Re: [TLS] draft-ietf-tls-dtls-connection-id-07 / IANA connection_id

Achim Kraus <achimkraus@gmx.net> Mon, 27 July 2020 20:09 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24CD53A0B9D for <tls@ietfa.amsl.com>; Mon, 27 Jul 2020 13:09:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWFoXrNv-jsa for <tls@ietfa.amsl.com>; Mon, 27 Jul 2020 13:09:37 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4DCB3A0B78 for <tls@ietf.org>; Mon, 27 Jul 2020 13:09:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1595880571; bh=QzkE+AAxQgVbXP4GkZPaxkF7ICQKcVavpSKL+LZnGeI=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=hdYpay0nfSIEq/KWL20zVWcPP5+K0ZNMTnvQV03qWlHJqan/HZr8FuMV1gJclDjsd pN24UaSglQpjrbSx44XOfo6U8YAd+6Yx6RqcEo6diZlC8davPVr96Vg74/22EmXmsn jgjsu1Vd6hDOmZcF5o5BdLzh/JvUPSpQf8G70zcc=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.45] ([178.2.232.210]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MXXuH-1kI37M2bGR-00Z39I; Mon, 27 Jul 2020 22:09:31 +0200
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <ba076bb8-0aff-9847-1667-5fb6528be107@gmx.net> <20200727190335.GS20623@akamai.com>
From: Achim Kraus <achimkraus@gmx.net>
Message-ID: <a9b76434-5d00-2aa6-1d84-cf7f8ebd3f55@gmx.net>
Date: Mon, 27 Jul 2020 22:09:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200727190335.GS20623@akamai.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-AT-frami
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:i3F/rUK6sHSPvnJ36ZvCvXThBmgnEw4lq8SoVd3PIYd40RCk1as AQy78zpY6m+HcsqubesVlGqWWYN+GmKCC+6+X+88BRpuY2mWdbwqPFSpvMTUxrv6UPqBS8o qA8vcQZKlrjWET/iagDENKj+rRCH7QejNuFJZoz5dQPnwT/IVEpBEiJzPCLdF4k1KgOc3Ex 8uJbdA8rWEwky7J0CkpeA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:a5nsM2zFsbU=:6R35o+CGE75eJG757BjRwQ bXoE6Gsef6ITSh9V36Fg3ulZTJZ3fMvuSgpoBmqmynxDc4ZA7XpjdSTbQET9jA76Y49/4ypAT K381vG6ZtkHPZuwC3TzLwjXNzyR4QqJ4zOfhGOFi+AF5Ors4Md+/dKOLWr7b+Un8XF/VaG9ng uaVKjpl9JEX7V5j7SLlPpCYLWDe9t+gSvlnrd357MDHR+PTjNXkpvSWTLlgJmJkys/+p4048N 0f4XWksI/UnR1MarB1e0JIr1JiEYTFOJHE6f8qxKJZ83go7u2yXa5qKXQ31ZO8UM8PcXp2td2 5Ro4gSvC74AsP9nBu4GquSfiIOCMHOXWutsFSssUYUE4bPZ0DYRlTe8Rr63O9372TSHZrWsMD uYngCbpYrHy6ZSYx1Ycnk7gcgNggiMlKEjhr3lZi1roQlZ7dR6nqy7YjnoKcMM443G9nAbv6v R1O25QMOaM4jq0M7aUSYYBEofeQc26TL0icwiimZKsORMrWblOJc8+XnBwHhx1u7LfiE5bmmK GWw6IFlJMrJ16I5Ymr14sP686eLeNbASAtm1z5DcuaezBJGQ1h14a2ruCfSr1LRY1ySbs2BSb hX5ZHU1UCnZQ0RMICfdHDUkFeR234PLf5RW0HGa7sTzRv4+xvmhowqy3/1aNQ2WD8J+aEe4n3 q+iu7Re/2TNrXv5r9+P7UkaPmtWVuiMZJbozh3QieuwykdeOYLtil0h/jd/nE/nugtiE+84vL TRF/c5VkKIU2EGtYqdrHSpdIViYdz6hhs1zUSchgmGIG9ha9e406NdnBwhy+7F1mXmjodkJXj RTeEAhNmF3vaj+hDrti7Gxb2VDIK7DZWsXcelOb2hNfNFIHofhFrOPrqfHq14LrrZXZHQAZnC hhNvGCcMM4dLgh2Xm5QxRhfdAaZZrB/STzxepgQ3e7o0OFRxLtplfH2iwoc5kf7Lu4Y/Irzm2 arEm2e8LwBWbWudoh1KvhmEbs7SRnCTe7PX6i68jtYiLv/rCK+WEzanr/OM4+qK5q6SNK9QIG /ovcVUpOXn4Db4iUjiKImUzKK8GKRfYg6HfGTsYPW9gIoqZXutrN2CCqeDvX4iHwI/lObWLFW 4LyUcDhnJTI7EOifiZ4k+7HUSsbJgt0Mi6QeWJVYdL1rbzlu/E/vC/x3jF5uO2meoEqNfjJn5 Km0wljNTdpTcHml3yRvx5KWbrB/hOndPPQhV2TeE/L1E8Qy4ktvPA+/8usYROHG2m4ci780Dc O/kY/9IkHNTclPOmBMMf2u88sWpO8UzBzG86h6Q==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/egvwYYPmzIm1fehFRZFLty_YZy0>
Subject: Re: [TLS] draft-ietf-tls-dtls-connection-id-07 / IANA connection_id
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 20:09:39 -0000

Hello Ben,

thanks for your answer and actions.

best regards
Achim

Am 27.07.20 um 21:03 schrieb Benjamin Kaduk:
> Hi Achim,
>
> My apologies for the URL mangling by my corporate spam filter.
>
> On Wed, Jul 22, 2020 at 08:53:21AM +0200, Achim Kraus wrote:
>> Dear list,
>>
>> are there any news about the draft-ietf-tls-dtls-connection-id and the
>> IANA registration of the connection_id?
>>
>> According
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dtls-2Ddtls-2Dconnection-2Did&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=kAlzAEjg0E4P_Cw7G3afL6NHvcFJpJLl72gJVzBvrJ8&e=  the
>> draft expired on April 23, 2020 and according
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.iana.org_assignments_tls-2Dextensiontype-2Dvalues_tls-2Dextensiontype-2Dvalues.xhtml&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=poEk1-YL4mzxACY3b-Ldn9NtcPOSd-ZvDKXJcbQ3Ep0&e=
>> the assigned value expired on 2020-07-02.
>
> There seems to have been some oversight, as this assignment was not included
> in a report of "early allocations assigning in the next 60 days" that was produced
> on 2020-06-15.  I have asked IANA to investigate (and indicated that this
> extension's allocation should be renewed).
>
> The draft itself is essentially done from the WG's point of view, with just
> the two PRs you note left to merge.  It has been waiting for quite some time for
> me to perform an AD evaluation and start an IETF Last Call on it; I expect to do
> so in the next couple weeks.
>
> Thanks,
>
> Ben
>
>> I still very interested in this extension, it makes coap over dtls 1.2 a
>> very powerful technology for the cloud and NB IoT.
>>
>> Currently two pending threats are discussed, see the PRs in
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tlswg_dtls-2Dconn-2Did&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=6LWHz8pLHziy_jeL2sXwJnw4Y7gz84VzFUe0ur4RsDg&e=  .
>>
>> One of both is in my opinion a general one using UDP, several
>> countermeasures are discussed, including RRC. Let me add, that in my
>> opinion, it's also about to chose cid for the right use-case, and not
>> generally. That would mostly eliminated the DDoS threat, if the use-case
>> doesn't offer an amplification.
>> The other one requires in my opinion a remark about not using the option
>> of RFC 6347 to generate an alert on invalid MACs, if the cid is used.
>> Potentially, if of any interest at all, an additional remark about
>> AES-CBC, the CID length and "lucky 13" maybe added, though the cid
>> changes the 13.
>>
>> For me this looks much more, that the authors are too busy with other
>> work and not that this draft doesn't make sense anymore. Therefore I
>> would appreciate, if the temporary IANA registration for the
>> connection_id could be extended by an additional year.
>>
>> Best regards
>> Achim Kraus
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=FbOzAxOPoG1SVAsJCPteFfbyv3RYaOwBj5OuZTxcerk&e=