Re: [TLS] John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 21 April 2021 05:54 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5913A11CE; Tue, 20 Apr 2021 22:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=t1O+xOi7; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=t1O+xOi7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LyXijv-gRRpY; Tue, 20 Apr 2021 22:54:12 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2079.outbound.protection.outlook.com [40.107.20.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7003A11CB; Tue, 20 Apr 2021 22:54:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dV8kFFMq9FG9SaSaetO7+2ufFcRayMRMoR7e7bDl6eo=; b=t1O+xOi74T9NvDi7QNUpZozo6eO5R8YWUocObk+Oz67pUcQCfbPgU882TRRrjwmebK5/kwQ1pKeuvfQ238sSoVNhSXYxsUwSaIdqg2gAAAJOmzihj9zBFWRzeOFJIY+ze0p47iQ26KvDbK8Ot0QprB5a9nWvlwcO35LXNOgAxQI=
Received: from AS8PR05CA0004.eurprd05.prod.outlook.com (2603:10a6:20b:311::9) by DB7PR08MB3849.eurprd08.prod.outlook.com (2603:10a6:10:79::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Wed, 21 Apr 2021 05:53:59 +0000
Received: from AM5EUR03FT015.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:311:cafe::32) by AS8PR05CA0004.outlook.office365.com (2603:10a6:20b:311::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.20 via Frontend Transport; Wed, 21 Apr 2021 05:53:59 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT015.mail.protection.outlook.com (10.152.16.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Wed, 21 Apr 2021 05:53:59 +0000
Received: ("Tessian outbound 81a4524e9a48:v90"); Wed, 21 Apr 2021 05:53:59 +0000
X-CR-MTA-TID: 64aa7808
Received: from 24dcb25c724c.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C10CBDE1-C9B8-4281-99A6-7C9C87B69D7F.1; Wed, 21 Apr 2021 05:53:53 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 24dcb25c724c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 21 Apr 2021 05:53:53 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YOuQxvrwa4lh0q0qwT8NnVCfAQStvhQE81ATxXmA+O23AxMEWIGl7/2emYuidodUBzR+/s0o6PtGzDpSt7jOUgc8BcE+3B50Fo97W/T5lAAPixxxE8/8B/gVLkSJBZjR7IsVb8vrZgLW0AqF2hLroiVSUZ7r1e0hNhPQqycxGrokCPDfx4PgPuy72LTW7WZLoKkKeE2bkKOy+Ol9yDDj4+6X08zE+o7uTHxXBnJLPk5/OGXOZC3vaFwZ1keEl0KG27I/5M4O3Qtjd/Ficyz9aaDU+FsvjxkbQRZMkb5vYMhyrZNoP9lC6zlNhHKMw6GzX7KZOhjIYUfRE7l665z6/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dV8kFFMq9FG9SaSaetO7+2ufFcRayMRMoR7e7bDl6eo=; b=b4mc6OFpxudIQuXAEFEYfne/iRJxmU3I9Q6BlMawcRFYu6gvUxiSbd7PDOFgujIcD6EBxvrE/D+HjpyBuBe2WJP5FX6VnWBiY3zF+AktwXzfVR7CzZ9K/YlaZizLhN8jK8uTPUNipskvFldnB60Xrrt8pgGjbWYrq9SiYgiC569BLlxcdJmXhcPXDdlpfyeAi/FMxgBrigcPlSWxvKgi9gTLf/cxwaIhg3IYrZ5yfk+2P7EOqSczXgA+7Y7CqdOi6rG7oWO29SoYNLGzF0nQEPqYRnTSZKOKII1hmdRIaVMjvJD6prekpYH3OVXnPocK8h8KxdTaHEfa+gYrI61WyA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dV8kFFMq9FG9SaSaetO7+2ufFcRayMRMoR7e7bDl6eo=; b=t1O+xOi74T9NvDi7QNUpZozo6eO5R8YWUocObk+Oz67pUcQCfbPgU882TRRrjwmebK5/kwQ1pKeuvfQ238sSoVNhSXYxsUwSaIdqg2gAAAJOmzihj9zBFWRzeOFJIY+ze0p47iQ26KvDbK8Ot0QprB5a9nWvlwcO35LXNOgAxQI=
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com (2603:10a6:802:25::13) by VI1PR0801MB1904.eurprd08.prod.outlook.com (2603:10a6:800:81::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.23; Wed, 21 Apr 2021 05:53:50 +0000
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::99ef:85aa:3465:475e]) by VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::99ef:85aa:3465:475e%7]) with mapi id 15.20.4042.024; Wed, 21 Apr 2021 05:53:50 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, John Scudder <jgs@juniper.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-tls-dtls-connection-id@ietf.org" <draft-ietf-tls-dtls-connection-id@ietf.org>, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>, Joseph Salowey <joe@salowey.net>
Thread-Topic: John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
Thread-Index: AQHXNil7rDOYVTM64USX6SGiw2UgSKq97NGAgACLlZA=
Date: Wed, 21 Apr 2021 05:53:50 +0000
Message-ID: <VI1PR08MB26391436A59F22BDAA40C91BFA479@VI1PR08MB2639.eurprd08.prod.outlook.com>
References: <161895297137.8190.2910970787366433858@ietfa.amsl.com> <CABcZeBNZOd2ophiubxkLSuvZXyuSRJKQCxjqm3J=9-fWpWWg2A@mail.gmail.com>
In-Reply-To: <CABcZeBNZOd2ophiubxkLSuvZXyuSRJKQCxjqm3J=9-fWpWWg2A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 18CFE1502B1B504CA06032C43227510B.0
x-checkrecipientchecked: true
Authentication-Results-Original: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [195.149.223.198]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 479f5ced-03a6-4a71-a963-08d90489dbcb
x-ms-traffictypediagnostic: VI1PR0801MB1904:|DB7PR08MB3849:
X-Microsoft-Antispam-PRVS: <DB7PR08MB3849A673D8F92B903BE20ED6FA479@DB7PR08MB3849.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: ESG6Y2sS89VjWss52wJIj3aEJitjVywBHi/qo/Xw61Co2xC6UIHmFUqmjJvB2o7ofxUsgQkRb5XlskJxVjG++lpn7Bq3pKhJQP6MlYRGnRixT5cLU9Qbki0GoXeKcyQt8Nn3FlWpGSle3qVZcMGbQClwHIMu/LUHFW3u4Sa+RkSkIbw7r7MqOvSZGL/aMWeDMIrR/WpUGLRUSTN3Rxo0b7iTdNHeCsI6Q2GxiYZ+zzha/wjfhP6VHAFaTb+GjWg1X8D6L2T3SQsXhMENj0jMnhjBuHJ63G7ZzKyCRdEp4W0jqKkXK08LEEj5vXsuPfXDMQb5U2ivnmIsrtQGYtgJcB1weOWLtN9maZvlukCXSCuxJv9Ff5W6SIC++8fzO8t/wLlkH+tvC2ONVkma2yFCYrGuHDQCyXTK9lJg1e5s/FNjWGE25Ix/Vs0A+VpFjyWRgE+XfF9UgVKsFPmY7CsdIHqvM+vPOQLIiCeBSC6iUZhNoadwnMv3W4slBy6vR0TzvbYvNbJzieGEYa9duycgo4cLxDiVkswidsrR4y/vUzDSm7/lBijlG6j/aPJ5bsmssLN3BQx1MQ5RdrIRv0+LrJ7aTaZk4srhVa1zst9js1N3dxFu8tl823Ag6/tNazrxLvA7po7jTx2/NVcjiXbHIZd+bRn8oJBrar6Cay26XIEaFmIHmCHGDQJbZL6viZjV
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR08MB2639.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(376002)(39860400002)(396003)(136003)(8936002)(4326008)(5660300002)(52536014)(166002)(76116006)(66946007)(66556008)(53546011)(478600001)(966005)(7696005)(21615005)(6506007)(2906002)(86362001)(83380400001)(64756008)(66476007)(122000001)(54906003)(71200400001)(26005)(316002)(66446008)(8676002)(55016002)(186003)(110136005)(9686003)(33656002)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: u4aOgdIeE2TZUK9fY/Mb1C2r86He48msXA7/GNWy4G1VQMK2QvCjpi/V8yjFISi94IiHl9uty0al/xV9Mg4Vx62zbdNciI71XBpbnI2lmnaX+wjtTx8fjOSTeeLwakR+QHxpr84YG6c6j3l8/ARwH2NkQDFlCCAuGTeh0dpTZXTPDtlWmgBdyxnR7BYXBu4B/hraROmnmQKtFHeQMBOhDAOod9Li3dr0PZr6zhIncomlkLCT/KnWwjJ6Eblx3EZuRt83mqSzNFSRVF9k1xo8lAUKKZXZb5oSkhU2D0bzdkhjXQnlsDIe05SeKdMWWCwIPeAe2IYWeXxwoTfrnBEPL0/EFnyHpE6zXuaIsSN4PJMfS28YrQ+N5v6xRH2mn5OTmJs0sS32OTpAltoV7aMNACxjVe0ePts0OGD3qfZj9WU3iD5rYHTMCKu8KSivOxI/SdwldCcAUX9k+jxKKw88k1rEzizWKY8DDAuGwlLlFQk1h+bcebRW7O6qnN1EbInuZjBMCePQGT3nbor7GrNYMYUhd8c8aUOLg39HHQLRwvD3Lt4KV3eRJpTrKWatYzveg7przKXLfflqn9r0yTDbwJCMqtsy2m5YvXA1o5DsmX6iVmaLqPqaTcl3z5cyyk+M474v6BcPhYhMxeoHbfs5aFXEFxQsIYnWZiYmAhXSI4HP3btgnSusB16rpLdveWx6LN5GysDT5uWwTGRuW1baANtjkKRClBT9mgT/66pn4fg5pwLdmvFWpwh0cHa3sSEcgblpzhc78vCOOSRPjqhRAp37EOvrMnb207xDApKwSQEXAAeMoiYcEkZD0iRSv6bFXuADAVB3LWEDCkReN1CwY7xNBNiqcGtivOZO/SgzORtIirejXu0DMlOZa0MTg3zoZH3hht97wwpkltJBcypTKKqxgYKBd0r3C0kT6NtttgwqYdD9V3ZgA5SssXKOmXjhRpSpUvuy4mRHD4XojJPs9NZjj4dTQqu2/uH0orAi4t+cEgv15xgMxY7/NKRQVhso6j1q5I43oM5W44EVH+GPIL6Brtsaqfmuh/jhinBhJH0pTTuQCrz5rFkALZhyjqsqKc4xDhYv7w1SeFz2GunyZdalpTdNXba7vWMfM2AP0XfykYTw96GoIevAGST5f4COh6POhyd0lOLyc/jYSHzSqbWivnywvCHfQtF3rlcfjb6J9fxUPtazFPA65EYIjHzTJFp5ti++mV5hi3aUnAfL80WKoiVoKN3tXUS/leaUNFSJYhcbqGl/EmOTwgxL86gGCdwANe+/iZDXKbYpBIJ5M/fi+cNsJUkjqtpasjR0a9n0pHaanomQ8qNacA1P12HQ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB26391436A59F22BDAA40C91BFA479VI1PR08MB2639eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1904
Original-Authentication-Results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: e8719810-e611-4c2a-1273-08d90489d66b
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: I763/cndMxPqlKzl1Q9w9cKoLctMoPE33hHgGpnkTAYX2FWnnDPmNJMhcBi2+o2MtmRZw5pIFB4KA+igf1CxLyPydA4BuzlXDHn15/mw7unF3kXykbMo5yUEXNvEUNK9l/EtrjjELTQO/w23ANhXvV3qKAem3L1SgoEVtLbFsizrTWd0ZqD85sIsR70wuDzstPsef33hj1g1Rfb9y8VNumYQKIhP4faA4O4u/0CkEDkldx9YFm3TQHvyagk/BjWMsDypcNoegZmRwek6qvXmh/Lv5iFiD5vIrRLmWo1XWdVF/DqU02VNzv+ArdkTGp/oL8BI765zMLg+F/9ZWneiMVBIOH95MklyUMfmEPlHjdNNXgupcp3+uQiP7paxyQfAwRX89YRHh5CdDxLB7dvOxpLb/i1AxuEI/ct5VT4jIEMk1QbNqyANyK6i8Y/5pmRIQiB5HBjSTDvQetdezw2TL7RlReNWuR25pXSJD+Zzw3bsakl4LfaHiyCzMFQK0b6+urNOclMhe3C4QB46b4mp3hADU4G5KB+l4Kla6NqNP48IqGRDp+2iylhdoWpa3/klEhbKiL7C6LMDbl75C+A8biv3vCmPD7F21vQiUqewCalJeXY/f8EBDFRJDRcNOCKXTvz96su81YMaKDwHtibbnnZ/e+g3IJejE5T6qJXdqyYMBcA4nFBRJtK1kxPQgFErri13TM5STtGl5g2sIqjUtlhkJ/3gQa3sk+8Ewc+ChNA=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(136003)(396003)(39860400002)(376002)(346002)(46966006)(36840700001)(9686003)(33964004)(21615005)(8676002)(7696005)(82740400003)(316002)(356005)(336012)(107886003)(70206006)(52536014)(33656002)(8936002)(2906002)(450100002)(81166007)(82310400003)(30864003)(4326008)(47076005)(70586007)(166002)(55016002)(6506007)(26005)(54906003)(83380400001)(110136005)(186003)(478600001)(966005)(36860700001)(86362001)(53546011)(5660300002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2021 05:53:59.2844 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 479f5ced-03a6-4a71-a963-08d90489dbcb
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3849
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cz7zMKyFBuq1aRE29AGkUeWWNxk>
Subject: Re: [TLS] John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 05:54:18 -0000

Hi John, Hi Ekr,

Regarding the presentation language used in the document I have added a clarification to the terminology section, see https://github.com/tlswg/dtls-conn-id/pull/110.

I hope this addresses the issue.

Ciao
Hannes


From: Eric Rescorla <ekr@rtfm.com>
Sent: Tuesday, April 20, 2021 11:32 PM
To: John Scudder <jgs@juniper.net>
Cc: The IESG <iesg@ietf.org>; draft-ietf-tls-dtls-connection-id@ietf.org; tls-chairs <tls-chairs@ietf.org>; <tls@ietf.org> <tls@ietf.org>; Joseph Salowey <joe@salowey.net>
Subject: Re: John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)



On Tue, Apr 20, 2021 at 2:09 PM John Scudder via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
John Scudder has entered the following ballot position for
draft-ietf-tls-dtls-connection-id-11: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I found this document heavy sledding but once I was through it, it all came
together, with the exception of my #3, below. The “heavy sledding” part I think
would be largely fixed by addressing my #1, below.

1. Section 3:

This pseudocode is a little too pseudo for me:

     struct {
         opaque cid<0..2^8-1>;
     } ConnectionId;

What does the content of the angle brackets mean? At first I took it to mean
“this can take on a value from 0 to 255” [*] but parts of the spec that go on
about variable lengths made me think that couldn’t be right. Eventually, by
paging through RFC 5246, I found some explanations of what this stuff is
supposed to mean; in §4.3 of that RFC I found out that

   Variable-length vectors are defined by specifying a subrange of legal
   lengths, inclusively, using the notation <floor..ceiling>.  When
   these are encoded, the actual length precedes the vector's contents
   in the byte stream.  The length will be in the form of a number
   consuming as many bytes as required to hold the vector's specified
   maximum (ceiling) length.

I assume this is what’s going on in DTLS as well. This cleared up my main
source of confusion, which was regarding just how you were encoding these
variable-length CIDs anyway. (And oh by the way, that definition doesn’t say
what the units of length are. Bytes seems implied but isn’t explicit.)

While I don’t expect you to supply these definitions again, it would be
courteous to your readers to have a sentence or two explaining that pseudo-code
conventions are found in RFC 5246, special extra credit for section references
as well. And yes, I did notice "This document assumes familiarity with DTLS 1.2
[RFC6347].” That’s well and good, but I don’t think “familiarity” is the same
as “we have adopted the same notational conventions”

This seems like a pretty basic assumption. These aren't just notational conventions
or pseudo-code. They're the protocol description language that TLS is defined in.
If one isn't familiar with how to read this syntax, then you really don't have much of
a hope of correctly implementing this specification.


[*] By the way, why not just use “255” in the text instead of “2^8-1”? Eschew
obfuscation!

Which one of these is clearer seems like a question of taste, I should think.
It's worth noting that because the length prefix is determined by the ceiling,
arguably 2^8-1 is clearer.


2. Section 3:

   If DTLS peers have negotiated the use of a non-zero-length CID for a
   given direction, then once encryption is enabled they MUST send with
   the record format defined in {{dtls-ciphertext} with the new MAC
   computation defined in Section 5 and the content type tls12_cid.
   Plaintext payloads never use the new record type and the CID content
   type.

What’s “{{dtls-ciphertext}”? I’m guessing just a botched xref?

Yes, presumably. Looks like I forgot a }}.


Also, the first sentence seems to have no object. (What MUST they send?)

send anything, but I suppose "send records". I can make a change.


3. Section 6:

   *  There is a strategy for ensuring that the new peer address is able
      to receive and process DTLS records.  No such strategy is defined
      in this specification.

This is a little mind-boggling to me. I understand this to mean I can’t send
the new address a DTLS record unless I’ve already ensured it can receive and
process that record, right? This seems almost like a classic Catch-22. I feel
like I must be missing something.

This specification *only* allows you to mux, but doesn't allow you to migrate.
We could probably make this point clearer.

-Ekr

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.