Re: [TLS] Mail regarding draft-ietf-tls-record-limit

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 19 February 2018 17:50 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84349124319; Mon, 19 Feb 2018 09:50:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Es3-gMvJmFbQ; Mon, 19 Feb 2018 09:50:51 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 462E41241F5; Mon, 19 Feb 2018 09:50:50 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id D59B249BDB; Mon, 19 Feb 2018 19:50:48 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id mmllGvNdAjzC; Mon, 19 Feb 2018 19:50:48 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id F3A0D72; Mon, 19 Feb 2018 19:50:43 +0200 (EET)
Date: Mon, 19 Feb 2018 19:50:43 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: 'Martin Thomson' <martin.thomson@gmail.com>, tls@ietf.org, draft-ietf-tls-record-limit@ietf.org
Message-ID: <20180219175043.GA28923@LK-Perkele-VII>
References: <008b01d3a94e$1cc174e0$56445ea0$@augustcellars.com> <CABkgnnUMKhnQS59Xt2=WaJp9Ywbzej6_vZ1u9R1dHE02ocir3Q@mail.gmail.com> <00a401d3a99f$28679e90$7936dbb0$@augustcellars.com> <20180219171827.GA28597@LK-Perkele-VII> <00ae01d3a9a6$e3757f70$aa607e50$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <00ae01d3a9a6$e3757f70$aa607e50$@augustcellars.com>
User-Agent: Mutt/1.9.3 (2018-01-21)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fYAEBGj3ts1jJRa-rdkmqFPB6cI>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 17:50:54 -0000

On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote:
> 
> 
> > -----Original Message-----
> > From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com]
> > Sent: Monday, February 19, 2018 9:18 AM
> > To: Jim Schaad <ietf@augustcellars.com>
> > Cc: 'Martin Thomson' <martin.thomson@gmail.com>; tls@ietf.org; draft-ietf-
> > tls-record-limit@ietf.org
> > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
> > 
> > On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote:
> > > Martin,
> > >
> > > I think that the wording I would prefer would be along the lines of
> > >
> > > A server MUST NOT error on the value of the extension when a higher
> > > TLS version is requested.  The server MUST use the minimum of the
> > > requested value and the maximum value for the TLS version negotiated.
> > > A server MAY error if a the value of the extension is exceeded for the
> > > version of TLS requested.
> > 
> > You need to consider the case where there is some unknown-to-server
> > extension that happens to alter the limit.
> 
> I am not sure how, as a that server, I could possibly do that.  I can't
> act on something I don't understand.

Because the server can not know the semantics of unknown extensions, it
has to assume any such can alter the maximum limit. Of course, when it
comes to that, the server could just not error on too large limits
regardless of other extensions.


-Ilari