Re: [TLS] Banning implicit CIDs in DTLS
Eric Rescorla <ekr@rtfm.com> Sun, 24 May 2020 19:45 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9243B3A09B1 for <tls@ietfa.amsl.com>; Sun, 24 May 2020 12:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSYwsxc5GahI for <tls@ietfa.amsl.com>; Sun, 24 May 2020 12:45:35 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A89833A0A30 for <TLS@ietf.org>; Sun, 24 May 2020 12:45:34 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id m18so18571957ljo.5 for <TLS@ietf.org>; Sun, 24 May 2020 12:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2j3TZzgSCGxBuuV982gBGE/yLPYEqCqpXWmhjK2RQyU=; b=QbabfzjFzt40xhWnyq6l/fLV8pnOL1uypihe3pQ42ARQM9oakGnqqz4k//b8XaQmub NkhAuqzwkdPOI4k1i6Tois9rTiN9aR1qVAEDLhjYKvgsaeaTfZCLVOGGoxc3XuOCeGp6 gcHa01V2bOKmi1oUASaq89VIUbNp9sSeOJnzY63wea6xPZX9pRRIQMQ5RtH3My+PP5tl PIy1lDC79E28se/AjNqb5J+lgTbEq41345Sdz9UTXdX9z8H+az5mvNEW96TrCoxQapb3 zZ1txz77I9XRExgsl82R98/W9QFbZeYwhkrYNrqQM5v6yAwngYye5phAr95zcQ38X7Ot taPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2j3TZzgSCGxBuuV982gBGE/yLPYEqCqpXWmhjK2RQyU=; b=MDo98u0mokQ4wDuh8YJ5X0LekAYt9lk/FfwmS+YbOw/tV6LcRWW2s5uZY0DT5bCRMy WKLaQCmfWP1ZQwJ1mHMDrMe6HLG/TOTufYlnNP8ADQZnY06pVEVSH3XDBO5Oc76pfxgU BSVXQ7N6tQbSgyRD9FthRYzNa5Nfmoh0fz6V5N6xA4cd3jOofNMGiOEn9oYFszoy3vQs kyy2G0p7cAJicnF+7+pn+UGeuHtZoF6juN5lSrGJk2e0kgGeyybkMJpcTwVOKhhXrLku KM4lRXrDNaZIUhl9ffbMR8XCAuD2xP0DnAmjxxUbKl/Yrsa+oqyebzq1P0C75MXAGOEQ 2rlg==
X-Gm-Message-State: AOAM532mLc8q2owbHwbN9TxNwSf8dStuXLWJhAKDXLFC6+F04CRuxb3t IUm16x3xyFwTrrOVARl4K7VfaUPOulRyQj8ElZGnI6w3SJw=
X-Google-Smtp-Source: ABdhPJxYpV1h992XS2Ks2pC32qC/nFsu8HFATvO8sM8Nwi4B/i6GdDWg9ntX/FzHOxyvq5JuZ/Jyjmew9TEb0chBYe8=
X-Received: by 2002:a05:651c:1183:: with SMTP id w3mr12904880ljo.265.1590349531568; Sun, 24 May 2020 12:45:31 -0700 (PDT)
MIME-Version: 1.0
References: <df70e06b-ffdf-4402-b640-d99b2aafac6b@www.fastmail.com> <17230F7E-0983-4519-8BA3-50D3F1A66C22@arm.com> <b45dea1f-506a-420e-aa3b-4d6c0fae5028@www.fastmail.com> <780181FE-B9FE-452F-93F4-4268DFB4E47E@arm.com>
In-Reply-To: <780181FE-B9FE-452F-93F4-4268DFB4E47E@arm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 24 May 2020 12:44:55 -0700
Message-ID: <CABcZeBOfswLafAP+-LwNFwty2CA+pEx=pr6ixP0htqsVyPFcSw@mail.gmail.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>
Cc: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e5f27105a66a1a4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wrRlUF2VQcI1WPoSzxxC_agrSS8>
Subject: Re: [TLS] Banning implicit CIDs in DTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 19:45:38 -0000
On Sun, May 24, 2020 at 11:01 AM Thomas Fossati <Thomas.Fossati@arm.com> wrote: > On 22/05/2020, 01:09, "Christopher Wood" <caw@heapingbits.net> wrote: > > On Thu, May 21, 2020, at 9:22 AM, Thomas Fossati wrote: > > > Hi Chris, > > > > > > On 21/05/2020, 17:00, "Christopher Wood" <caw@heapingbits.net> > > > wrote: > > > > *One proposal to address this is by extending the AAD to include > > > > the pseudo-header. However, the chairs feel this is an unnecessary > > > > divergence from QUIC. > > > > > > I don't understand the "unnecessary" in the above para, i.e., why > > > are we so tied to QUIC in this case? I'm asking because it looks > > > like this was a core criterion in the Chairs' proposal. > > > Sorry for the confusion! The point here was that QUIC authenticates > > what's on the wire, which we felt was important. I should have spelled > > that out. There are of course other things to consider, as Martin > > points out. > > OK, thanks for clarifying. > > I want to be able to use implicit CIDs so I don't support PR#148 as-is. > In what context do you have a use for implicit CIDs? -Ekr > As much as I'd like to go for a pure pseudo-header approach, I don't > think I have enough data at this point in time that I'd feel safe going > that way. > > Since adding implicit CID to the AD doesn't look like a big deal in > terms of performance overhead, that would be my preference. > > cheers, t > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Banning implicit CIDs in DTLS Christopher Wood
- Re: [TLS] Banning implicit CIDs in DTLS Eric Rescorla
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Martin Thomson
- Re: [TLS] Banning implicit CIDs in DTLS Christopher Wood
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Eric Rescorla
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Achim Kraus
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Thomas Fossati
- Re: [TLS] Banning implicit CIDs in DTLS Richard Barnes
- Re: [TLS] Banning implicit CIDs in DTLS Hanno Becker
- Re: [TLS] Banning implicit CIDs in DTLS Hannes Tschofenig
- Re: [TLS] Banning implicit CIDs in DTLS Christopher Wood