Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbeat-01.txt

Michael Tüxen <Michael.Tuexen@lurchi.franken.de> Thu, 27 January 2011 13:46 UTC

Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0B2D3A6842 for <tls@core3.amsl.com>; Thu, 27 Jan 2011 05:46:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nFr9zBND1Mk6 for <tls@core3.amsl.com>; Thu, 27 Jan 2011 05:46:39 -0800 (PST)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by core3.amsl.com (Postfix) with ESMTP id 4D6A53A6838 for <tls@ietf.org>; Thu, 27 Jan 2011 05:46:39 -0800 (PST)
Received: from [192.168.1.113] (p508FCC98.dip.t-dialin.net [80.143.204.152]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTP id D95BF1C0B4612; Thu, 27 Jan 2011 14:49:41 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=iso-8859-1
From: =?iso-8859-1?Q?Michael_T=FCxen?= <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <8239oeqz6c.fsf@mid.bfk.de>
Date: Thu, 27 Jan 2011 14:49:41 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <4848B682-273F-4B52-B9E2-ACBFDFDAAB7F@lurchi.franken.de>
References: <20110127114502.24680.73782.idtracker@localhost> <8239oeqz6c.fsf@mid.bfk.de>
To: Florian Weimer <fweimer@bfk.de>
X-Mailer: Apple Mail (2.1082)
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-dtls-heartbeat-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 13:46:40 -0000

On Jan 27, 2011, at 2:00 PM, Florian Weimer wrote:

>> This document describes the Heartbeat Extension for the Transport
>> Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
>> protocol.
> 
> I think this paragraph
> 
> | There MUST NOT be more than one HeartbeatRequest message in flight
> | at a time.
> 
> should be changed to:
> 
> | Retransmissions MUST use the same payload as the original
> | HeartbeatRequest message.
The intention of the sentence in the ID is that you can not send
multiple HeartbeatRequest out. This could overload the network since
DTLS uses transport layers which do not necessary provide a congestion
control. That is why you can only have one request in flight.
Please note that it is not in flight anymore if the corresponding
HeartbeatReply has been received or the retransmission timer fires.
> 
> The original requirement seems to be pretty much unimplementable
> because of transport layer characteristics.
Not sure what problem you are thinking about.
An implementation of the ID for OpenSSL is available at
http://sctp.fh-muenster.de/dtls-patches.html

Best regards
Michael
> 
> -- 
> Florian Weimer                <fweimer@bfk.de>
> BFK edv-consulting GmbH       http://www.bfk.de/
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>