Re: [TLS] Mentioning DTLS

mrex@sap.com (Martin Rex) Fri, 14 March 2014 21:04 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D5C1A01EF for <tls@ietfa.amsl.com>; Fri, 14 Mar 2014 14:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUJUG5MT64-4 for <tls@ietfa.amsl.com>; Fri, 14 Mar 2014 14:04:28 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 67C201A01CB for <tls@ietf.org>; Fri, 14 Mar 2014 14:04:28 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s2EL4IJM028714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 14 Mar 2014 22:04:19 +0100 (MET)
In-Reply-To: <de2b76b07a9e4a5394abe0d4bbfe2d3e@BL2PR03MB419.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Date: Fri, 14 Mar 2014 22:04:18 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140314210418.CEE5A1AC53@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/uz3AKqVcK1-_FjT39H2mKArXfGA
Cc: "tls@ietf.org" <tls@ietf.org>, "draft-ietf-tls-applayerprotoneg@tools.ietf.org" <draft-ietf-tls-applayerprotoneg@tools.ietf.org>
Subject: Re: [TLS] Mentioning DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 21:04:39 -0000

Andrei Popov wrote:
>
> Mentioning DTLS makes sense; I have no objection to making this
> change in the next revision.

Speaking of DTLS.

NEITHER of the two official DTLS specifications of the IETF does support
TLS extensions.  There exists no definition of a TLS ClientHello PDU
that provides room for (D)TLS extensions, and there is no forward
extensibility notice for the DTLS ClientHello PDU in the fashion
that was retrofitted into the SSLv3 specification.

If DTLS was supposed to allow TLS extensions in the DTLS ClientHello PDU,
then someone (preferably a DTLS implementor or one of the document
authors) really should file erratas with a description of the
DTLS ExtendendedClientHello and DTLS ExtendedServerHello PDUs for
both DTLS specifications (rfc4347 and rfc6347).


-Martin