IETF Logo Mail Archive

[TLS] a slightly different DTLSShortCiphertext

"Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com> Sat, 03 March 2018 17:33 UTC

Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7396126CD6 for <tls@ietfa.amsl.com>; Sat, 3 Mar 2018 09:33:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELG6v3phHP9c for <tls@ietfa.amsl.com>; Sat, 3 Mar 2018 09:33:35 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0099.outbound.protection.outlook.com [104.47.1.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75850126BFD for <tls@ietf.org>; Sat, 3 Mar 2018 09:33:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6D1wlmqUK11p3tQkStCRm3Aor2xZaw2jswPgTtXKRKg=; b=HmoFLWa4Yms+lGcfDrXnKxPjOTou9w3O2zcbRcuCW48hr8/bqVqi1+qpo+2AqPwvWLcx68Ok/fYS76fC+UBdluoDP6MDL1ov9TCwWQ+tta3ibw1bjIorHXI4uHTDW9CCVKP0+IOo/Ci8sPx27tEaP4YaZ0GiB8GWw2I6E7k/oYU=
Received: from DB3PR07MB0747.eurprd07.prod.outlook.com (10.160.53.12) by DB3PR07MB0523.eurprd07.prod.outlook.com (10.160.44.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Sat, 3 Mar 2018 17:33:31 +0000
Received: from DB3PR07MB0747.eurprd07.prod.outlook.com ([fe80::785f:6cea:95a9:4688]) by DB3PR07MB0747.eurprd07.prod.outlook.com ([fe80::785f:6cea:95a9:4688%8]) with mapi id 15.20.0548.011; Sat, 3 Mar 2018 17:33:30 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge)" <thomas.fossati@nokia.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: a slightly different DTLSShortCiphertext
Thread-Index: AQHTsxW/6qFSEpXqqES2EPxAc891oA==
Date: Sat, 03 Mar 2018 17:33:30 +0000
Message-ID: <E531E112-CCA8-4C7C-B96B-66A7434940CD@nokia.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.a.0.180210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.111.122.102]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB3PR07MB0523; 7:h9AiYsGVQGLE8ZpvuLZAptZaivkMCBPcUMX2RLnixIWgV3P9SmVgLPiUCm36bUFVP7v3tP0Xqgny2zFUKog06Y91pig6oovDC/j+wciZ2oN1SKBMAADYTgROwAjfEjJEuXe7SR5kfbHfrUgnlYFhHpd8Tk3+kgn1/R1Lu+CIvvcOhgFOlEoZEMGhs3VSzTkbcXbFiW2tB54/rIPxrC980h2NWqtOvP24CJHQWdY7+9bIR5SNOi2cfuXjAoJg+x5M
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(346002)(39380400002)(366004)(39860400002)(376002)(396003)(53754006)(199004)(189003)(2501003)(2906002)(3280700002)(5250100002)(26005)(59450400001)(33656002)(6116002)(2351001)(561944003)(3846002)(106356001)(6506007)(3480700004)(2900100001)(8936002)(81166006)(1730700003)(105586002)(186003)(7736002)(8676002)(81156014)(102836004)(5660300001)(305945005)(478600001)(66066001)(36756003)(107886003)(68736007)(53936002)(25786009)(316002)(6486002)(58126008)(5640700003)(6512007)(83716003)(6436002)(82746002)(14454004)(99286004)(3660700001)(6916009)(4326008)(86362001)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR07MB0523; H:DB3PR07MB0747.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 44578034-17a4-4043-38ba-08d5812ce1c9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:DB3PR07MB0523;
x-ms-traffictypediagnostic: DB3PR07MB0523:
x-microsoft-antispam-prvs: <DB3PR07MB0523D4B973E7E4BC5B917A4280C40@DB3PR07MB0523.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231220)(11241501184)(806099)(944501244)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:DB3PR07MB0523; BCL:0; PCL:0; RULEID:; SRVR:DB3PR07MB0523;
x-forefront-prvs: 0600F93FE1
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: qLv4w0JkIGcu+qwsxcMu2CSMb/SIh1uPENAhQntwVa2Y1YYXmibXFAbnTZrm92UQjxtz4oTy3PDITNiFpWYV2gt61htsD3Oe1KN/mHPavh0N/nhoDmMe3K0NtmzHuts+AB60c7wWNgcrRVtSFixmZLE9XBYoo9dokfthgXp+U3KNXO3Qi1E3m3bP5PQ9FWEtbRlKP51W9sbKef6Oh6PKZg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <6DE1C6F7856E054BB7EA7AFAD52BF85B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 44578034-17a4-4043-38ba-08d5812ce1c9
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2018 17:33:30.8304 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR07MB0523
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/reh3CPN3EsSUHYkjLAM5zJWSvm0>
Subject: [TLS] a slightly different DTLSShortCiphertext
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Mar 2018 17:33:37 -0000

Hi all,

In an off-list discussion on the wire format for DTLS CID Eric raised
the point that a DTLSShortCiphertext header is completely stuffed, and
it'd be impossible to grab another bit from the sequence number (already
down to 12 bits) to signal the presence of a CID.

I made a proposal for a slightly different layout of DTLSShortCiphertext
that makes room for the CID bit, which I'd like to bring to the list for
further scrutiny:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0|1|E|C|X|X|X|            sequence           |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               +
|                                                               |
+                                                               +
|                                                               |
+                   [CID,] encrypted_record                     +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0                   1                   2                   3

Where:
- First 4 bits are the same as in current DTLSShortCiphertext (demux +
  low order epoch bit)
- Subsequent 4 bits are: C, the connection-id indicator followed by 3
  reserved bits (to be greased, I suppose)
- Then, a 16-bit sequence number.

It'd still be 4 bytes shorter than usual DTLSCiphertext, so I guess it's
OK to keep calling it "short".  There is the question about these 3
reserved bits, which seem like good candidates for greasing, I guess.

What do people think?

Cheers, thanks

v2.23.0 | Report a Bug | By Email