IETF Logo Mail Archive

Re: [TLS] Connection ID Draft

"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Mon, 16 October 2017 13:11 UTC

Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D21D133347 for <tls@ietfa.amsl.com>; Mon, 16 Oct 2017 06:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RkWbeeu1kyhG for <tls@ietfa.amsl.com>; Mon, 16 Oct 2017 06:11:15 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0134.outbound.protection.outlook.com [104.47.2.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32C08132F7C for <tls@ietf.org>; Mon, 16 Oct 2017 06:11:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ajMO5wuZX17GCAMTPEcJ1h580jG9+3/+rtA3CqJ6Cms=; b=rjjIRQFMu7YKxsCuPn6ctNiHWJ+DEjR9qb4wrD5HWB2m+GNgnxfRQAULhQhh6oKKVUx1Wv9ESMYx7P/sR9QaV0y9WMV1yIGKgAJsYYEHj9LR+DtR+hr/8K1k0TkYGDHYTjNUvhwawArDrW2+a4lvCz/NP/rigolxrpmjQovRndw=
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) by VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Mon, 16 Oct 2017 13:11:12 +0000
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::c0d1:2c07:79aa:1d9e]) by VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::c0d1:2c07:79aa:1d9e%14]) with mapi id 15.20.0077.018; Mon, 16 Oct 2017 13:11:11 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: Matt Caswell <frodo@baggins.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Connection ID Draft
Thread-Index: AQHTQ6/ei1Eh6DPTUUK7WLQddJSSYqLhYyGAgABgDQCABMatAA==
Date: Mon, 16 Oct 2017 13:11:11 +0000
Message-ID: <0B2743C5-B702-4BCC-A499-FB0A62A74933@nokia.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <B286EFDE-24D3-4B50-A0DE-1A87563A962E@nokia.com> <CAMoSCWap6hRk6RPzBZuLgG=5_9EwY2Fb3NKw2JvHLM1PSrc67g@mail.gmail.com>
In-Reply-To: <CAMoSCWap6hRk6RPzBZuLgG=5_9EwY2Fb3NKw2JvHLM1PSrc67g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [81.134.152.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1102; 6:wMRL3O1HH+bceFuVN41rkDRWOyxJC3xJQ8ht4XnfHi7rCZqTNGBFkD88PG5wpKl2GCz4XKZaLBKQ7DwCE/78+24Mfnq3xsdOca9JY7ZugtX1LT8KQwQ2sgVarrK28xHfcqiOPYlni4l8CS+BbrkWtCJ7Ml+asGeh6Z+oHBnsa3CiEVkHhfJ1BFD8+yKxej4LwLXbDTJ5Lq9vaxyAb4VVX4hEbQ1PR6himyh1dIbdANHxtj9RMxRyI4hOFnRvmwB49RI9oceNPY7WSjKNWFSYiBzOqFyCki7jyK25e/YTcGUYQfm3A/RKcEHUAbhk1K4CqEcuh818YdBVzI8cTPf8Rw==; 5:Uk9uF6sswwU/P2T8FmgwIqea+/sdZtQtxc/F8p1ENqHekTeXK7VnkKQMtDnvl89gaMqHGuB9hPjhMVa+/wlaaX6MVaaOOSfONohG+oc/lZGuLFbT1l7ohr6V5gAmvLZ44qYr9ooWUbNx2MKUttW8kA==; 24:rkIWDYKTtFS08vSS060teE5LhXbZLfBVDRr+bWtn7WRbCYnNXq+AUJkR7Z57U3eXDWkQ4it4uvsJxM30OWwNRos/wvH/cjGD8meytbEZkrM=; 7:BBmikGfsiuJr89TkZ4QkhoGjSUfdxXoHlRhFLIr8x305/3BKLKAO+TlJbnxDeQhZltWc9wl52SW9VMLu7uVvi0NKhWyeuKHmPYtPV/DNTxLSZuSlqPjUnf+6gGADtCe6v7I5XdbdMZweEA1Tt2LCoMy5eT1PMZo+OHYOMVyvVpONCyHV1OOGql0cFFrtFLwAL61QZV2cnjtRLpRC00Pbg9FQ4NGqY9YLeGMDQxE/SRQ=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(346002)(376002)(199003)(24454002)(189002)(105586002)(83716003)(53546010)(86362001)(14454004)(99286003)(5660300001)(2906002)(3846002)(2501003)(316002)(2950100002)(110136005)(53936002)(5250100002)(6246003)(107886003)(6116002)(102836003)(189998001)(2900100001)(478600001)(83506001)(6512007)(36756003)(4326008)(8936002)(81156014)(3280700002)(6506006)(3660700001)(81166006)(229853002)(106356001)(82746002)(6436002)(33656002)(101416001)(305945005)(6486002)(8676002)(66066001)(97736004)(25786009)(76176999)(54356999)(7736002)(68736007)(50986999)(58126008); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1102; H:VI1PR07MB1102.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 3430f127-2023-4680-8c0c-08d514975f5a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR07MB1102;
x-ms-traffictypediagnostic: VI1PR07MB1102:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <VI1PR07MB1102E5449EE1092046D8665A804F0@VI1PR07MB1102.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123560025)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR07MB1102; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR07MB1102;
x-forefront-prvs: 0462918D61
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <F381E855BDB8744296EF5836DABDBF8E@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2017 13:11:11.3930 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1102
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hZGIRNIx1d8E5oJou6PHImgmBLU>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 13:11:17 -0000

Hi Matt,

On 13/10/2017, 14:15, "TLS on behalf of Matt Caswell" <tls-bounces@ietf.org on behalf of frodo@baggins.org> wrote:
> Recently I met with Yin Xinxing and we have had much the same
> conversation about what a Connection ID draft would need to do, and
> how we could detect its use on the wire. Mechanisms we talked about
> included setting something in the "length" field, using ContentType or
> using version. IMO using "length" is just horrible. I'm also not keen
> on version - it further complicates the "is this version greater than,
> equal to, or less than this other version" question. It's already
> slightly complicated in code that implements both TLS and DTLS due to
> DTLS versions being high and decrementing for a new version. I foresee
> lots of subtle bugs and problems from reusing "version". In my mind
> ContentType is the way to go.

Re: the length hack.  I agree with you that it is not the right way to
go here.

Re: CT vs version, a couple of quick thoughts:
- I'm still unconvinced that CT is the right place to signify a change
  in the parsing logics that effectively spans all CTs;
- Besides, ISTM that version is the only field that would potentially
  work for 1.3 as well as 1.2?

Cheers,

v2.23.0 | Report a Bug | By Email