Re: [TLS] Interest in taking draft-seggelmann-tls-dtls-heartbeat-01 as a working group item
Daniel Mentz <daniel.m@sent.com> Wed, 10 March 2010 13:08 UTC
Return-Path: <daniel.m@sent.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3406E3A69D8 for <tls@core3.amsl.com>; Wed, 10 Mar 2010 05:08:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iiNIlbg1pFOE for <tls@core3.amsl.com>; Wed, 10 Mar 2010 05:08:24 -0800 (PST)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by core3.amsl.com (Postfix) with ESMTP id 0FEF63A68FB for <tls@ietf.org>; Wed, 10 Mar 2010 05:08:24 -0800 (PST)
Received: from compute2.internal (compute2.internal [10.202.2.42]) by gateway1.messagingengine.com (Postfix) with ESMTP id 3EB40E2FDD; Wed, 10 Mar 2010 08:08:28 -0500 (EST)
Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute2.internal (MEProxy); Wed, 10 Mar 2010 08:08:28 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:content-type:content-transfer-encoding; s=smtpout; bh=jJN0qXMuPuOk3eFGhjQMyfBtw/U=; b=NxkFfM7nsAu0jm30fo2xfUgxjH8hbPa1fUQ+lUQX+5ZOrJGZoC8FQkkZs6TCz7ApA7g4ik6+R8sagRG1i+V24shhS7IO79Baqt2P6ftLyPGbj9ix3eNvblgL7uTA4h8f7ejQAa2QfQWzw3K/RPngDwLH5hazJKWQLm89GSrZCoQ=
X-Sasl-enc: EhppOohRvxFCkPEUXvqen6y/GdOIj3Jk79SdcsCc2vg3 1268226507
Received: from [192.168.10.5] (p578b109c.dip0.t-ipconnect.de [87.139.16.156]) by mail.messagingengine.com (Postfix) with ESMTPSA id 8AF7E358B3; Wed, 10 Mar 2010 08:08:26 -0500 (EST)
Message-ID: <4B9799C8.5090902@sent.com>
Date: Wed, 10 Mar 2010 14:08:24 +0100
From: Daniel Mentz <daniel.m@sent.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Wed, 10 Mar 2010 07:08:17 -0800
Cc: Lothar Braun <braun@net.in.tum.de>, Michael Tuexen <tuexen@fh-muenster.de>, Gerhard Muenz <muenz@net.in.tum.de>
Subject: Re: [TLS] Interest in taking draft-seggelmann-tls-dtls-heartbeat-01 as a working group item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 13:08:25 -0000
I endorse this document and suggest to take it up as a TLS working group item. Without the DTLS heartbeat extension, an endpoint is unable to find out whether its peer is still alive and whether it still has the DTLS connection state. This state is necessary to decrypt and verify DTLS records. An application that is based on the request/response paradigm might detect this situation if the peer fails to respond. However, unidirectional applications like IPFIX never send any kind of response. draft-mentz-ipfix-dtls-recommendations-01 elaborates on this issue. The heartbeat extension can also be used to perform PMTU discovery in an elegant way. Speaking about the PMTU: I suggest that DTLS implementations provide upper layers with the maximum size of user messages. Even if the PMTU is known to the application, it is unable to determine the maximum size of user messages because the overhead incurred by the DTLS record layer depends on the negotiated cipher suite. If the DTLS layer does not provide the maximum message size, it should at least provide the amount of overhead incurred by DTLS. -Daniel Mentz
- [TLS] Interest in taking draft-seggelmann-tls-dtl… Joseph Salowey (jsalowey)
- Re: [TLS] Interest in taking draft-seggelmann-tls… Blumenthal, Uri - 0662 - MITLL
- Re: [TLS] Interest in taking draft-seggelmann-tls… Pasi.Eronen
- [TLS] Interest in taking draft-seggelmann-tls-dtl… Joseph Salowey (jsalowey)
- Re: [TLS] Interest in taking draft-seggelmann-tls… Gerhard Muenz
- Re: [TLS] Interest in taking draft-seggelmann-tls… Michael Tüxen
- Re: [TLS] Interest in taking draft-seggelmann-tls… Daniel Mentz