Re: [TLS] extended headers for (D)TLS (and their use with connection-id)

Adam Langley <agl@imperialviolet.org> Thu, 25 January 2018 05:09 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53DC212DA6A for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 21:09:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIG8TK_6LI5C for <tls@ietfa.amsl.com>; Wed, 24 Jan 2018 21:09:16 -0800 (PST)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9430312E86C for <tls@ietf.org>; Wed, 24 Jan 2018 21:09:07 -0800 (PST)
Received: by mail-pf0-x22b.google.com with SMTP id c6so4985724pfi.8 for <tls@ietf.org>; Wed, 24 Jan 2018 21:09:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=zSvOU5zFVazGDB/poGp4go5NrOp23T5Ps02SHh1Xzlw=; b=GH1i7ebvCVRQ6yvuqK1TdLM5k1JyhDp6kaeF+fXXLK1Cx6Pdp7YMkJ3uV7XdKZaRmE ubnBJxEiW6MKr9f801f4y81PeY9Jely8xbA2kS6dNk5jgKV9Sm+xv8UT/LpOtAlaeJFU 2pPpV2XtVTHFqCv8Qr2sTlmaKsAHIYQYeuCwsEsMAo703M+lIBUAHtNlcCnp/lAFmhSh FrkHmeN+cNQkdW5e1bwXktZpNuqZqvGQVtBqVebk9Pnq4B/ZCdlC2Cqw6Q/OPwJSxJNe Qev/rjL+4dJ7oj0Vhmw+ABroyuXOG3yz/0N1fqZBubHgaAxYSpHrNGuGk9+EJNSLpSjN pLOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=zSvOU5zFVazGDB/poGp4go5NrOp23T5Ps02SHh1Xzlw=; b=ilugwsX4opWBnm+FHKd8NCuKiOZSJCbIDQM7mj1XNLzD0sLgqNVmRr3o3RBsiyD8nq NCEwy0cg6P96lxolnp9MKRMA8VN+O7+MdEaUmKrIgOxk4gyQo4C7btV9eNgZ0Yq/1EJR nhW4uNKAISKXYLmbYHyQhg223gHla1IVGBcX4DLs4+TC2LtR7PofxvLmokoy5TSgMA9Y tpbNDLFUyeQ0tfDs46Fmxw3M0Yl8hssITGlwoEniI5KkuqEtOcd3KJJ+7XCJ+6gZu1/Z cVp2vJineT2wHfh45DxNwJEoBtUjPV28MlZjy9Y4LjM9b9RNWU+UVcXrQIxHchkmhghV 77Ig==
X-Gm-Message-State: AKwxytfMJRE0TB8P2/ihpW3Z5GIZbvE5xPRQYhONAN56MbNo7zrJEAbn kKTLjslAM7iTifdeWQO1bT2o6khgf5xxkTgNcfg=
X-Google-Smtp-Source: AH8x226f81Y31g2uIPo50lmejffIBp/B0RDvFBHiIeVvmfvNczwG0wOMvJKH3P79fUB1PORClxKHk6w3KEAEUlGvq+Y=
X-Received: by 10.99.4.216 with SMTP id 207mr12223202pge.45.1516856946980; Wed, 24 Jan 2018 21:09:06 -0800 (PST)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.100.186.200 with HTTP; Wed, 24 Jan 2018 21:09:06 -0800 (PST)
In-Reply-To: <07A11133-DD81-458D-A0A6-113CBB25FD55@nokia.com>
References: <5D415FD9-1505-4E03-94DA-BF89B52E7770@nokia.com> <CAMfhd9Um-JfOnurKNokiQDfN7XJsn7vJE+mZjsGKmfsoCZ9czg@mail.gmail.com> <07A11133-DD81-458D-A0A6-113CBB25FD55@nokia.com>
From: Adam Langley <agl@imperialviolet.org>
Date: Wed, 24 Jan 2018 21:09:06 -0800
X-Google-Sender-Auth: mNls06v0h4VxAZTWTNuFddL5E-c
Message-ID: <CAMfhd9XJzWp4eO0SM8mawi0c0nKCRK79cVL3VmR-hrbhCkNzMA@mail.gmail.com>
To: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tFyRm8tX205BBTvS19C9VVp7HLU>
Subject: Re: [TLS] extended headers for (D)TLS (and their use with connection-id)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 05:09:18 -0000

On Wed, Jan 24, 2018 at 8:25 AM, Fossati, Thomas (Nokia -
GB/Cambridge, UK) <thomas.fossati@nokia.com> wrote:
> Do you think this is likely to cause havoc?  Or, in your experience,
> middle-boxes tend to not interfere after the TLS channel is up?

I expect so. There was a move, early in TLS 1.3, to drop the
superfluous version in the record header. I think that was reverted
for the same reason, although I don't recall exactly what data that
was based on.

(I'm also assuming that this is much more useful for DTLS than TLS
since you know that each packet will have a record header in it. With
TLS, the kernel might keep retransmitting some part of the
half-connection's data that doesn't include the connection id at all.)


Cheers

AGL

-- 
Adam Langley agl@imperialviolet.org https://www.imperialviolet.org