Re: [TLS] WG last call of draft-ietf-avtcore-rfc5764-mux-fixes-05
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 02 March 2016 15:32 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EEF31A88D3; Wed, 2 Mar 2016 07:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.6
X-Spam-Level:
X-Spam-Status: No, score=-3.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_84=0.6, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1X8NhhSTmXzN; Wed, 2 Mar 2016 07:31:58 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 526A01A88C6; Wed, 2 Mar 2016 07:31:57 -0800 (PST)
X-AuditID: c1b4fb2d-f79836d000006396-46-56d7076afd64
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.183.57]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id A8.FB.25494.A6707D65; Wed, 2 Mar 2016 16:31:55 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.59) with Microsoft SMTP Server id 14.3.248.2; Wed, 2 Mar 2016 16:31:54 +0100
To: Marc Petit-Huguenin <petithug@acm.org>, Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <56A8904D.10307@ericsson.com> <CAOgPGoBU+h6cA9RDxBX2m1AR-3-GnC7OYcfDLTpDepX00g73dA@mail.gmail.com> <201602080117.57742.davemgarrett@gmail.com> <56CA239F.6010107@acm.org>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <56D7076A.1020703@ericsson.com>
Date: Wed, 02 Mar 2016 16:31:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56CA239F.6010107@acm.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsUyM2K7pW42+/Uwg/8XWSxe9qxkt1j+p4vR 4sKau0wWn853MTqweFy+4u2xc9Zddo8lS34yBTBHcdmkpOZklqUW6dslcGW0XLvKVtCsWfHk xWv2BsbNSl2MnBwSAiYSz87PYoSwxSQu3FvP1sXIxSEkcJhRor1vIiuEs4xRYsvaayxdjBwc wgJeEiv2ZIM0iAgkS9ydvRqsWUhgJ6PEyX5xEJtZQEji9JxvrCA2m4CFxM0fjWwgNq+AtsTq 5l1g9SwCKhIf759jAbFFBWIkjr87xwhRIyhxcuYTsDingLrE8nn3GUHWMgvYSzzYWgYxXl6i eetsZoi12hINTR2sExgFZyHpnoXQMQtJxwJG5lWMosWpxcW56UbGeqlFmcnFxfl5enmpJZsY gWF8cMtv3R2Mq187HmIU4GBU4uH9IHctTIg1say4MvcQowQHs5IIbzzL9TAh3pTEyqrUovz4 otKc1OJDjNIcLErivGyfLocJCaQnlqRmp6YWpBbBZJk4OKUaGOfbWLpMmRzKzOA2y2BOp6OJ TIDawcrElozVWbIehl8mOnF0ryqe8rewXGP10zOHJ7A4xslWz62ZofqleOqtcr05Tu+3+Ms+ 8Pv7VoQ9liV9BcsHudN874w3HJ2iHJU8Qer6rxkCcY01cgvS1f0u7rwkZ/Po14XVdZNDXdtf bzliKts19dTsJCWW4oxEQy3mouJEAINYWm1fAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mb8M6jLMRqB_2iBlqeADpUgPbC8>
Cc: avt@ietf.org
Subject: Re: [TLS] WG last call of draft-ietf-avtcore-rfc5764-mux-fixes-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 15:32:00 -0000
Hi Dave and TLS WG, To my understanding the changes proposed by the draft-ietf-avtcore-rfc5764-mux-fixes is not an issue if any TLS 1.3+ extension, i.e. any TLS extension that is not to be used in 1.0-1.2 can safely be allocated in the reserved range as they will not be externally visible. Such a simple motivation fulfil the coordination requirement as I see it. As the AVTCORE WG chair and document shepherd I will continue with a publication request as soon as I done the paper work for it. If you have any additional feedback on this, then please provide it now. Cheers Magnus Westerlund AVTCORE WG chair Den 2016-02-21 kl. 21:52, skrev Marc Petit-Huguenin: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 02/07/2016 11:17 PM, Dave Garrett wrote: >> Permanently gobbling up the majority of the codespace feels like >> excessive force here. > > This is not what the RFC-to-be is proposing. We are just marking the values that can create an issue when used with RFC 5764 as reserved, with a note in the IANA registry that ask to read the RFC-to-be to understand the problem. If a new proposed ContentType codepoint will never ever be used in the context of RTCWeb, then it can be allocated in the reserved range. > >> For TLS 1.3, the first byte will always be one >> of alert(21), handshake(22), or application_data(23), even for custom >> types. The stated type for TLSCiphertext has been frozen to >> application_data(23) with the actual type for the payload now in the >> encrypted fragment. (this is of course assuming we don't eventually >> drop the frozen type & version here, which now sounds unlikely if >> we're having to deal with design flaws like this) Even handshake >> records after the hellos will have an opaque_type of >> application_data(23), with the encrypted fragment.type containing the >> actual handshake(22) designation. All TLS 1.3+ packets will be >> detected with the RFC 5764 Section 5.1.2 algorithm even if new types >> are allocated in the proposed reserved ranges. >> >> Locking down the <1.2 registry seems fine, however 1.3+ should be >> able to do whatever it needs as its encrypted type is not going to >> get accidentally read & misinterpreted by anything. >> >> https://tools.ietf.org/html/draft-ietf-tls-tls13-11#section-5.2.2 >> https://tools.ietf.org/html/rfc5764#section-5.1.2 >> https://tools.ietf.org/html/draft-ietf-avtcore-rfc5764-mux-fixes-05#section-4 >> >> >> >> Dave >> >> >> On Monday, February 08, 2016 12:21:02 am Joseph Salowey wrote: >>> This document is relevant to the TLS working because it reserves a >>> large portion of the TLS content type space. The values 0-19 and >>> 64-255 cannot be used without checking for conflicts with >>> SRTP-DTLS's wacky demultiplexing scheme. In TLS 1.3 we will move >>> more encrypted content types which should limit the impact this >>> unfortunate design on TLS evolution, but the working group should >>> be aware of this. >>> >>> >>> On Wed, Jan 27, 2016 at 1:39 AM, Magnus Westerlund >>> <magnus.westerlund@ericsson.com> wrote: >>> >>>> AVTCORE and TLS, >>>> >>>> TLS WG, you are included in this WG last call, as this document >>>> affects the TLS ContentType IANA registry. >>>> >>>> This email starts a two week WG last call, that ends on the 10th >>>> of February. The intended status of this document is standards >>>> track (Proposed Standard). >>>> >>>> The document can be retrieved here: >>>> https://datatracker.ietf.org/doc/draft-ietf-avtcore-rfc5764-mux-fixes/ > > - -- >>>> > Marc Petit-Huguenin > Email: marc@petit-huguenin.org > Blog: http://blog.marc.petit-huguenin.org > Profile: http://www.linkedin.com/in/petithug > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWyiOZAAoJECnERZXWan7EpAwQALT42q+uWbjk9qfPZmJI4dzU > EKhNuQw+yJZ6Pk0TO5EbLtbLb0U9huWIXfL/qnMhoZKmtyBI05yL08KIIucJQJ74 > Y/vTcVuYhminD4Ug8p4ytu9v5RotexQFbomFKqZP3TC0hCISrrWbbg+LU0EEPpZM > jT+D8pYdzAXGEYQvZ8k9xq/rjZfksYLjQOUPLHgoCC1L3wzr3xvswKQ7c0NEoSC8 > rDbVxTp4f+q15W3/HG29+wFN6npgapFK49bXPzAR2LYTHO8yw6mHpHMEd3zq9Kd/ > HsdOWH2ETqFiLOaszFO+rzQPx+/OsEwZWDTf2tcKLamogCoKfRJKICmFWAvHSf9G > 56aiBiwL6kdKZHIcOJ4zQZqG7UdZ1pVy78czPfkjSwB8TD1RMFXNwS6WTgF9RmYy > Ixe1lrvzOdfrL02NvGz2DdEAM7ETS9ujIxbrOUTEg6d7IDJ7FQdT97zHxvCUfjLY > kDd4RtVqIr825+78uJxeXCJ5fZfXOG0VbwpwlC2smyxHUUVwTWQMCJ32EvZynuFo > f7yNMkdSolr3C2Bkt5ELwnKxUtiTqFMZj52rtBzhqAN6iDt289JSvO1e87EORBin > N1ingAw1bEJz1raNF0uA8u7N12QUtAsPrc9hYpmYjxl6I3+d/lFevvmWne/YbWbU > UduqXpPezcNInD7bMDOD > =J64B > -----END PGP SIGNATURE----- > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Joseph Salowey
- [TLS] WG last call of draft-ietf-avtcore-rfc5764-… Magnus Westerlund
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Dave Garrett
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Marc Petit-Huguenin
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Magnus Westerlund
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Joseph Salowey
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Marc Petit-Huguenin
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Ilari Liusvaara
- Re: [TLS] WG last call of draft-ietf-avtcore-rfc5… Joseph Salowey
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Martin Thomson
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Magnus Westerlund
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Ilari Liusvaara
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Salz, Rich
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Ilari Liusvaara
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Martin Thomson
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Cullen Jennings (fluffy)
- Re: [TLS] [AVTCORE] WG last call of draft-ietf-av… Cullen Jennings (fluffy)