Re: [TLS] extended headers for (D)TLS (and their use with connection-id)
Adam Langley <agl@imperialviolet.org> Wed, 24 January 2018 15:53 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E5112DA4F for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 07:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OqdeTxb67GA1 for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 07:53:45 -0800 (PST)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 776C9126D46 for <tls@ietf.org>; Wed, 24 Jan 2018 07:53:45 -0800 (PST)
Received: by mail-pf0-x22d.google.com with SMTP id i66so3369358pfd.7 for <tls@ietf.org>; Wed, 24 Jan 2018 07:53:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=6P2wawxeV40vi1/yG1whfUFmv5zDJHqpVDE9EeoB6Ec=; b=SjxfWtAx8jHpX0ndB2H1pz7dvUxxuqtubrrksEC3zcQeAK6gJKiDO30PtTvcqb0OKQ +X2CigLoCkBPFq0U7/TkcMEAPoc48vqvuVm1Xd5ZCIsAv3JHMLQVCdz2VTei7yidDmum aAls5QKZuwQXQIFkDhLyQTPQ1Yb2d+M9CC0DCPsnG5YCY8LTN88UQaECkE1Dk2WPjdyS I6xYNon12vEGwhNeMXxMrHWnpmaCi782oARORm85QqO3jwpE7Dkt+L7HWZhOIW9OQPm3 jPnNMnkWKX5dTi5QnK+bSx5EgPtJpzPkJve55U+kRkWI7ZG0Twq6x3YscFxkyv5LQWLp V38w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=6P2wawxeV40vi1/yG1whfUFmv5zDJHqpVDE9EeoB6Ec=; b=HrtbXJopf0oK3t/QuQk1tgHYQ4ZE8/gKyC4uKw2S9a4TzVqaQcv+DpJFAlUzypuUR7 8AQ8ycNaJoQmThvrRQdteLXH8mASvh08pE9Ai//H/LMjhgVS5bEqUlrNzMq64OxMhgeP 7nsq1EyFlbyfOwMlFzaWEoFPgfzSceltSt9k4hgmc6izPOdBe+z2k91zhD7tLXhIOJPC QJ1nfOeeu7n2i0q6/a3DBzLGdIRlxSJZaBDX3PoWuLJ99EKAHVZYy3ukM7Fz8WFm6WNU fHlDpL9w4j+ylkWM1v0qNgiJiSsfiEw4KnSBEjMBUsURRN3HHPbII3fCJycu7opBqheH ZpYg==
X-Gm-Message-State: AKwxytf3ORMRgS9Mxi/9axpvIJdeO9Q6A+53MKrSATTtB0nrDSJvElWz 7r4/o6Yj9uibk7nsD/uC7IJLBWqtKdV9AlaUQcs=
X-Google-Smtp-Source: AH8x227e2SVh7ZSy3Xkcd0AwBnmR9dEEXVjKnlmKqyg/Y1yzLmA+qZ6Kgn0XyTr+uWMwXA1jx8IS8ZaMcUaXPtX/0TQ=
X-Received: by 10.98.226.24 with SMTP id a24mr13518363pfi.192.1516809224786; Wed, 24 Jan 2018 07:53:44 -0800 (PST)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.100.186.200 with HTTP; Wed, 24 Jan 2018 07:53:43 -0800 (PST)
In-Reply-To: <5D415FD9-1505-4E03-94DA-BF89B52E7770@nokia.com>
References: <5D415FD9-1505-4E03-94DA-BF89B52E7770@nokia.com>
From: Adam Langley <agl@imperialviolet.org>
Date: Wed, 24 Jan 2018 07:53:43 -0800
X-Google-Sender-Auth: O7Tr79hg38_KLT2Xs4O3aF86PtU
Message-ID: <CAMfhd9Um-JfOnurKNokiQDfN7XJsn7vJE+mZjsGKmfsoCZ9czg@mail.gmail.com>
To: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/i6qHonGfm46JaNpM2x6MBWdosmM>
Subject: Re: [TLS] extended headers for (D)TLS (and their use with connection-id)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 15:53:47 -0000
On Wed, Jan 24, 2018 at 6:31 AM, Fossati, Thomas (Nokia - GB/Cambridge, UK) <thomas.fossati@nokia.com> wrote: > > A few months ago, Nikos (can't remember if on this list or on a side > conversation) came up with this thought of a generic way to extend the > TLS/DTLS record header. So, I've stolen his idea and written it up in > [1] with the intention of using it to make room for the connection-id. Our experience with middleboxes suggests that this is likely to fault afoul of many flaws in these products if deployed with TLS on the wider internet. DTLS might survive, though, and the cited motivation (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-00) is DTLS-only. Probably this draft needs to be too. Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
- [TLS] extended headers for (D)TLS (and their use … Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] extended headers for (D)TLS (and their … Adam Langley
- Re: [TLS] extended headers for (D)TLS (and their … Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] extended headers for (D)TLS (and their … Adam Langley