IETF Logo Mail Archive

Re: [TLS] RFC 6066 - Max fragment length negotiation

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 17 March 2017 13:40 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2BA129412 for <tls@ietfa.amsl.com>; Fri, 17 Mar 2017 06:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5S9u2opTGAm for <tls@ietfa.amsl.com>; Fri, 17 Mar 2017 06:40:23 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 5FB9112932A for <tls@ietf.org>; Fri, 17 Mar 2017 06:40:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 560611F6BA; Fri, 17 Mar 2017 15:40:22 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id WyJjGdOgSoOE; Fri, 17 Mar 2017 15:40:22 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 224852310; Fri, 17 Mar 2017 15:40:22 +0200 (EET)
Date: Fri, 17 Mar 2017 15:40:15 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Martin Thomson <martin.thomson@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20170317134014.GA26550@LK-Perkele-V2.elisa-laajakaista.fi>
References: <1489707933992.42551@cs.auckland.ac.nz> <CABkgnnVRZBwXHZ6w=gX9pykNpXp80OLP1pe-VMg-uO-C6O8yEQ@mail.gmail.com> <1489710142144.88978@cs.auckland.ac.nz> <CABkgnnXiB5ksGbbPqDP3D=FVdQu9ht0vD8-T-5HTaEKQQE4+9w@mail.gmail.com> <1489721710740.52293@cs.auckland.ac.nz> <CABkgnnWq_5e8TJgJV+okqi6vo-_5=811pOZRtUCp0TD07SmNoQ@mail.gmail.com> <CABkgnnW=Pz+6M8UYoB+MTY8rQp9vsHyh6aqiSb3EbTT_BdWokA@mail.gmail.com> <1489747107536.25854@cs.auckland.ac.nz> <CABkgnnUqHvc6zOL1SYP8FwBcF7SeMnnT-PJOwhMB1qqeDAcp9w@mail.gmail.com> <1489749662616.94542@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <1489749662616.94542@cs.auckland.ac.nz>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fZsFhQFHYLzB4RwoEQ4RuUXtE34>
Subject: Re: [TLS] RFC 6066 - Max fragment length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 13:40:25 -0000

On Fri, Mar 17, 2017 at 11:21:12AM +0000, Peter Gutmann wrote:
> Martin Thomson <martin.thomson@gmail.com> writes:
> 
> >Plaintext records don't have any such limits.  I explicitly excluded them.
> 
> Hmm, it's somewhat disguised in the text, technically all records are
> "protected records" (if you use EMS, everything is at least integrity-
> protected).  So if you mean "this only applies to application_data" then you
> should probably say so (alerts and CCS are too short for it to matter, and I'm
> assuming no rehandshake, so only application_data will be affected by the
> length constraints).

I think Martin said the only case where this special case comes into play
is renegotiation?
 
> However, this then leads to a problem where it doesn't actually solve the
> constrained-client/server issue, if a client asks for 2K max record size and
> the server responds with a 4K hello then it's going to break the client even
> if later application_data records are only 2K.  So it would need to apply to
> every record type, not just application_data.

I don't think responding with 2k ServerHello is even possible in TLS
1.3 as defined. Even group 260 would push the size slightly above 1k
And I don't think 1k is even reachable without that group.

In fact, in TLS 1.3, all messages except Certificate ones are likely to
be under 2k (or 1k). Of course, multiple can be combined into a record.

TLS 1.2 ServerHellos can be larger, but this is mostly connected with
certain extensions, like signed_certificate_timestamp. There are also
some messages that can be bit bigger, like certificate_status or
server_key_exchange.


-Ilari

v2.23.0 | Report a Bug | By Email