IETF Logo Mail Archive

Re: [TLS] RFC 6066 - Max fragment length negotiation

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 23 March 2017 00:11 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59929128D19 for <tls@ietfa.amsl.com>; Wed, 22 Mar 2017 17:11:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ajzoe2XXJTXR for <tls@ietfa.amsl.com>; Wed, 22 Mar 2017 17:11:38 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DB571276AF for <tls@ietf.org>; Wed, 22 Mar 2017 17:11:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1490227898; x=1521763898; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=qrDfVl49PTb225DsEgo3c63TpYqSiAet93WtKQwF5+o=; b=noIGFkgVP9/VxEWodG/QLklJ4/zPWvByCKnccAg0pwH1jCiuebaJ9M69 7JZ6dUCbJKxU2TwDdx+44M/PPk4glwFTfP5SnMtXZNd+cLVP8Tt5MGO+W 6u1Rjl0Wa7sbWQvtWzihgZHx388tnBFjqgTjwxTtZGnU9hNGFeK2xciqg PfNdUi8N77as5uXoYWdmUtNwvrNUZLZLRqLk7NwyeboW49ZFT7hEEaBSU Kjdaq7dXTAz/lwE9hDc2DlTocFoima01b7QGUyE33CrxluI7xI5Siwr2T YcrbkWlcsnKjTQKVpnnMQ54jw4p1icXgRxj7stUyS1r+PqwUBCFjtEs1Y A==;
X-IronPort-AV: E=Sophos;i="5.36,207,1486378800"; d="scan'208";a="144861856"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.4 - Outgoing - Outgoing
Received: from uxcn13-ogg-c.uoa.auckland.ac.nz ([10.6.2.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 23 Mar 2017 13:11:36 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-c.UoA.auckland.ac.nz (10.6.2.4) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 23 Mar 2017 13:11:36 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Thu, 23 Mar 2017 13:11:36 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "mrex@sap.com" <mrex@sap.com>
CC: Thomas Pornin <pornin@bolet.org>, Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RFC 6066 - Max fragment length negotiation
Thread-Index: AQHSnpUB8UgZsR1fnUWlpN1q8vk4DKGYGe7w//8q+oCAANxgO///LA8AgADcRWz//0AsAAAe+X57//8qVYCAACsrgIABIKju//8rnQCAAOBv1///S1IAgAAT2wCAAA7cgIAH4B0LgABXOACAAQ1YMQ==
Date: Thu, 23 Mar 2017 00:11:35 +0000
Message-ID: <1490227889332.58996@cs.auckland.ac.nz>
References: <1490151325506.25280@cs.auckland.ac.nz>, <20170322210606.BC8EA1A655@ld9781.wdf.sap.corp>
In-Reply-To: <20170322210606.BC8EA1A655@ld9781.wdf.sap.corp>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fWdLq38v6NC4r0JC9ie_R61bAH0>
Subject: Re: [TLS] RFC 6066 - Max fragment length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 00:11:40 -0000

Martin Rex <mrex@sap.com> writes:

>I expect TLSv1.3 is going to be in a decade where IPv6 is today.

It'll be interesting to see.  This certainly seems to be true for HTTP/2
a.k.a. HTTP4Google, I was expecting usage to be mostly Google-only but from
the little data I could find it appears to be even worse than that:

https://trends.builtwith.com/docinfo/HTTP2

0.1% uptake is effectively zero adoption after two years, so this does seem to
parallel IPv6.

>Not supporting IPv4 is a non-starter, because you can not reach 95% of the
>internet, and not even get internet connectivity in a lot of places.

Yeah, good point (as an analogy for TLS).  It'll be interesting to see where
things are in a year or two.  Certainly 1.2 will be around forever, and by
that I don't mean "a while, until 1.3 gets deployed", but forever.  TLS 1.0 is
already proving scarily long-lived.

The one good thing about (almost) everyone fixating on TLS 1.3 is that it's
been possible to develop and in some cases already deploy LTS in peace, so
it's ended up doing what the target audience requires without lots of
unnecessary bells and whistles added.

Peter.

v2.23.0 | Report a Bug | By Email