Re: [TLS] Question about Large Record Sizes draft and the TLS design
David Benjamin <davidben@chromium.org> Wed, 20 March 2024 01:09 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91CE5C1519BA for <tls@ietfa.amsl.com>; Tue, 19 Mar 2024 18:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.257
X-Spam-Level:
X-Spam-Status: No, score=-9.257 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvTT3lDpBrLc for <tls@ietfa.amsl.com>; Tue, 19 Mar 2024 18:09:29 -0700 (PDT)
Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE19C15792A for <tls@ietf.org>; Tue, 19 Mar 2024 18:09:00 -0700 (PDT)
Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-60fff981e2aso41002647b3.3 for <tls@ietf.org>; Tue, 19 Mar 2024 18:09:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1710896939; x=1711501739; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qaw2+hOK04NlAThJOKNBvoFBSttznNRau7bR2hy0z+g=; b=dq1L+Hi+AS60pYMUFODcP2PgaMEPSN5xU3lpxxFABHtBu+EzkEkaBDLwiaze+FIGPk 17cBVrw4+ICDrDiiFCM5SZrFVHYEWCjPuAlZBVBGcdv6k4Vgy69uhKbJlZc8e/m54Jg7 XooJ0FiA6KpdxpSQa+kU9N9rJhE5ysJlEyo4k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710896939; x=1711501739; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qaw2+hOK04NlAThJOKNBvoFBSttznNRau7bR2hy0z+g=; b=ItF4zyoU5GDzZgdcOOq4kusyT+eQ23cIX/Z3fKQ5a7UkQNuairff/6U5ZiUxt3Wcii q8cK8wJfJZAcJTHrTJJHD+HMKr0XZU4kl90CARywnoJ9UVdJ6MPJadoBittAiniUSzce Q+esrrq2D1hqMoNOq+eXRZeUnS8zW2zqRwC4cNB8ILBEdIWPdVlPejkaevVe2nX4t8rQ K3TWt0DSjIiOBNaxkqm34B5txe6DGMk+q7pdJCcRXRc1lsgttZ3zmOEddn3GAuYt8xAP gNhXkfzQYWIXJnOtcokgY61hl523SF2KgHN1gOtpPKPiGVT4E25r5NHyC38q0/CBzlHh g4Dg==
X-Gm-Message-State: AOJu0YyjPxXQBjJeSGnwwuaKSrALkmW5FzuL2Stsyr0NCVSKftEkcZwI ZuKYUEdoK5wX87ib10dq17vVEXP9PFV+TXADXHg7/YcfSaOFhhNTJ1DDW1yVovC/t/inCtZaINY F5R1JB4ynE3FE9crw2gqnwLgKQIalWTb5sivgP8R/Y/XjrOL2IKg=
X-Google-Smtp-Source: AGHT+IGHlJqTU56mUds8RdVIvo1jGAc1Uqw2TodgwM54ov6kezzSSbqhSQjlb1hBM8y71NeGUJd2AUbAu0+5o3AQ0i0=
X-Received: by 2002:a0d:d648:0:b0:60a:a77:6341 with SMTP id y69-20020a0dd648000000b0060a0a776341mr16165776ywd.32.1710896938585; Tue, 19 Mar 2024 18:08:58 -0700 (PDT)
MIME-Version: 1.0
References: <1a500de6-8135-447b-ad28-66d22ef31fd3@dfn.de>
In-Reply-To: <1a500de6-8135-447b-ad28-66d22ef31fd3@dfn.de>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 20 Mar 2024 11:08:40 +1000
Message-ID: <CAF8qwaB-HFKEeRZzzEEPzw-nWD1FQCHOmP=DYnpbPJsDJnbJSQ@mail.gmail.com>
To: Jan-Frederik Rieckers <rieckers@dfn.de>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="00000000000046721106140d3ccf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mamI2dX_4HH_Dmxen5mD3WAD3Xo>
Subject: Re: [TLS] Question about Large Record Sizes draft and the TLS design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 01:09:34 -0000
I can't say what was going on in the SSLv3 days, but yes record size limits are important for memory. Whatever the maximum record size is, the peer can force you to buffer that many bytes in memory. That means the maximum record size is actually a DoS parameter for the protocol. On Wed, Mar 20, 2024 at 10:35 AM Jan-Frederik Rieckers <rieckers@dfn.de> wrote: > Hi to all, > > during the presentation of the Large Record Sizes draft at the tls > session yesterday, I wondered why the length restriction is in TLS in > the first place. > > I have gone back to the TLS1.0 RFC, as well as SSLv3, TLS1.3 and TLS1.2 > and have found the restriction in all of them, but not a rationale why > the length is artificially shortened, when the length is encoded as uint16. > > Does someone know what the rationale behind it is? > One educated guess we came up with was that the limit was put there to > ensure that implementations can make sure to not use too much memory, > and using 2^14 was deemed a good compromise between memory usage and > message length, but in my short research I haven't found any evidence > that would confirm that guess. > > > Cheers, > Janfred > > -- > Herr Jan-Frederik Rieckers > Security, Trust & Identity Services > > E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370 > Pronomen: er/sein | Pronouns: he/him > > __________________________________________________________________________________ > > DFN - Deutsches Forschungsnetz | German National Research and Education > Network > Verein zur Förderung eines Deutschen Forschungsnetzes e.V. > Alexanderplatz 1 | 10178 Berlin > https://www.dfn.de > > Vorstand: Prof. Dr.-Ing. Stefan Wesner | Prof. Dr. Helmut Reiser | > Christian Zens > Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch > VR AG Charlottenburg 7729B | USt.-ID. DE 136623822 > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Question about Large Record Sizes draft and… Jan-Frederik Rieckers
- Re: [TLS] Question about Large Record Sizes draft… David Benjamin
- Re: [TLS] Question about Large Record Sizes draft… Salz, Rich
- Re: [TLS] Question about Large Record Sizes draft… Jan-Frederik Rieckers