Re: [TLS] About the contents of Record Layers
Michael D'Errico <mike-list@pobox.com> Sun, 01 August 2010 18:09 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DD273A690F for <tls@core3.amsl.com>; Sun, 1 Aug 2010 11:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3e0ZILxeK8Uj for <tls@core3.amsl.com>; Sun, 1 Aug 2010 11:09:14 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id C88393A68B1 for <tls@ietf.org>; Sun, 1 Aug 2010 11:09:14 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id F0970C92F3; Sun, 1 Aug 2010 14:09:40 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=NJGsbdpN/Bs7 Rrux6Y33Ul6L5/w=; b=mt8EDTOo82TPJo0ElYtalSH2XEEs1Ml9NESNhG6HpqO3 /jijbYlFjx4SnmN5LSESfQ+81wbXbx0XFumW28lTk1HuTbSHb93IDEOYX0UEw4hs AglY1sWhUlUZsBbIMbpPRL9KH6Mn9e5LHy+nNOBcT/7mxIGlnGFJP1LH4pAIpIo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=g/YR/v LKIwTFaIX0ds/pVmxaLzNYZk9iB6M9FIj79M5ApSv9YHfZGCxzhLKiecDMyAflu1 O3V0XOrkENCvluHMX9SIcSLCl2Rqrx0foQEl+73ttGesCg0cNSvSpKUy0zOMzEEU UkqR4eOnzoLbRFbLjTFcWCFapJo52Dw7DWVOY=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id DCFBFC92F1; Sun, 1 Aug 2010 14:09:39 -0400 (EDT)
Received: from MacBookPro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 4263CC92F0; Sun, 1 Aug 2010 14:09:38 -0400 (EDT)
Message-ID: <4C55B861.7040602@pobox.com>
Date: Sun, 01 Aug 2010 11:09:37 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: 1.41421@gmail.com
References: <0016e645abb0c2aae1048cc6067a@google.com>
In-Reply-To: <0016e645abb0c2aae1048cc6067a@google.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: F3B52A5C-9D97-11DF-8E04-9056EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] About the contents of Record Layers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2010 18:09:16 -0000
2^(1/2): You are correct that application data is just a blob that is passed on to the application. It is not processed by the TLS "layer" at all, other than to decrypt it and verify its integrity. Multiple handshake messages can be combined into one record, or a single handshake message may span multiple records. Handling this can be tricky. Usually only one alert message will be sent over a connection in each direction, but you have to be prepared to receive several, even in the same record. You should also be prepared to receive just the AlertLevel byte in one record and the AlertDescription in another. Change cipher spec messages only make sense at specific places in the handshake message sequence, so you should never receive more than one in a single record. If you do receive more than one, it is an error. Mike 1.41421@gmail.com wrote: > My thanks Juho and Brian for your feedback. On a similar topic, my > understanding is that a Record Layer can encapsulate several protocol > messages, all of them belonging to the same protocol. This makes sense > for Alert and Handshake protocol messages, for they contain all the > information necessary to find out where protocol messages of those types > end (which may happen only after many Record Layers have been received.) > The same applies to ChangeCipherSpec messages, albeit I do not > understand why one would want to encapsulate more than one such message > in a Record Layer. Now what about Application data messages? I believe > that as far as TLS is concerned these messages are just blobs of data; > i.e. it's beyond the scope of TLS to know where they end. Thus, is it > not the case that a Record Layer can contain one, and only one, > Application data message? Obviously, the application can spread its data > over many Record Layers, but when TLS receives a Record Layer with > Application data it automatically knows that the whole of the Record > Layer's payload is a single, structure-less (as far as TLS is concerned) > string of bytes. Is this a correct assessment?
- [TLS] About the contents of Record Layers JCA
- Re: [TLS] About the contents of Record Layers Brian Smith
- Re: [TLS] About the contents of Record Layers Juho Vähä-Herttua
- Re: [TLS] About the contents of Record Layers Juho Vähä-Herttua
- Re: [TLS] About the contents of Record Layers 1.41421
- Re: [TLS] About the contents of Record Layers Michael D'Errico