Re: [TLS] A flags extension

Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 26 March 2019 09:36 UTC

Message-ID: <be8f455bf446d6db3ba81a8ac98ed9d485cc43de.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: tls@ietf.org
Date: Tue, 26 Mar 2019 10:35:54 +0100
In-Reply-To: <F5AD3A62-C0D1-49F7-8D10-27A7DA92DCCC@gmail.com>
References: <A7EC005E-3463-406B-930F-925B4D2338E4@gmail.com> <B0FF00D7-8727-4371-8DAA-AD2A920504F8@akamai.com> <2e5a5623-7de9-4f12-b699-b0b248432f96@www.fastmail.com> <F5AD3A62-C0D1-49F7-8D10-27A7DA92DCCC@gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5 (3.30.5-1.fc29)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/h_ZSaOWPOICDDie92EVfLciCAAY>
Subject: Re: [TLS] A flags extension
Precedence: list

On Tue, 2019-03-26 at 10:11 +0100, Yoav Nir wrote:
> > On 26 Mar 2019, at 9:06, Martin Thomson <mt@lowentropy.net> wrote:
> > 
> > This needs more space for each flag.  8 bits is a pretty small
> > space.  If you are concerned with the size of the result, we have
> > some variable-length integer encodings you could try.
> 
> Ah, the beautiful variable length encodings.  Like:
> 
>  - 0x00 - 0xBF - for standards-action allocations
>  - 0xC0,0x00 - 0xEF,0xFF - for non-standards track
> - 0xF0,0x00 - 0xFF,0xFF - for private use among consenting parties.
> Are we really worried that we’re going to have more than 255 optional
> features for TLS?

Given that adding an extended flags extension which can hold even more
flags is also easy, the 255-optional features do not seem so limited. 

Going into the extension itself, the array FlagExtensionType seems to
be the TLS-way to define such variable, but flags are easier, more
efficient to parse, and take less space if they are bits on an integer
value (32-bit or 64-bit). Have you considered a simpler structure like
that?

struct {
   uint64 flags;
   uint64 ext_flags1;
   uint64 ext_flags2;
   uint24 ext_flags3;
   uint16 priv_flags;
} Flags;

The advantage is that it can carry the same information with much less
bytes on the wire and it is easier to parse in low level languages.

The disadvantage is that an extension flag would now need to specify
the bit it occupies _and_ the particular element it is set to.

regards,
Nikos

[TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Salz, Rich
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension Salz, Rich
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Tom Ritter
Re: [TLS] A flags extension Nikos Mavrogiannopoulos
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Nick Harper
Re: [TLS] A flags extension Peter Gutmann
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Hubert Kario
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Hubert Kario
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Benjamin Kaduk
Re: [TLS] A flags extension Nikos Mavrogiannopoulos
Re: [TLS] A flags extension Daniel Kahn Gillmor
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension Eric Rescorla
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension Hubert Kario
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension John Mattsson
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension Yoav Nir
Re: [TLS] A flags extension Hubert Kario
Re: [TLS] A flags extension Martin Thomson
Re: [TLS] A flags extension Hubert Kario
Re: [TLS] A flags extension Christian Huitema
Re: [TLS] A flags extension Hubert Kario