[TLS] Server-side fragment size signalling
"Paul Bakker" <p.j.bakker@offspark.com> Mon, 12 May 2014 10:58 UTC
Return-Path: <p.j.bakker@offspark.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCAD1A0675 for <tls@ietfa.amsl.com>; Mon, 12 May 2014 03:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.993
X-Spam-Level: *
X-Spam-Status: No, score=1.993 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BXcjyVuvakA for <tls@ietfa.amsl.com>; Mon, 12 May 2014 03:58:03 -0700 (PDT)
Received: from vps2.brainspark.nl (vps2.brainspark.nl [141.138.204.106]) by ietfa.amsl.com (Postfix) with ESMTP id 722A01A05D1 for <tls@ietf.org>; Mon, 12 May 2014 03:58:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=offspark.com; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:To:From; bh=TIM8+LdeS0i2GiJUUAL2y2UAhfwmis2aesXhF6+aSes=; b=kw+oxYj4TiVSCnCc1t/U3egnl43PDM8nimRqHPyGJrDuEw3UirUYkFoxYKjKPUj2ry5S/LC/XuwhrG1/ZGtWvSr1sW6TW0OmUIQI37FAQVHpeNVUPze+YHhMo3ihL3N1e0lDv9tJeHMBfWUlYnkv8s3IwzoTf9+HC1/bBTvYPOE=;
Received: from 5354a6da.cm-6-5c.dynamic.ziggo.nl ([83.84.166.218] helo=Slimpy) by vps2.brainspark.nl with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <p.j.bakker@offspark.com>) id 1Wjnuu-0002Qe-5q for tls@ietf.org; Mon, 12 May 2014 12:57:08 +0200
From: Paul Bakker <p.j.bakker@offspark.com>
To: tls@ietf.org
Date: Mon, 12 May 2014 12:57:51 +0200
Message-ID: <021801cf6dd1$0826d9b0$18748d10$@offspark.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac9t0NT9TbDNPI1yRE+OD3gAEV+z7w==
Content-Language: nl
X-SA-Exim-Connect-IP: 83.84.166.218
X-SA-Exim-Mail-From: p.j.bakker@offspark.com
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.brainspark.nl)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xwTuo2lab10YkCHjahR549Tf3r4
Subject: [TLS] Server-side fragment size signalling
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 10:58:04 -0000
Hi, While we are on the TLS 1.3 discussion, I would like to start a discussion on bringing equality to low-footprint servers compared to the options clients have now. Currently low-footprint clients that have very restricted memory resources are able to indicate using smaller send/receive buffers with the max_fragment_length extension (If the server supports the RFC 6066). This removes the need to be able to accept packets 16k bytes in size, which is often one of the largest 'permanent' buffers you need in low-footprint environments. But low-footprint servers that get connected to by high-footprint clients don't have this option. They cannot indicate to the client that they would only like to receive fragments with a maximum size of 2^9. As the world of small-footprint devices is still growing rapidly (i.e. Internet of Things), life for low-footprint servers should be viable as well. The simplest solution to this is to modify the current extension's definition (Other RFC but as follows: * Change: "In order to negotiate smaller maximum fragment lengths, clients MAY include an extension of type "max_fragment_length" in the (extended) client hello. " Into: "If a clients support this extension, clients SHALL include an extension of type "max_fragment_length" in the (extended) client hello." * And: "The "extension_data" field of this extension SHALL contain a "MaxFragmentLength" whose value is the same as the requested maximum fragment length." Into: "The "extension_data" field of this extension SHALL contain a "MaxFragmentLength" whose value is the same or lower as the requested maximum fragment length." An alternative is to allow the server to send a max_fragment_length extension even if it did not receive one from the client, but this violates the 'standard way' and the server does not know if the client even supports the max_fragment_length extension. I'm actively looking for feedback or alternatives that people have in mind! Best regards, Paul Bakker Lead maintainer PolarSSL
- [TLS] Server-side fragment size signalling Paul Bakker