IETF Logo Mail Archive

Re: [TLS] RFC 6066 - Max fragment length negotiation

Martin Thomson <martin.thomson@gmail.com> Wed, 22 March 2017 00:44 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2E7C12940A for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 17:44:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1c3nJE7qfik for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 17:44:05 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D987C1292F4 for <tls@ietf.org>; Tue, 21 Mar 2017 17:44:04 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id v127so148152842qkb.2 for <tls@ietf.org>; Tue, 21 Mar 2017 17:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3eE3xv2y2xCjX7VUOkW/HkOtcam9jKEFYKPcOZ406dA=; b=bhCik9gbeRjGQlsWvHkiYlUczIaN4Hs7sg0Sw7f/twq/QCqweCLXPTY2VbnrgG+UwF A6ZRi9NjVd8p0UZetvhVz9s+HR9AzfmQD+AsLQYFsYpHsnecyfrqa4aqZuRsoQxtNLI4 5EoOndylibIRaGS8w87SN5jeTgIRuFl9qCWtSKr+Lhgabq0sxv1P/Ou/Ppkq0EPw8/xF +5keBYnHCQeAzx3B29DNteuSMqGfZ10KwsqWsFdkk/rGD67BFF8HrV8CtWabVa6+eiWx cK97R3u3Ty0geKn0X0jF/tLkwBD3YAlT7p7pBRu3U5ikPHuW3v3aY5Lm6/PfDUevS+76 eGcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3eE3xv2y2xCjX7VUOkW/HkOtcam9jKEFYKPcOZ406dA=; b=AOH9YMLigb/Hg/lwvthe3/zM8VJSF/U/VJB6fTLvLrlNdCELTeGGbheXmbFW/4Scj+ gtUX1eBDGuaEtAG2+2y/XV3bjVK0c3sQ4RNe+qeyFGLv1U+HwhZxW/auIzD9G/1lgQC2 cFUcS4PtDnGmmMX4kVBgqrMASDrT91O5y3xynPtLwstL7gyPilBmDJwRoyDcs5dUtZcY u/klUXDdVpy3w3uTMR4DtJ8fjXfN1uOY63eLDHInEIdbpdo6NK3tsuA7REV/1hvPY8x6 xhfeOox9fWajtQvFN5Tx4Q37zVi3bRKxFg5N9tTS1HRCNpocRLaJwNjEGLe+2NioitLo kcVQ==
X-Gm-Message-State: AFeK/H0LeoNLzifm/qIWcx8hntWFRyyQsRsSVUNBn+FKLoSqZLdOg/SlWQpKWkW6aajOokLjIQLl/ZBrumyTIQ==
X-Received: by 10.55.5.146 with SMTP id 140mr36352784qkf.202.1490143444107; Tue, 21 Mar 2017 17:44:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.27.194 with HTTP; Tue, 21 Mar 2017 17:44:03 -0700 (PDT)
In-Reply-To: <CABcZeBOSuezVLo_QjW+ZChOvPE0EWaN7aFCEpQbbR__GHoxpvA@mail.gmail.com>
References: <CAD8WAomJLs4hdaso9hT036=UORjT9=H5-oCHbdSofuv++n3rYg@mail.gmail.com> <1489706298995.98317@cs.auckland.ac.nz> <855C5079-FDA7-4E68-AE29-1E9605B495D7@broadcom.com> <1489707933992.42551@cs.auckland.ac.nz> <CABkgnnVRZBwXHZ6w=gX9pykNpXp80OLP1pe-VMg-uO-C6O8yEQ@mail.gmail.com> <1489710142144.88978@cs.auckland.ac.nz> <CABkgnnXiB5ksGbbPqDP3D=FVdQu9ht0vD8-T-5HTaEKQQE4+9w@mail.gmail.com> <1489721710740.52293@cs.auckland.ac.nz> <CABkgnnWq_5e8TJgJV+okqi6vo-_5=811pOZRtUCp0TD07SmNoQ@mail.gmail.com> <CABkgnnW=Pz+6M8UYoB+MTY8rQp9vsHyh6aqiSb3EbTT_BdWokA@mail.gmail.com> <20170321131514.GA9342@bolet.org> <1490103123694.3164@cs.auckland.ac.nz> <CABkgnnX1_YvbVb-FXjGe1jCuEjGxiaQ8WFuZGyuu0puNU+4ABQ@mail.gmail.com> <CABcZeBOSuezVLo_QjW+ZChOvPE0EWaN7aFCEpQbbR__GHoxpvA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 22 Mar 2017 11:44:03 +1100
Message-ID: <CABkgnnVAaySsBhvmLSrHJ7D2SK+-mK5=--ZiZ-SapaY9HvYBmA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ltZipX5tlFxsWIOxVwKqRsmLTyg>
Subject: Re: [TLS] RFC 6066 - Max fragment length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 00:44:06 -0000

On 22 March 2017 at 11:09, Eric Rescorla <ekr@rtfm.com> wrote:
> Couldn't you just use the maximum expansion you support (which
> ought to be 16 for TLS 1.3).

That leads to the same problem that we're trying to avoid, namely that
your usable space goes through the floor.

>> When compression is enabled, I can't imagine
>> what it would do.
>
> I feel like we could ignore this, and just say "don't do compression"


Already done, in the spec.  But not the code :(

v2.23.0 | Report a Bug | By Email