Re: [TLS] John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 21 April 2021 05:51 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 091733A0CF0; Tue, 20 Apr 2021 22:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.552
X-Spam-Level:
X-Spam-Status: No, score=-0.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=d8NKAtHH; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=d8NKAtHH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ByvQAieiivH; Tue, 20 Apr 2021 22:51:26 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2060.outbound.protection.outlook.com [40.107.21.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 139D73A11A6; Tue, 20 Apr 2021 22:51:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrPeLREed6Cs6crMccRSeEQNkDbZSQdtXalxjgES6yo=; b=d8NKAtHHALPupxqb04InnxbOeE6SrQ/0rwD6hbedfze1/4wb04e02HuOAugmXaN0y9DT9Xz/CEBGyvLSrQ7G6pEXItXNVfftukIgUcKHELy74JOekprMwPSLheA4xpyzcmmdeHheZ6cdV1o4Ik1HQNLZsgbNwYuR3lQGJ/pd4Mc=
Received: from MR2P264CA0059.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:31::23) by DB7PR08MB3289.eurprd08.prod.outlook.com (2603:10a6:5:26::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.17; Wed, 21 Apr 2021 05:51:22 +0000
Received: from VE1EUR03FT034.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:31:cafe::71) by MR2P264CA0059.outlook.office365.com (2603:10a6:500:31::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Wed, 21 Apr 2021 05:51:22 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT034.mail.protection.outlook.com (10.152.18.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Wed, 21 Apr 2021 05:51:21 +0000
Received: ("Tessian outbound 9bcb3c8d6cb1:v90"); Wed, 21 Apr 2021 05:51:21 +0000
X-CR-MTA-TID: 64aa7808
Received: from 7c66abfa14d3.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 07A4C5F1-EF46-43E6-AEAC-5E5A02A4CA59.1; Wed, 21 Apr 2021 05:51:15 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7c66abfa14d3.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 21 Apr 2021 05:51:15 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BUWKdoDQS5jsf3m1DTfWvHisaoKaLuqAbZ3lTjojM7quSIx/gNS4R0m0uLgdECObXWq0PfTTSEdUIUHBWvtnp5OFzJSfbXZile8rxZfG211Z2UAcEAw2l2jaAI86JmHhaWorcJbA0P5cCtvIEO0visxbatLZRnELolmUFhDjh9mNc1oADIotPopfEC7zm8lXJTLkySq1CKDhOTTy3BvIQZXfh2OPcY8VhRfriuKvprC0WB8h+CJ7N356Zv+UUX/GpEarQeeEuJiNuEezEZGVc9jNR06gLH5XWpYVOndsAxdCDU/GaOGScgMZoVAuE76iiqLVdYSYku+AYSih/U+evw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrPeLREed6Cs6crMccRSeEQNkDbZSQdtXalxjgES6yo=; b=XFwPm6y9cHthkzQzd9tz8upp9/B5jWaNntngkidywjTWbRpr4Zsx98ksDTEzlsNVy47LtEv5kg7rek5F//EOB/VLFpe8DVKz5dmTvoM55t75YcsjqKjxnNgX8Lg0I8pGpCehQC7aBLQbiCVPv6sRmJDlPD9wG9gBVkCFmZleTUza6AU1UANYqaB6HEDIQmS8vxpLuixyhg381os3QdnTYEm2uEIHxe37vnOE0ny6Fhiut75JpPso1d5TBo5cQjZeqNUoZ/ubLxoI0BVsCzdTHZGsojpBei2fqA1oIeZ8WNtvXLvratZUbduqvjAXQg6hdpRc1n4BhFpWZru305to5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrPeLREed6Cs6crMccRSeEQNkDbZSQdtXalxjgES6yo=; b=d8NKAtHHALPupxqb04InnxbOeE6SrQ/0rwD6hbedfze1/4wb04e02HuOAugmXaN0y9DT9Xz/CEBGyvLSrQ7G6pEXItXNVfftukIgUcKHELy74JOekprMwPSLheA4xpyzcmmdeHheZ6cdV1o4Ik1HQNLZsgbNwYuR3lQGJ/pd4Mc=
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com (2603:10a6:802:25::13) by VI1PR08MB5469.eurprd08.prod.outlook.com (2603:10a6:803:132::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Wed, 21 Apr 2021 05:51:11 +0000
Received: from VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::99ef:85aa:3465:475e]) by VI1PR08MB2639.eurprd08.prod.outlook.com ([fe80::99ef:85aa:3465:475e%7]) with mapi id 15.20.4042.024; Wed, 21 Apr 2021 05:51:11 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: John Scudder <jgs@juniper.net>, Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-tls-dtls-connection-id@ietf.org" <draft-ietf-tls-dtls-connection-id@ietf.org>, tls-chairs <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>, Joseph Salowey <joe@salowey.net>
Thread-Topic: John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
Thread-Index: AQHXNjZwWIVloQQe0U6QWFeDi8kblaq+C/cAgAAMLYCAAF+cYA==
Date: Wed, 21 Apr 2021 05:51:11 +0000
Message-ID: <VI1PR08MB2639208E010980DFCB15B57AFA479@VI1PR08MB2639.eurprd08.prod.outlook.com>
References: <DC7E046F-EDF9-4AFA-B3B7-D88DE0B51952@juniper.net>, <CABcZeBPcmjnHNZkFpqVkMER110LXuXh0iRyi7KUJ6GjU2jM5pQ@mail.gmail.com> <8AF84651-A0A2-4065-8858-5D69C047DD9A@juniper.net>
In-Reply-To: <8AF84651-A0A2-4065-8858-5D69C047DD9A@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: D29A4BE31867734B8EB5CD1E374BCDF5.0
x-checkrecipientchecked: true
Authentication-Results-Original: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=arm.com;
x-originating-ip: [195.149.223.198]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 17a1cdf0-8bf7-4e55-6f17-08d904897df9
x-ms-traffictypediagnostic: VI1PR08MB5469:|DB7PR08MB3289:
X-Microsoft-Antispam-PRVS: <DB7PR08MB32896EAEF86058ACFE155B1CFA479@DB7PR08MB3289.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:3826;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: R70vkBDW+L+i0dewjc+f1CMC6JNM6zhqZjj2PhbQ7MAPAIL6+8jqkykNBH3EYo+w2W6bYhxyqh127p64jC7MuUBDW3DL8fDaIU89EwT5oIttTTDCv2ywqxcPQrt+m4uwubH/++dAU/gAcVUB7wDtUu8CB5rstimTGDs7fdHE+HtkHYHVftOis4Trt1YHspi1E1jS4n+Vvhyw2eRN6qgo+d2yRcn2S5vMAN8QF7mTrEfxNrb9UEECtxd1k9liJSVLrLuOpq6Nv+SEMeScEgotZpfMVBA4KoDxF/pD1aDtMeepmy0pdtc6AqxUr4qX7zka8MymPj5KyTKDm08iTI7Wk38nNEh8WdIgO8XqVRgmdlYLz9kev3fIzpowBIM6rbHN+7cVRFXFJt6R93tMBqbT/HtwdjCiPuye1ncZYCh+8Mok6B149iSJAKqxw+BxwPEupJw0Q1Rasu0OHDmtSRKR8AjNoHxhaBWlRlV2IwHSqPnyu5zFsLh+FfDAmj3Qtk/ZZCFuKbJ/z/wXj3jihM9O7MPGBxWcpl7lWU4iMTxeCDgntP6ZlLtlcrLIPjYn9dnwbmUiA/GQndDTduaVa4tG/RYITGDGXSvR4vga1OYEZzWYvA/3fJkQb7LD8U82VkBhPJtcZMqJMsy8w0pv4Ugj4MD+LuJL2DgUrJJxmukosHrAWX5Ayc0dwq432iGnBu+E
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR08MB2639.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(346002)(39860400002)(376002)(366004)(478600001)(66946007)(66476007)(966005)(64756008)(66556008)(66446008)(2906002)(6506007)(53546011)(86362001)(52536014)(76116006)(166002)(83380400001)(8676002)(110136005)(5660300002)(54906003)(55016002)(8936002)(9686003)(71200400001)(316002)(38100700002)(122000001)(26005)(186003)(4326008)(33656002)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?YTcyN3VQUU85c24vMVpOZ0tQK212N3g4MUx4aHJNTVZWU2VFdjREY3d5ZHQ3?= =?utf-8?B?YStvbUZzNjVHeTVId3RlK0R6bHhGZ2owNUZYVTJsb3M3R2x2VWNnRDhCdkxk?= =?utf-8?B?TXc2OWhOMkZHV2lrSjV4U1JIbDdhdWNhaWZRSjhkbW1yeWZKcnlIb012QXNS?= =?utf-8?B?NytCbEVNS2xpelZwRFRGUTRTdkJYTzR0c29MWFhiSDZWQXBkdURyTzFZdU8r?= =?utf-8?B?MVdNVk9NR3dhQVlmalhZcnowTzBsd1JaV24rZlU2anJqQ2thVFNpMUQrRlE2?= =?utf-8?B?MmM3QVR0VmlKWVVmTzZDaCs0WnhIYmo3c0NqdUtxY2NaQ2FTcmFtZzJwdDVX?= =?utf-8?B?NkI5UlpYM1grTTJyaHNvRWR6KzlYQU5aNm1WNy95SXAwQzBLYTVUcDlweVVp?= =?utf-8?B?b1FMeVNiYnVFVU9oSndTZW1aejNoUnordmU4R2VyelQ4eXZSMWxnbnFySmNw?= =?utf-8?B?RDJmdlllVUVJN1FWbm1RWVJ1SGJFU2xvUGdKSUxFb1lUWnB0OG0ySWN1Qkcv?= =?utf-8?B?Mnl0dFZ1LzBHTFlxaXlUeU5Kay9NYmdlb0JpT0NHZ3lDNmkzTzg5Y1JlcVF5?= =?utf-8?B?UE1Qa01MUjU3RE9ZR1JwaW5VbVpPbDYyb1pCQlhVaUcrM3hjbGZhVjJleGEx?= =?utf-8?B?MVpOVUVEZlpwNDBaMzRLTWk0ZDRLa0dkSjQyTnhkdlBUeDJ6RGp2bWFSU3JQ?= =?utf-8?B?OHY1YVBWbWtjSUJCZ012VzhKR0hvY0dCaUVvQlZmZng2b2FWSWlLK0hpaGdU?= =?utf-8?B?dTgzUU43dFM0RlhidEt5Z0RNc3l5NUFKUm1oaldmakxVZjhxZUsyd3lQM3dm?= =?utf-8?B?QksxdUh2bXBrZ3VNSFpRbzIzd2ZnWXh6Ly9FT2Rqb0dwdEM2dVl1M3ZBYXJN?= =?utf-8?B?TjFGbDR2YUdiTVhXbi9ueHRPeWVuMnp3dzkvRjYzK0F4cXBwT1pQN2xyb3pG?= =?utf-8?B?WUFtamZHRmVNZ2dPUWFhRWZFNU02UFZlUXNzNk9GOGZLeDVaUmYzNTZzdlFs?= =?utf-8?B?MVJYZi95b1J1NkJ4ZjBCVkRoL09kTXNnNFI4bDZUTlhhSUNBZXMveVFMczZo?= =?utf-8?B?RldDRGJibTVFVkd5czFacWhIdDYvY0g3WmMzUGNud2VSeDk0d0hhbC9uWVBr?= =?utf-8?B?SHVKSHYwMVgwdmd2WjJKVnBVUTFLRFBETklRYnJNVXIrTm9xSVNneDZmVGY4?= =?utf-8?B?Rzd6VVB6dVFYVGVwZ25Gb240bGRCbzRtQVFsbDI3eDBwRUVMbHk3azBiMTd0?= =?utf-8?B?R1ZaY3pkbWlKMjkxYXhtOEJaNkdTUmRtNkJXbXQyTzJybHRKd2g0Zm9QSWNW?= =?utf-8?B?WE5MVUliQ0Q5Ump0RXUzaXRycmpXTUtXb3BNOXpFSkNBWlBVZlorbk9sUktr?= =?utf-8?B?NitUVDdxRTd1VTV2WG1laWptMmhqUlFRR0kxZ0ZlU0NPb250QStmb0VRU1pR?= =?utf-8?B?RUdJR3NYUkVwKzFCNEdFekFBZ2I0ZmRDVisvVGxxbWdwbExYS3ZXRHVLR0Jp?= =?utf-8?B?c3hFL2RPOFo4ekRGdnRuejJRQjByV3QzQm43R0s1UkVqeEZPWFcxcHM1UHBz?= =?utf-8?B?eWl0SVhjN0tqakFncE8zeTQxRUFENFloUW5mcFRrL2UzMTFJMkJad05sSFRJ?= =?utf-8?B?SUZTT3ZDQmNSbll2aW1EcEVmUlQ1ZklIOFZIODZXSW5GWFBiTnU0dWFZY01t?= =?utf-8?B?OEtYMWs0dmtyTUlkeGJ3azVLTGVIeGw2aXR0bG52MnF2L1dSRlFuYXNDRHpo?= =?utf-8?Q?4Kp51eftSEDQfui4fej2GedpSqGNojHImTKUsLp?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB2639208E010980DFCB15B57AFA479VI1PR08MB2639eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB5469
Original-Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT034.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 7013e835-1cf8-4e10-e6d0-08d9048977f9
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: MfW/EkJMNXzEFwmwqnZv/AFqmmzTqCGPZb4DlJ9aRIUn/lY7Q6vwvi2HxM+IsPm239nPLHFGVyLmwe223YL7NrxFNaAO05ypkX6CNqI9DlvgrtapxtzJQ9bOQn+7IZoPIc4OV4EkQZJjRGuKCept/6U0tE9PZg+r8sXZRl1l8bB9Ei+WFz/P/piNwL144nKQyWVszypsXAahb0PmencXbegrKM3rOrzTHy2WbrdNb+YqNeikBHEYHEXyTqo5eWoxJomzLLmxuAUPEFm3uf4UCC8ejRiZCKuRW6M4MJUTAcr3vUlHck/TLyQuiAFQEt5V7XYJIX6u0puzU6DGA9QMoFQyXXChtBw3ZShiKgb+3jVQh3Z4QmwyOooP/FCY4hNkj2YzDCEtLjVuHxVWsj0oFMI7xlLL44ETQDTFV1VsmPaJ4sLqUWySN46AvD3ifivKw7ubg2Es+drHAJkoSDKIlcQgT+fP1CfILIEK0e1v6y8KhQsADpGDGOYzTH3MS+VOvqJ7yNnE4dXOfEEj5Z2idw9y7XXGqk8ZSA6OX1VK8jqdaMowKKMiI7IiumbTCIUliPYWq46GQtjvniDAqvdb9hoXH9gaK8Io7/vRlyowgxqGNcQhrkRNG5BUZO/GzgFfzDvIh9ry1iJuccZ7Kfgxa0eiMWv70RUDaPPxOEcMoGJ4n+DyzhYO6qvspBzFWi2GQ+7dwoAisw3I6/eXrKZuD/r9MLg0xbUtUi72+eFdWL8=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(39860400002)(376002)(136003)(396003)(46966006)(36840700001)(450100002)(7696005)(26005)(33964004)(55016002)(4326008)(47076005)(70206006)(33656002)(8936002)(82740400003)(966005)(83380400001)(82310400003)(478600001)(2906002)(110136005)(86362001)(36860700001)(166002)(6506007)(316002)(5660300002)(52536014)(54906003)(186003)(107886003)(8676002)(336012)(53546011)(81166007)(70586007)(356005)(9686003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2021 05:51:21.7476 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 17a1cdf0-8bf7-4e55-6f17-08d904897df9
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT034.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3289
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fsLVAyjWjaXCcGHrW7_R5FpgU00>
Subject: Re: [TLS] John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 05:51:33 -0000

Hi John, Hi Ekr,

I hope I correctly understand the essence of your conversation. I am wondering whether a link from the bullet list to the text two paragraphs down will help. Here is my proposal:
https://github.com/tlswg/dtls-conn-id/pull/111

Ciao
Hannes

From: John Scudder <jgs@juniper.net>
Sent: Wednesday, April 21, 2021 2:07 AM
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>rg>; draft-ietf-tls-dtls-connection-id@ietf.org; tls-chairs <tls-chairs@ietf.org>rg>; tls@ietf.org; Joseph Salowey <joe@salowey.net>
Subject: Re: John Scudder's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)

On Apr 20, 2021, at 7:24 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
On Tue, Apr 20, 2021 at 3:42 PM John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>> wrote:
On Apr 20, 2021, at 5:32 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
3. Section 6:

   *  There is a strategy for ensuring that the new peer address is able
      to receive and process DTLS records.  No such strategy is defined
      in this specification.

This is a little mind-boggling to me. I understand this to mean I can’t send
the new address a DTLS record unless I’ve already ensured it can receive and
process that record, right? This seems almost like a classic Catch-22. I feel
like I must be missing something.

This specification *only* allows you to mux, but doesn't allow you to migrate.
We could probably make this point clearer.

Yes, I think so. Various things led me to think this was supposed to be a feature. For starters, the abstract:


   A CID is an identifier carried in the record layer header that gives

   the recipient additional information for selecting the appropriate

   security association.  In "classical" DTLS, selecting a security

   association of an incoming DTLS record is accomplished with the help

   of the 5-tuple.  If the source IP address and/or source port changes

   during the lifetime of an ongoing DTLS session then the receiver will

   be unable to locate the correct security context.

It’s true the abstract doesn’t promise that I can migrate to the new address, but I felt led in that direction. But more to the point, §6 itself:


   When a record with a CID is received that has a source address

   different than the one currently associated with the DTLS connection,

   the receiver MUST NOT replace the address it uses for sending records

   to its peer with the source address specified in the received

   datagram unless the following three conditions are met:

If I understand your reply correctly, the quoted sentence could end “… unless the following three conditions are met (which will never happen):”. Since that seems both capricious and pointless, I still think I’m missing something. Is it that you envision a future specification that does define a strategy that will fulfill the third condition?

Yes.

Got it, thanks. In that case I think it brings us back to your earlier “we could probably make this point clearer”.

—John
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.