IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt

Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Tue, 14 October 2008 11:40 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B5353A6B9B; Tue, 14 Oct 2008 04:40:00 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 007933A6B9B for <tls@core3.amsl.com>; Tue, 14 Oct 2008 04:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.349
X-Spam-Level:
X-Spam-Status: No, score=-1.349 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7edZa6KwnDQ for <tls@core3.amsl.com>; Tue, 14 Oct 2008 04:39:59 -0700 (PDT)
Received: from mail-n.franken.de (mail-n.franken.de [193.175.24.27]) by core3.amsl.com (Postfix) with ESMTP id CDB923A6B8B for <tls@ietf.org>; Tue, 14 Oct 2008 04:39:58 -0700 (PDT)
Received: from [IPv6:2002:508f:fc48::21e:52ff:fe71:c926] (unknown [IPv6:2002:508f:fc48:0:21e:52ff:fe71:c926]) by mail-n.franken.de (Postfix) with ESMTP id 9F1FD1C0C0BCE; Tue, 14 Oct 2008 13:40:22 +0200 (CEST)
Message-Id: <89387260-FCD7-4BB4-95AE-642F005114CA@lurchi.franken.de>
From: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
To: Eric Rescorla <ekr@networkresonance.com>
In-Reply-To: <20081014104657.BEA426C3D3F@kilo.rtfm.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 14 Oct 2008 13:40:21 +0200
References: <3D67B0D0-BFE2-4DFF-A847-C4BF3BFCE08E@fh-muenster.de> <20081014104657.BEA426C3D3F@kilo.rtfm.com>
X-Mailer: Apple Mail (2.929.2)
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Hi Eric,

I would prefer something like:

- For DTLS over TCP or SCTP, which automatically fragment
   and reassemble datagrams, the upper layer protocol
   MUST NOT write any record that exceeds 2^14 byte.

The reason is that a while ago it took me some time
to understand that someone talking about small messages
really was talking about messages of 64KB. Large message
were about several MB. I'm not sure what these guys
would understand when reading "effectively infinite".

Best regards
Michael

On Oct 14, 2008, at 12:46 PM, Eric Rescorla wrote:

> At Tue, 14 Oct 2008 10:04:37 +0200,
> Robin Seggelmann wrote:
>>
>> Hello all,
>> I was just checking the draft for changes relevant to DTLS over SCTP
>> and came across the following new paragraph:
>>
>> - For DTLS over TCP or SCTP, which automatically fragment
>>   and reassemble datagrams, the upper layer protocol
>>   SHOULD be informed that the PMTU is effectively infinite.
>>
>> What does 'effectively infinite' mean? TLS limits the message size to
>> 2^14 bytes, so shouldn't this limit also apply to DTLS? If the
>> message size really is arbitrary, doesn't this affect some cipher
>> algorithms? Or should the application then ignore the announced
>> 'infinite' PMTU and limit the message size anyway?
>
>
> Yes, that's a fair point. OTOH, this is a maximum message size
> which is related to, but not identical to, the PMTU. Operationally
> the application needs to restrict itself to 2^14 and associated
> limits. I'm tempted to simply add a parenthetical "(though of
> course applications still MUST NOT write any record that exceeds
> 2^14 bytes)"
>
> -Ekr
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email