IETF Logo Mail Archive

Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)

Achim Kraus <achimkraus@gmx.net> Mon, 19 April 2021 09:10 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DF53A298F; Mon, 19 Apr 2021 02:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.34
X-Spam-Level: ***
X-Spam-Status: No, score=3.34 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SBL_CSS=3.558, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQC8yZCR8sKL; Mon, 19 Apr 2021 02:10:55 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 913323A2988; Mon, 19 Apr 2021 02:10:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1618823448; bh=h1crns2RxdEPgGrItU9TlUpJh5sqsnoBOwnb4FMEsXA=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=NS0nwovi7HQ53STcpp2x2yKipnYzlp6kMiY0np4fN9/9GvrqnN0u31ZUUA2T5CcaY Fa8n+8FYtBx47Ffpt/HdjwGT3/+mBdM6+mJjbSxAtGZT7tcJ/VdY9zA+ocUTbRb4ni 5IR8GYis2e/t0xiOz5U1xAqX26ez1SBAXwnwaBMM=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.10] ([88.152.184.201]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MTABZ-1l4xOB255r-00UWzs; Mon, 19 Apr 2021 11:10:48 +0200
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, tls@ietf.org, draft-ietf-tls-dtls-connection-id@ietf.org, tls-chairs@ietf.org
References: <161881847125.7764.5253050405833557836@ietfa.amsl.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <68fa6d1e-f53a-7b03-225b-da4749819230@gmx.net>
Date: Mon, 19 Apr 2021 11:10:46 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <161881847125.7764.5253050405833557836@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:KoWSj4HJgIJQXdDeb9lAo5h0JWFQZ7OLHfnFRNazKLDFyWoHUZV cDqiweb1rgjI7jHalOQyrGpsZ3mpISYWFPgv8L1FcWJu71gt+uC1mohFfyr5n3+u6MYCAIs UP/S+49GTnIPC24o6itG6YSF0vj6WNZcJvnxD9xeisLDmg/tbPoWgnJCLEUhcZdIF89qP/d w5gUPcKekSQS3SPTQiTkA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:ZlB+KkVizfc=:oiCSGGTW6ijW8omV833k/U 4AwJ2O04ihCw0yFpIIIt7B7Ow4EDyK3GWZz6jGS3I8Ghuh8J/OKjvacKCtzvWB1cEi+TQnVi9 SWvnVcVtt5uSD+Zp3neIXzp+epYhLnIjKKU0vbuNBpmFGurMPngDmjft+7eozWndRs4sLkzDY qMlqgHYytLBKJewOg9C8oCXxc69rSagARY793jkfiCeKUaW0ahVPQM1jAyYRJW+hssEA6wNYK WjpjV46v9/2jUBVz1ahaa1ZL7E+P67HqSJaEipVR0DnpUPSrAPZmwbMM+yp8cxqpFucBgGgS3 c2ksRUemRDg6TNL+DRgRf+V0+plof69M7YSr5ZDgrdx6lToENjxz9SrmUH2FGrtkTJDtw0Yes BnQgKvk42Ji0DscC8y6TldFpsm+oOi+c69yxU5uWN8rsy7jvZv2i4C4GrrA5bpl5pD/8GtfSm wl5hO+cTZfzoJOxX3rB2SEEXCFswTCG2vccKM0A3u8JUmtz/P2ptcdsrPe/lgP/FDVl3SITjj 67h/EauOZacy/ZdtKNPjm7m9kj9rOxQJPBgxUIZnhp35nqiVXEaX0SLDpi2Tbo+p7wwFyj+HY sXBBrcgx963nvAYXdZ5QvfsWaqAeK9oFLFu2sY7LDO9ndCEU4CQ4QT8wTq90WCRNx+jJrSeMe EcaWZUb/ANuIOgIG95F79VxQOkwEoxs6mlj4qErLrRTifaDcrPn0dQ4iWDvehFe67IzX2KCtF +SaavXppafj9hSq7CEqu+C4UWlF3eHAO9FcFick20LelUkj828THmm8DKI26+XK5uX/wZpN+o SIIHp2RHk1MV26L3BETnd4auq1Blqh7YXyPPJJONnOf0cer7ahzbwXlBGoHZ19H4l4We+rW5T K6G9tNtdT/BCJT500ijQHXorSEWsOyzb3fZoeQpHsGt+c+yd9d785/1+yr+ncYwn1QhkBGJAR 4RM5rNmSA9CaNlvjVuacXKFSvLhBBM2LHoxbsCwGTqBfIy+T21X257fBrBKVSncMdwphpkeI8 dKwwcA3BCPwOFCrJRxK6gVnjm5/lg7HsIQ68yI+4bl6lUR57XA7byw7XTUULk2bqNb33MQrB5 wDopGjSBnoT3T00mDl4w2XJrXgbiMl3ZJ11dGKuW7JnsE9UhArfXM+c6GVuM110PVbmg62nj9 DZiKGblTRZY0SgRYc1QqA/BNqOKLV5mCtyUXPgTt48Krxs0O/Q4kFjkQQ65Kj/KGiRHU6JkSl 4ZvQpTBuArneo0Bz3
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dfAA9qg8X3OFTWQdpBROBVkblVs>
Subject: Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2021 09:11:00 -0000

Hello Éric,

 > This specification addresses the IPv4-mainly issue of NAT binding and
is still required.

Yes, that is the main initial trigger.
It helps also for peers, which use only temporary assigned IP-addresses
which may change (e.g during a power-saving-sleep-wake-up cycle in some
CAT-NB solutions). And there are also some advanced use-cases, e.g. CID
based load-balancer.

For your other points, Thomas created an issue on github
(https://github.com/tlswg/dtls-conn-id/issues/103). I left some comments
there.

best regards
Achim Kraus

Am 19.04.21 um 09:47 schrieb Éric Vyncke via Datatracker:
> Éric Vyncke has entered the following ballot position for
> draft-ietf-tls-dtls-connection-id-11: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you for the work put into this document. This specification addresses the
> IPv4-mainly issue of NAT binding and is still required. I am also trusted the
> security ADs for section 5.
>
> Please find below some non-blocking COMMENT points (but replies would be
> appreciated), and some nits.
>
> I hope that this helps to improve the document,
>
> Regards,
>
> -éric
>
> == COMMENTS ==
>
> -- Abstract --
> As an important part of this document is the padding, should it be mentioned
> also in the abstract ?
>
> -- Section 3 --
> While I am not a DTLS expert, I find this section quite difficult to understand
> the reasoning behind the specification as little explanations are given about,
> e.g, what is the motivation of "A zero-length value indicates that the server
> will send with the client's CID but does not wish the client to include a CID."
>
> -- Section 6 --
> I am puzzled by the text:
>       "There is a strategy for ensuring that the new peer address is able
>        to receive and process DTLS records.  No such strategy is defined
>        in this specification."
> Does this mean that there is no way to update the peer IP address ?
>
> == NITS ==
>
> -- Section 1 --
> Please expand CID on first use outside of the abstract.
>
> -- Section 4 --
> Suggest to add a short paragraph as a preamble to figure 3. Currently, it looks
> like figure 3 belongs to the 'zeros' field description.
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email