@ietfa.amsl.com> <2328460.Fs94otCilB@pintsize.usersys.redhat.com> <CADZyTk=8sRmoyP-HHv7+0BiiwVXVP6kk3dMWLgaeZ8+NdEFamg@mail.gmail.com> <8055839.FEiR5CbC9I@pintsize.usersys.redhat.com>
Date: Sat, 05 Oct 2019 05:08:45 -0700
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Wv4yHu8EzZrHN9Knqe6KEvuPTIU>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-ticketrequests-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 12:09:09 -0000

On Fri, Oct 4, 2019, at 6:17 AM, Hubert Kario wrote:
> On Thursday, 3 October 2019 22:15:14 CEST Daniel Migault wrote:
> > On Thu, Oct 3, 2019 at 7:56 AM Hubert Kario <hkario@redhat.com> wrote:
> > > On Wednesday, 2 October 2019 22:42:32 CEST Daniel Migault wrote:
> > > > I understand the meaning of count is the higher limit of ticket and the
> > > > server can provides any tickets between 0 and count. If that is correct,
> > > > this could be clearly stated and indication to chose an appropriated
> > > 
> > > value
> > > 
> > > > for each cases may be provided.
> > > > 
> > > > I would rather see the count value as a hard line from the server with a
> > > > MUST NOT instead of a SHOULD NOT statement.
> > > 
> > > see my previous comments: this ignores existence of post handshake
> > > authentication, ticket lifetimes and KeyUpdate
> > 
> > I think we agree on the problem which is it is hard to have a specific
> > count as tickets may be sent at multiple time during the key exchange or
> > the later during the session. If the "SHOULD" is addressing this aspect I
> > believe that more text is needed.. From my perspective, what I proposed I
> > imagined that count was related to the maximum number of ticket provided
> > **each time the server is sending tickets**. The reason for having the same
> > number is that the server does not know how the client will use these
> > tickets and the client does not know precisely when the server sends the
> > tickets. So at the end the number of tickets sent is likely to be n*count
> > when n represents the number of times during the session tickets are
> > provided.
> > 
> > My understanding of the SHOULD is that it makes legitimate for a server to
> > ignore the count value provided by the client.
> 
> yes, it looks like we are in agreement
> 
> Sounds like something that should be spelled out explicitly in the draft. I.e. 
> it should talk about groups of tickets, not tickets in connection, and it 
> should definitely not specify the maximum number of tickets a server can send 
> in a connection.

Since it's meant as a hint, removing that clause (maximum number of tickets a server can send in a connection) is reasonable, and sounds like it should address the concerns here. (Assuming we also include text which says servers should obviously place a cap on what they send, as they do today.) Would you agree? I'm really trying to avoid this becoming overly complex, as it's a very small feature. 

Best,
Chris

v2.23.0 | Report a Bug | By Email