[Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf last call Tsvart review
Thomas Fossati <thomas.fossati@linaro.org> Fri, 13 June 2025 13:34 UTC
Return-Path: <thomas.fossati@linaro.org>
X-Original-To: tsv-art@mail2.ietf.org
Delivered-To: tsv-art@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B41F43498D41 for <tsv-art@mail2.ietf.org>; Fri, 13 Jun 2025 06:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yW_MW7kyiAu4 for <tsv-art@mail2.ietf.org>; Fri, 13 Jun 2025 06:34:35 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 28A353498D32 for <tsv-art@ietf.org>; Fri, 13 Jun 2025 06:34:35 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-6077d0b9bbeso3757064a12.3 for <tsv-art@ietf.org>; Fri, 13 Jun 2025 06:34:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1749821674; x=1750426474; darn=ietf.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=o1Z3YMNzlnkHNvwilm/g230Mk9uLyAsOuB6XFnmqyuk=; b=y8dPuvZ88Q3C0DkrBF2rUVXtcRyD/wm1iXSA+8pEQEOzugq7BBxIWYYzpUaJte/zAN psgW5ItGrFlwvUcxN0v8BzbhBWrcw8NWvZ1eaMUP2Xf0GdIMMjrDIZtnFtDuqqGj8K5n h6SEyv5d7/wUH9JeoeAs1mz2osP9r83A2Ql6iUuWxH+A5FTamZaavXDft/A+340EbG4n k1g230h/CzP0tiUxU6jHDfYp2Uxyje5vPqbBqdpEtwkmJ+/1k3B91f0almvQiPKBJbsQ nZrPTmojsKAn13PXOZDaOGkXI1rHYfyH8QL5GO0N4Fed8yZB/6jqZUsdUzlpEgTbanZa AFeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749821674; x=1750426474; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o1Z3YMNzlnkHNvwilm/g230Mk9uLyAsOuB6XFnmqyuk=; b=fWpxjnmjrNQsiE7EVLIPYipxiMgrpIKO/BReHdGE644068v+QiA0zVRYPGakWA4qig 2oti0Q6hiM8a1RbkKJjC9AWH6rsyCsFGghemCaxqIBaA35KHqQeAMpczd2/HrYyPD5Un tLvF4o4mRKFc+56t64zbFCwfCGKnyUXlArc1YLlrF6REsANp4Kww+dokbhPOXVlHQLDd lFE5mb2am4uemRHU1kKspVRlyLRzXw4uLBs6M4GSgqzM/q0XdHsJLI7Bz/9tinj82U6Y cKc7jHn4xLwqhOwZyvv5Bb7P2NCR1rrAseTINNjHpRqg68M1siaEyJ3jpe5wiF+tizzc cIBw==
X-Gm-Message-State: AOJu0YygrMHzaUgu0T9AARWly2CJm0RDVLETVOvNg4eR58YQPT3dUERq vgGt/PM4V4n1lStk/BDWgEQHqCN8tWZnVmRTPJI0w7UCtqL0yIAa+YrjDlnUPMsDAIJR8NlH6Ef xtjm4
X-Gm-Gg: ASbGncvs6Bml1PscJPvtRo9OojQWFq2fg9AQRdXY7e5Wyolc/3jduCWjAaOvmU1GSMR cIDRY4eyWB0I1xqyJMvGb6k1fYbWfZA50LLjQ0nbWixI1WjIrvAXK/IS6csbAPsmEcxmNqP+x01 DILplr6Cvj0xB9yCvgZ5k+txl1r5WxumP1dT/m9L3ER8+5sm+MkNFWzgZTS0d96UtLzTORbXo/i jLCWWFEB1TXwGTMAV8JpjgNptuhDeZW6tU0P7jermKmknYxMf4STXE01EyPlqpORyG11f5MCi41 60lu2MFzn+RDIQyLLstUuEH8xk37VRox1zVYaQo+h/LiWoZr2xmlTeO/2Ha/thMsZlMNYv4auZf psiCImVEgRwjNyq/p
X-Google-Smtp-Source: AGHT+IG5jRu9cJokAcsXUSmt/gsgz5/zpGEQAY1A53p/8yPOQNVnVKpC1UmPCPE7UjTcMpkhaEuw0A==
X-Received: by 2002:a17:907:db15:b0:ad5:27f5:7183 with SMTP id a640c23a62f3a-adec5cad0dcmr282978066b.39.1749821674123; Fri, 13 Jun 2025 06:34:34 -0700 (PDT)
Received: from tho-mbp.home ([2a02:1210:6ac5:f500:a41e:d61a:30f2:c99f]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-adec88ff5efsm129794666b.104.2025.06.13.06.34.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jun 2025 06:34:33 -0700 (PDT)
Date: Fri, 13 Jun 2025 15:34:32 +0200
From: Thomas Fossati <thomas.fossati@linaro.org>
To: Colin Perkins <csp@csperkins.org>
Message-ID: <gbouwhtzpsic5j4yzzaiu3nl5lq3osd6ivuo7lom3wh4r7kdz2@iayeheoquqig>
References: <174973169765.4169355.2905346214627995584@dt-datatracker-59b84fc74f-84jsl>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <174973169765.4169355.2905346214627995584@dt-datatracker-59b84fc74f-84jsl>
Message-ID-Hash: HY46IQB3SC2ZEVDOBTT75ESXKFFBDULO
X-Message-ID-Hash: HY46IQB3SC2ZEVDOBTT75ESXKFFBDULO
X-MailFrom: thomas.fossati@linaro.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsv-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tsv-art@ietf.org, draft-ietf-tls-dtls-rrc.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf last call Tsvart review
List-Id: Transport Area Review Team <tsv-art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/ozyXBRXYq-BqoYzWDDyWkQefxkk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Owner: <mailto:tsv-art-owner@ietf.org>
List-Post: <mailto:tsv-art@ietf.org>
List-Subscribe: <mailto:tsv-art-join@ietf.org>
List-Unsubscribe: <mailto:tsv-art-leave@ietf.org>
Hi Colin, thanks very much for your thorough review. On Thu, Jun 12, 2025 at 05:34:57AM +0100, Colin Perkins via Datatracker wrote: > [...] > >Section 6 describes the basic and enhanced path validation procedures, >and states that “The decision on what strategy to choose depends mainly >on the threat model, but may also be influenced by other >considerations. Examples of impacting factors include: the need to >minimise implementation complexity, privacy concerns, and the need to >reduce the time it takes to switch path. The choice may be offered as a >configuration option to the user of the TLS implementation”. I agree >that those factors influence the decision on what to implement, but I >was surprised that the draft did not give clearer guidance on whether >the basic or enhanced check was recommended. At present, we do not have sufficient operational experience to make a recommendation. >Section 6.3 states that the return_routability_check messages MAY be >sent multiple times to account for packet loss. This is appropriate, >but I would expect to see some guidance on how often and how frequently >these packets should be resent. For example, should the initiator send >the message when the timer expires, or after one RTT, or more often? >Appropriate timing is likely to be application dependent, since some >applications are more sensitive to path change latency than others, but >some guidance (perhaps once per RTT, up to the anti-amplification >limit?) might be appropriate. Great suggestion. https://github.com/tlswg/dtls-rrc/pull/94/commits/cfd08fac2fc4f44104f4f >Section 6.3 states that “Each path_challenge message MUST contain >random data”. I presume the intent is that each path_challenge message >contains a new cookie with random contents, rather than a single random >cookie being generated once and resent in each retransmission, but it >would be helpful to clarify. Both should work fine. >Section 6.4 states “The initiator MUST NOT enforce this behaviour”, but >I didn’t understand how the initiator could enforce the behaviour, >since it seems that the responder that makes the decision. Suggest to >either remove or clarify the intent. Good catch! What happened is that very early in the history of the document, we had that statement to mean that the initiator should keep quiet if the responder was doing funky stuff (i.e., sending on another path than the one from where it received the challenge.) To clarify it, we added the line below: "The initiator MUST silently discard [...]" but then forgot to remove that one :-( https://github.com/tlswg/dtls-rrc/pull/94/commits/d074a77565eb33d8885c8 >Section 6.4 states that “The initiator MUST silently discard any >invalid path_response or path_drop it receives” – this is appropriate, >but I wonder what would happen if another NAT rebinding occurred while >the check was ongoing, such that the path_response arrived from neither >the original address nor the new address but rather from a third >address? Would this be counted as invalid, would it move the path to >the third address, or would it trigger another check? The current algorithm is not designed to handle nested rebindings. If this occurs (hopefully rarely), the path_response message is dropped, and path validation eventually times out. The address is not updated, and a new path validation will be triggered when new data is received. >In Section 6.5, clarify whether the “active path” refers to the old >path or the new path. It's the old. https://github.com/tlswg/dtls-rrc/pull/94/commits/43ff37957017e123ee154 You can take a look at the rfcdiff of the cumulative changes here: https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-tls-dtls-rrc&url_2=https://tlswg.github.io/dtls-rrc/tsvart/draft-ietf-tls-dtls-rrc.txt cheers, thanks again!
- [Tsv-art] draft-ietf-tls-dtls-rrc-15 ietf last ca… Colin Perkins via Datatracker
- [Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf las… Thomas Fossati
- [Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf las… Colin Perkins
- [Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf las… Colin Perkins
- [Tsv-art] Re: draft-ietf-tls-dtls-rrc-15 ietf las… Thomas Fossati