[TLS] TLS message limits

Martin Thomson <martin.thomson@gmail.com> Tue, 30 October 2018 04:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3C21277BB for <tls@ietfa.amsl.com>; Mon, 29 Oct 2018 21:50:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOQVI0pOxDzS for <tls@ietfa.amsl.com>; Mon, 29 Oct 2018 21:50:04 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B059D126CB6 for <tls@ietf.org>; Mon, 29 Oct 2018 21:50:04 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id f24so4146553otl.5 for <tls@ietf.org>; Mon, 29 Oct 2018 21:50:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=70VWO6gYfzA47yGBFPyNohYWpSO4/aKAI8DSTeIXs3g=; b=Tbiz4amT4Zrmz5uA/KIiH67An7DXEzrJuhpTJNAtnS6GYgrb9BV6r7YjxAAY0MHmKR h14luxullliTD0aP3J/A2bVzMyq2pg/3q101pmkrZwZo751Pvh6OXZ6rfj/TDX+Gw9n4 wX0maFjoydW7YULXCpyATgZGiSkMwgDcWiAQhEJX1giyu4NsUIKdM4+PUMqwBO9dQqMB dtk5p6Lli1AHjIXvibRwK+1QePgBBY+sgeg7H9S17kLiHp4R6JM7E8VepcTEDtDgr5vS j/UqUXglJTpAWhlC4IVVhjp08T7Ly5cS/SCTu6zS1llJMLWwMHeHQv7r0pf6ciZdp0X5 n9uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=70VWO6gYfzA47yGBFPyNohYWpSO4/aKAI8DSTeIXs3g=; b=T6aE2GTy0Ho051aVfXtSQBcbyAGznVd7JgXiqv5BdgnPkpr8W8vKisUUoBfwOxAUrn nvFgHo0qMIiOmb0YCFjSoJCtFAJSrgNF7gR1sr0OHNapIjvdYXmcF8KSSjXSv/M6BGBE JnFRJTGkfi1Pjzi75w34RpBDbOttQ4H3O9IW9M3HFHiEuT2aNW6BB47/BncWmCLJ4TIy l7HetZymojnJEkaWUeJ+FKsyhjj3VBP7VJse6km9QAs/MSIXo1E4itFQUbk/ZlapFwe+ rehH137fJKGu2zj4fljzfEjFr/m+9Z6OeAKTOdFSRrXoveyK//zZEgxp74H2XlLrTQ9V cgwA==
X-Gm-Message-State: AGRZ1gKlxq3nvZuZJa/Tp10VIsz2o3FER+ATZEeG7iFOiLvnnrBH2ujf 3Z2vrpd6DfUiCQOFbhrvAWSTjkNs910RcKCcK+xsAiwx
X-Google-Smtp-Source: AJdET5fXdVe/d9wC8hybxeCVmv/3yqqwnGPjKPwBr/usI1rQG/lPZEun875VX9NN7ZROsR7cIWVn2K+z3U4lkgc9ngE=
X-Received: by 2002:a9d:250d:: with SMTP id k13mr8556477otb.142.1540875003745; Mon, 29 Oct 2018 21:50:03 -0700 (PDT)
MIME-Version: 1.0
References: <153947914453.12405.8323044666882273582.idtracker@ietfa.amsl.com> <BF9EA353-C4D8-483F-9552-822D34780207@apple.com>
In-Reply-To: <BF9EA353-C4D8-483F-9552-822D34780207@apple.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 30 Oct 2018 15:49:54 +1100
Message-ID: <CABkgnnXZny2X4VRZDQTpAJaa7jfYf=kSPQ8DJ1rtfCzNNMgt6A@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kih8QFtVzbnCz8lwg0B7P-g1egY>
Subject: [TLS] TLS message limits
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 04:50:07 -0000

There is an ongoing discussion on the QUIC issue tracker that might
benefit from some attention here.

https://github.com/quicwg/base-drafts/issues/1834

Of most interest here is that there is no mechanism by which a TLS
endpoint can limit the size of handshake messages.  This wasn't a
problem prior to TLS 1.3, renegotiation notwithstanding, but if an
endpoint needs to buffer a 16Mb message it will probably be unhappy.
And many TLS implementations buffer.  Knowing where short of 16Mb is
safe to send is tricky.  Right now, all we do is rely on the natural
pressure to keep tickets small and the fact that tickets are pure
overhead to keep things under control, but it's a hole that is a
little irritating to leave unpatched.

Of secondary concern for QUIC and DTLS, but not TLS, is the total
amount of data that can be sent in handshake messages.  If that data
arrives out of order, it would be nice to bound the amount of memory
that is apportioned for receiving and reassembling handshake messages.
I mention this only because the same solution might be used to fix
both problems.

(I was motivated to post this after reading the ticket requests draft
from Chris, which we should publish.  That draft doesn't run really
cause this problem, but it made me think that 255 tickets might make a
bit of a mess if sent all at once.)