Re: [TLS] record layer limits of TLS1.3
Yoav Nir <ynir.ietf@gmail.com> Wed, 23 November 2016 08:06 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CDA91295BC for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:06:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjJCK5o33hTv for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:06:01 -0800 (PST)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10FB81293FD for <tls@ietf.org>; Wed, 23 Nov 2016 00:06:00 -0800 (PST)
Received: by mail-wm0-x22d.google.com with SMTP id t79so10825423wmt.0 for <tls@ietf.org>; Wed, 23 Nov 2016 00:06:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=evkbCqdgpMU2oYwQGeYY/kzB6JZqVDCqeAHJwJ3jY38=; b=tBfEMyQGhnnF08hQrjPKU7Kq8Aw/vW0edrbmRrqow0tsaWQoiQiEypaS6YNHo46p7w zvJhn4nLv462N5iJ5lqkpNrXXQmJf8et1SL0bsKICpa1IWIhJZFZfi2SPEZjf4D1lspw UNVk1p1YzUCC4UxiwRrcwlKY79SrodkNTc4cNtn/A/qOpKLRry1neWPvQ/nPJKCazbhv VCUzh9OIKMV4fVXIa7IWeMWFh9UaSmDBN1VK3w7t3lbMfkJAQdlO0hsfFqKZ540YjWYB 1AhKO7MgZhfsbpnvWhQ3xX8XFJ1TJ0urNuiuh/4byzh86tW//j1l6+li7xtKMK0B5Q/D IZVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=evkbCqdgpMU2oYwQGeYY/kzB6JZqVDCqeAHJwJ3jY38=; b=l2Uh0INuSjNbNYk4HhULxjK5ypGiSP/Le2kxOoKF61I5oDqOAAb+M/0uyfe2hbbxxi TCcot4YGG7C4M4bX2aL8151qK+ds5PuxHdCLwPKILVQPp/yMyOew/qdVOccTY5dlu9qR yep8wTe+Z9c99+dDz48vSnWIXbaWkTSYLtO96+WhjWepSPRgiDzr0cv4KyG9KydKshO3 J7nVbLJZ80I6ZGp4+XrtBbfynbFPMQwt8MtokkVOpSiJOAeZtk342FH8Y9oQo1I2tRm0 Up/wYJmuEJq+v6p1aZeS8GSYykE6PMuT1IXCVwuBSp0HuT5nC2OFYYFE05i6EXI80L+D Nw1Q==
X-Gm-Message-State: AKaTC00GhXdwBKeG+ckPafZ4eUMI8z/BHhgCXAGPsQf4BOQuibtoRdeUh8a37ztD4xoGRw==
X-Received: by 10.28.27.133 with SMTP id b127mr6314479wmb.59.1479888359459; Wed, 23 Nov 2016 00:05:59 -0800 (PST)
Received: from [172.24.250.223] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id p144sm1322139wme.23.2016.11.23.00.05.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Nov 2016 00:05:59 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <1479884799.2563.3.camel@redhat.com>
Date: Wed, 23 Nov 2016 10:05:57 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B9F508E0-76F0-4252-AA24-38E3205F8BA9@gmail.com>
References: <1479884799.2563.3.camel@redhat.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v1mOEtKDJh9AokFepOuC6OG2J-U>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] record layer limits of TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 08:06:03 -0000
Hi, Nikos On 23 Nov 2016, at 9:06, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > Hi, > Up to the current draft of TLS1.3 the record layer is restricted to > sending 2^14 or less. Is the 2^14 number something we want to preserve? > 16kb used to be a lot, but today if one wants to do fast data transfers > most likely he would prefer to use larger blocks. Given that the length > field allows for sizes up to 2^16, shouldn't the draft allow for 2^16- > 1024 as maximum? I am not opposed to this, but looking at real browsers and servers, we see that they tend to set the size of records to fit IP packets. The gains from increasing the size of records from the ~1460 bytes that fit in a packet to nearly 64KB are not all that great, and the gains from increasing records from 16 KB to 64KB are almost negligible. At that size the block encryption dominates the CPU time. Yoav
- [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Michael Tuexen
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Watson Ladd
- Re: [TLS] record layer limits of TLS1.3 Hubert Kario
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Vlad Krasnov
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Benjamin Kaduk