IETF Logo Mail Archive

[TLS] [DTLS] ACK's for post-handshake authentication requests

Hanno Becker <Hanno.Becker@arm.com> Fri, 27 March 2020 15:28 UTC

Return-Path: <Hanno.Becker@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D0153A0CA5 for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 08:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=CI1tbraE; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=CI1tbraE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U2eq56If65IH for <tls@ietfa.amsl.com>; Fri, 27 Mar 2020 08:28:50 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40074.outbound.protection.outlook.com [40.107.4.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE90A3A0CA1 for <tls@ietf.org>; Fri, 27 Mar 2020 08:28:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oAE6uwzF7ie7z1YuzSu4iZVlT0UWD2oP/SMsUf2J84k=; b=CI1tbraEKi2o3OQ3M3KoN5SxtXYJn0hsxcR0gyTEyaN7YbCBPoQ/3/h1jkIUBeE/N8RGqXtCyEPLRBKrEzH5zTzDWqrxB61uLMuORRG8EURxuBgxqYVUtbQep9P6ryVXQuRz9KBw6fFbBpQ1KRjaNStANlwAJb4JywhuJecmtpQ=
Received: from AM0PR0102CA0019.eurprd01.prod.exchangelabs.com (2603:10a6:208:14::32) by DB8PR08MB4105.eurprd08.prod.outlook.com (2603:10a6:10:b0::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.19; Fri, 27 Mar 2020 15:28:47 +0000
Received: from AM5EUR03FT060.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:14:cafe::13) by AM0PR0102CA0019.outlook.office365.com (2603:10a6:208:14::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20 via Frontend Transport; Fri, 27 Mar 2020 15:28:46 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT060.mail.protection.outlook.com (10.152.16.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.17 via Frontend Transport; Fri, 27 Mar 2020 15:28:46 +0000
Received: ("Tessian outbound 6835489d965f:v48"); Fri, 27 Mar 2020 15:28:46 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 2a1d81661466020a
X-CR-MTA-TID: 64aa7808
Received: from 610a4b085354.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8BB2CC59-77FA-400F-82E7-3303B869AC5C.1; Fri, 27 Mar 2020 15:28:40 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 610a4b085354.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 27 Mar 2020 15:28:40 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iafFPrRBiAq6F3DcXUmpfKv6qtkO7Fjnz8jq9pebVAC6GttVCtFdayWqPj+FqTkKftt9uwMRGfG1bX5s4ie1K6HmEgRIiisYo7aFW+iys3vy2+2w4LX2ieLUpoK9wGJuK33FTzZACd7i8fJ27tW2EdAu5wTqYO8u4QjvNTHzQ0wZl4ggzBCWUXiElw15RvQs1Re86EiQIEqUD6ux7Y4bci/9AzqGPi0TmJTAvHeOCV4e261KGBDrE9zFj1xO4hxmc+hbfF0LKLePVMXdV7D667ZV6Kv8kxXg03/oN2MiwPiDQcumGTSgXS5T3qULaXlV+fD3PZoWn4Q8xpDFmKoWSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oAE6uwzF7ie7z1YuzSu4iZVlT0UWD2oP/SMsUf2J84k=; b=fdp6yjtF6naN71q00W4Yjx9Z6uysVgpjfju22ZfpgSV5gZ8ubV8nxIOuggnAKQWxsiWSC+Waxsuj8e1GLdZmRccUjaQ/TSIkrNktcBO+ZigqQd8RiDyyaVvbp7Yrl1syI5gmUZ8dU8Ziu7KPdU7xTr241i+h+HFTVlvUlHI9iCdo/SubE+AKC67SuOKc9KKnwDDz5nO24sUEuRP0RMQ882eQY1cEop3589XQvGnBu43MQ5FBYBLsnJXscwkhOaHtJ5oZwtXj8uxZr7QclQ9W+u3UUTvfpuDdNq09ylCRxQVhMQ0QE3oeZso4lT659HGz3jiMUvfDR3YZEGeAPA82uw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oAE6uwzF7ie7z1YuzSu4iZVlT0UWD2oP/SMsUf2J84k=; b=CI1tbraEKi2o3OQ3M3KoN5SxtXYJn0hsxcR0gyTEyaN7YbCBPoQ/3/h1jkIUBeE/N8RGqXtCyEPLRBKrEzH5zTzDWqrxB61uLMuORRG8EURxuBgxqYVUtbQep9P6ryVXQuRz9KBw6fFbBpQ1KRjaNStANlwAJb4JywhuJecmtpQ=
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com (52.135.163.143) by AM6PR08MB4469.eurprd08.prod.outlook.com (20.179.7.212) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.19; Fri, 27 Mar 2020 15:28:38 +0000
Received: from AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d]) by AM6PR08MB3318.eurprd08.prod.outlook.com ([fe80::1579:b7d9:f543:200d%5]) with mapi id 15.20.2835.023; Fri, 27 Mar 2020 15:28:37 +0000
From: Hanno Becker <Hanno.Becker@arm.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [DTLS] ACK's for post-handshake authentication requests
Thread-Index: AQHWBEwPb41Ly5OD9EyF9O8aRHZFyg==
Date: Fri, 27 Mar 2020 15:28:37 +0000
Message-ID: <AM6PR08MB3318DB8A2848E5B9401EC1469BCC0@AM6PR08MB3318.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
x-originating-ip: [217.140.99.251]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ce438881-401d-4031-6d98-08d7d2638aa1
x-ms-traffictypediagnostic: AM6PR08MB4469:|DB8PR08MB4105:
X-Microsoft-Antispam-PRVS: <DB8PR08MB41056885E5A246EDD34840A49BCC0@DB8PR08MB4105.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 0355F3A3AE
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3318.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(396003)(366004)(376002)(33656002)(2906002)(76116006)(66946007)(9686003)(66476007)(66556008)(66446008)(5660300002)(52536014)(81166006)(64756008)(478600001)(8936002)(86362001)(71200400001)(6506007)(7696005)(186003)(6916009)(81156014)(8676002)(26005)(316002)(19627405001)(55016002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Nwm5s4iHuqM0k2woOjtHeDlCQlK1KsNv0qLWhSNJo03YGQTdCMh8cIdAlUPR1XUP91hj13Hz6tuRw8QG/6/fHefuYiyPcS7L3QgUdbWbCyM7iAnzls85gWA+uee9BATa8kEjo5ytAEnXX/l7I5aychepB7kDj8ceCeI9tjGq22y3WnX/xRH2hAomKkLAlHbDZE6K3zT0Khdevb37sIl0MjKb2xmGoGKl2Xv8bjYoh4O1lcQ6Zi0wxtKPi27IXTgu6vvQCPc9w6XO46C1oz3DPgMBdsYG2EPcyynjFdmy74A+vrQoyJMVuZaEmWKsC+piuRoG1RtuUKx1KD7HqBpO0j9yFOvgKFIVHV8yrZuRpBy0l1Tk1NhYbsWQ6UZOclKfD6rvbTj7m8Rt/q+lQbejTldbCGw40CjQCfbvWHW7fIXigTIfnHbSPENZ7grijggN
x-ms-exchange-antispam-messagedata: 1wvftsYGq88c7f+Zz/t1wtqFHL0vtjZvggky1msBJzwWIQsAu3u3s5elTjz2KwMHy8UbCXgzQJwtunSiOTmDPkQ/WBwn6yuUcA7wF2nrgNDYXkXSR3jHUcSteEFgSp575SCBL7x0Iodqn1H5oAnNyw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM6PR08MB3318DB8A2848E5B9401EC1469BCC0AM6PR08MB3318eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4469
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hanno.Becker@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT060.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(376002)(346002)(39860400002)(396003)(46966005)(70206006)(36906005)(26826003)(52536014)(7696005)(9686003)(478600001)(70586007)(5660300002)(55016002)(2906002)(81156014)(8676002)(81166006)(6916009)(26005)(8936002)(6506007)(86362001)(47076004)(82740400003)(33656002)(186003)(356004)(316002)(336012)(19627405001); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 8bf8a169-3717-4fcd-f3cb-08d7d263857e
X-Forefront-PRVS: 0355F3A3AE
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Ecbps2y2QUxgKhRrKsngm+Dvtujx1Fwsg3tyEjxxnIssNIW5yhSjFtpTYBHPoh2zxx/nBMRwFG2Z/mmhpneawfUTZ9n+9KtVI8O5ePyqkw09d3CjMxpMsyAp3T4oFWCdyTfTQy2Ybz0fT/JIAFJrfjo559AE9tqh/BqrZGPEN2FN9PxBXwkFTKiTpJygO0r+iqGTJ3h8F3MyNMOn4L3B8MhcpVbm6Luq5Iph6UNpeSv918BHEWeE6tzRFgCJAXsKyOhegP0kVgcFYkDxu204BqGlrD7SVIUWkGbRzOD3grunWjDc4wulq+tDBJWHZRRoNT4jsb5QrkTaSRoC2N00OgBUX00tLWNqofx3VzFGR9+4gDGvcO8/rhtNyUZx5tskAO6j4QNSEqGTpYyZaz6c+9PyrMpG2K+g+2CpNdYq6ALvOj23OolbO32S4guxJQhhhMoPDG2R1k+CROa8JB+v07VK18NHl9z4f7BVTrl6KS56pqHsI8QyPzeR4CVDJEypxQDoZ0VO+X/mLm2Bd4U7CA==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2020 15:28:46.5074 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ce438881-401d-4031-6d98-08d7d2638aa1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB4105
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2pwv6f2WJj5XLqR8z0luDneuVSE>
Subject: [TLS] [DTLS] ACK's for post-handshake authentication requests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 15:28:58 -0000

I have a minor comment on DTLS 1.3 draft 37.

On the topic of sending ACKs, the draft recommends:

```
ACKs SHOULD NOT be sent for other complete
flights because they are implicitly acknowledged by the receipt of
the next flight, which generally immediately follows the flight.
```

I wonder if the case of post-handshake authentication should be
explicitly mentioned as a potential exception to this rule, since
the TLS 1.3 RFC explicitly mentions that responses to
`CertificateRequest` may be delayed in some contexts:

```
Note: Because client authentication could involve prompting the user,
servers MUST be prepared for some delay, including receiving an
arbitrary number of other messages between sending the
CertificateRequest and receiving a response.
```

In this case, it would be beneficial to immediately explicitly ACK
the `CertificateRequest` message even though it is also implicitly
acked through the eventual response via the `Certificate` message.

Regards,
Hanno
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email