Re: [TLS] RFC 6066 - Max fragment length negotiation
Eric Rescorla <ekr@rtfm.com> Wed, 22 March 2017 00:10 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FB49129409 for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 17:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uukNTyfRM1uf for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 17:10:11 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D9641241FC for <tls@ietf.org>; Tue, 21 Mar 2017 17:10:11 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id p77so119874729ywg.1 for <tls@ietf.org>; Tue, 21 Mar 2017 17:10:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CVVLwZjKJL68rAnexQ/8/OvZ1QlxN7XTsSI+InxaUow=; b=l6x6TwSqAesCqWEl0X2G9Ex9QmQDYtsVjzPK6czD6o4dkRmANX00Lx71Xv9aYzMKtv ATU8j6F86yfdObLizwoQ4WInfIDWvy3aVdLNaXTRv7L1vhL2iuH/l4KALba+5mpCz+eu 6HAlh0VF6goPRcYrLGROOQl6Fh3XXpZsllqnkQBfQ/frfL5/3jnQKBdarHoRmrBBDsBr 2CgWans8kXYgpb7On5igp98oNLp8D80QxlM79OgxJpRE80Y5rfj2zHtbdJUcgZUVUgXC yu0jOyybRBQOgV6wcuxhXnIfTx8d35y5KncNAJrz0LvksnrZDyWZ77AJlW3hnACoYjqO PlrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CVVLwZjKJL68rAnexQ/8/OvZ1QlxN7XTsSI+InxaUow=; b=Puk9RFULHB20mTAH/W1NktaAkTmDglLCr3OEh1bzp5HFu5HB/AW8UNBT8JP8iN2FCD g42hYkPRwkJbbDSWALsvezEG6h/MLstAqSX1uEqZzJRZ9jy+J193wSKejVMZSKblwMtw 7vpJE2eNMFDQu+eEga+4ymMyZum+wR88mzRCjPN86+hi2RWBtabEktkfGvThbcUIMXTs o0afZ+wsyoPszFRogzBG58+Gt7xBeQXvoetcMtBjjU9L2lOJagQU1W/aEPXpe3xZ9mT2 9OZDUIo/zTGa9rynKCoJXxx4bpmO81TydhMfq8pkmNUciNP3tRbCg/+AxkW8KBBw4Uts 4AvQ==
X-Gm-Message-State: AFeK/H2H8kbOGKh8IyIxf9QnrmBeqsTNPWg+5aOesWrWiYF5eAw0E9o1yAorX/o2MwylVZC0/iOxMM4OT+EBtQ==
X-Received: by 10.13.250.67 with SMTP id k64mr21616617ywf.125.1490141410377; Tue, 21 Mar 2017 17:10:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Tue, 21 Mar 2017 17:09:29 -0700 (PDT)
In-Reply-To: <CABkgnnX1_YvbVb-FXjGe1jCuEjGxiaQ8WFuZGyuu0puNU+4ABQ@mail.gmail.com>
References: <CAD8WAomJLs4hdaso9hT036=UORjT9=H5-oCHbdSofuv++n3rYg@mail.gmail.com> <1489706298995.98317@cs.auckland.ac.nz> <855C5079-FDA7-4E68-AE29-1E9605B495D7@broadcom.com> <1489707933992.42551@cs.auckland.ac.nz> <CABkgnnVRZBwXHZ6w=gX9pykNpXp80OLP1pe-VMg-uO-C6O8yEQ@mail.gmail.com> <1489710142144.88978@cs.auckland.ac.nz> <CABkgnnXiB5ksGbbPqDP3D=FVdQu9ht0vD8-T-5HTaEKQQE4+9w@mail.gmail.com> <1489721710740.52293@cs.auckland.ac.nz> <CABkgnnWq_5e8TJgJV+okqi6vo-_5=811pOZRtUCp0TD07SmNoQ@mail.gmail.com> <CABkgnnW=Pz+6M8UYoB+MTY8rQp9vsHyh6aqiSb3EbTT_BdWokA@mail.gmail.com> <20170321131514.GA9342@bolet.org> <1490103123694.3164@cs.auckland.ac.nz> <CABkgnnX1_YvbVb-FXjGe1jCuEjGxiaQ8WFuZGyuu0puNU+4ABQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 21 Mar 2017 17:09:29 -0700
Message-ID: <CABcZeBOSuezVLo_QjW+ZChOvPE0EWaN7aFCEpQbbR__GHoxpvA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c07f34a6e4b49054b4695a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ycBm4EYWoQdt2_5aKz7NUa4rnm4>
Subject: Re: [TLS] RFC 6066 - Max fragment length negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 00:10:13 -0000
On Tue, Mar 21, 2017 at 4:58 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 22 March 2017 at 00:32, Peter Gutmann <pgut001@cs.auckland.ac.nz> > wrote: > > I'd earlier thought of suggesting that the record length be the > ciphertext > > length, not the plaintext length, but wasn't sure if there'd be much > support > > for it. > > Yep, you thought right. I considered the same thing, investigated > what it would take to implement and found that it would be awful. I don't feel strongly about this, but... > The > code that deals with record splitting doesn't know anything about the > specific cipher suite right now. It would have to be taught about the > expansion, because without that information it would potentially send > a packet for encryption and then discover that it got too big in the > process and start over. Couldn't you just use the maximum expansion you support (which ought to be 16 for TLS 1.3). > When compression is enabled, I can't imagine > what it would do. > I feel like we could ignore this, and just say "don't do compression" -Ekr Implementing a limit on pre-encryption data turns out to be pretty > trivial, because you change a constant (2^14) into a variable > (record_size_limit). > > You are right that choosing the encrypted size makes setting the value > easier, but that moves the effort to the wrong place. The constrained > device is the one that cares about this, so it can be the one to spend > the effort choosing the right value. Move the effort somewhere else > and you will find that fewer non-constrained devices will bother > implementing the extension. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] RFC 6066 - Max fragment length negotiation Nitin Shrivastav
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Yoav Nir
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Yoav Nir
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Nitin Shrivastav
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Nitin Shrivastav
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Eric Rescorla
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Thomas Pornin
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Ilari Liusvaara
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Ilari Liusvaara
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Hannes Tschofenig
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Hannes Tschofenig
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Hannes Tschofenig
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Thomas Pornin
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Ilari Liusvaara
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Joseph Birr-Pixton
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Joseph Birr-Pixton
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Hannes Tschofenig
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Nitin Shrivastav
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Sheehe, Charles J. (GRC-LCA0)
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Thomas Pornin
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Nikos Mavrogiannopoulos
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Hannes Tschofenig
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Eric Rescorla
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Eric Rescorla
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Thomson
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Eric Rescorla
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Martin Rex
- Re: [TLS] RFC 6066 - Max fragment length negotiat… Peter Gutmann