Re: [TLS] Martin Vigoureux's No Objection on draft-ietf-tls-record-limit-02: (with COMMENT)
Martin Thomson <martin.thomson@gmail.com> Thu, 05 April 2018 10:28 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07281270FC; Thu, 5 Apr 2018 03:28:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4QycnnJbquH; Thu, 5 Apr 2018 03:28:55 -0700 (PDT)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C22331201FA; Thu, 5 Apr 2018 03:28:55 -0700 (PDT)
Received: by mail-ot0-x234.google.com with SMTP id m7-v6so26667361otd.1; Thu, 05 Apr 2018 03:28:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XEKLl3J2hXs+tGBUZdsy5+jTgZo4MFtQJ1OjqtP5ck8=; b=Ho0w7N0Qtp4Me1VEk8FgSb6Ow7Jm2IeHrchK9DO6f0nL/M9EtdaBSf2fJFUA4pCy7T VENJEoClYXgI7WjgzjzOssfjeYeZ2Gjfr+SQlzEJCYxI8hlUSCPQy0z0r1GcwDnpkopw W/SgiW9aNQajix1oYd/8uKLrRMRPx5TptGF1ADlzIMC1LvdyVUBOMOU9av4B4SRZ/ROc wli0Sy5kC8PHHVXHA8hRH4d6t/X9xQ9Hdfp5NmhD9zzk2gtlsvnKHdxFYjm0PsHqghe8 Wmfvoh4dhSSTt/+2/cK3GlPvZuef62ds4BX1hgQT9Ka8+8QW7uSP3mShSBybUocFPIIB gUVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XEKLl3J2hXs+tGBUZdsy5+jTgZo4MFtQJ1OjqtP5ck8=; b=BZjAD1Km4zp3P8JWS8ArUDQr1Ij23AfmtC+1BaCpHE2cyTVCHOGIWaGq8Db+23ErDN 1RA+9L2s/mxhHsDn+bNb+FOKd3oaSUKct58OSlqBlfVCmm5wa9Zgrj6TVEP4f9Rv+DJm crM6DMloP+iLO1uLbqpfNWYML/sp25ubjeD78GmOuBuaqrwHvvQsC5zKDfNyYF3kT2YK Jy4zxpU+WU1EFW9uqzVq/U+LMifn102Rt2Y6ul4clB5ZWI4vkL4Nv6QL/tm9hWJ9tObB n+56EMmsxheVh/u1LfvS/UoZtVGl1wjoXTxoF8UcFz7Fez7MGl0kBP+V69lwXCKUuKRh ihCw==
X-Gm-Message-State: ALQs6tCkVTqsXbLb+EgCVu18ev9tgPTpOgkW94NqKvM9c+9smuGNx+xV Qu6AEka37LvfjULQV4fTl+SI7svkQLxJ5SoseRU=
X-Google-Smtp-Source: AIpwx489OpUKlQPOnMNYBjP7pdj1RG1sNLiexEciIMW+lnt1jhFXSZRLX38U65Karj1/bbS8w6RShM1XCGp4kv6Ostc=
X-Received: by 2002:a9d:1311:: with SMTP id f17-v6mr689610ote.15.1522924135114; Thu, 05 Apr 2018 03:28:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Thu, 5 Apr 2018 03:28:54 -0700 (PDT)
In-Reply-To: <152292067172.25904.6713770378882293720.idtracker@ietfa.amsl.com>
References: <152292067172.25904.6713770378882293720.idtracker@ietfa.amsl.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 05 Apr 2018 20:28:54 +1000
Message-ID: <CABkgnnWMwOvTM5dARv=zS5sEZw479N_LuL4=gfG2n8bLNOZQwA@mail.gmail.com>
To: Martin Vigoureux <martin.vigoureux@nokia.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-record-limit@ietf.org, Sean Turner <sean@sn3rd.com>, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uMKrN9F2DkMA__UZTbTvz9iOdUg>
Subject: Re: [TLS] Martin Vigoureux's No Objection on draft-ietf-tls-record-limit-02: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 10:28:57 -0000
On Thu, Apr 5, 2018 at 7:31 PM, Martin Vigoureux <martin.vigoureux@nokia.com> wrote: > Hello, I'm not a TLS expert so please disregard if this is irrelevant. > Document says: > Clients that depend on having a small record size MAY continue to > advertise the "max_fragment_length". > > Do you mean: > Clients that depend on having a small record size MAY continue to > advertise the "max_fragment_length" *only*. It's "also". The idea being that if you aren't sure if the server supports the new thing, you might offer the old thing in addition to the new thing in the hopes that if the new thing isn't supported, the old thing might be. > If so, what would be the behaviour of a server that supports both > "max_fragment_length" and "record_size_limit" in that situation? If you don't include record_size_limit, you can't use it. If the client includes both, then the text from the preceding paragraph applies: "A server that supports the record_size_limit extension MUST ignore a max_fragment_length that appears in a ClientHello if both extensions appear."
- [TLS] Martin Vigoureux's No Objection on draft-ie… Martin Vigoureux
- Re: [TLS] Martin Vigoureux's No Objection on draf… Martin Thomson
- Re: [TLS] Martin Vigoureux's No Objection on draf… Martin Vigoureux