Re: [TLS] DTLS 1.2: Call for spec ambiguities

To: "tom.petch" <cfinss at dial.pipex.com>
Subject: Re: [TLS] DTLS 1.2: Call for spec ambiguities
From: Eric Rescorla <ekr at networkresonance.com>
Date: Wed, 09 Apr 2008 12:15:11 -0700
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <005801c89a5b$0f28e960$0601a8c0 at allison>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <20080319053351.B47D41B9480 at kilo.rtfm.com> <005801c89a5b$0f28e960$0601a8c0 at allison>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Wed, 9 Apr 2008 11:51:24 +0200,
tom.petch wrote:
> 
> Not an ambiguity - RFC4347 is very clear - but I have struggled to understand
> whether or not updates to base TLS apply to DTLS or not (eg new cipher suites
> such as draft-ietf-tls-ecdhe-psk-01.txt ,
> RFC4366).  RFC4347 does say that new cipher suites should specify if and how
> they apply, but in practice, that does not seem to have happened.

Right. That is a bug in those specs. :) I'll add some guidelines in
the main text about hwhat would be suitable.


> And I echo the point about PMTU; I have seen DTLS criticised as being wholy
> unrealistic about PMTU, on some very unexpected mailing lists.

That could totally be. We tried to get this right base on what we thought
we understood about the transport issues, but quite likely we didn't.
I'll take another pass on reading up people's comments and getting
with the TSV people. If anyone wants to point me at discussions
they know about and save me some time, I wouldn't complain :)

-Ekr



> Tom Petch
> 
> ----- Original Message -----
> From: "Eric Rescorla" <ekr at networkresonance.com>
> To: <tls at ietf.org>
> Sent: Wednesday, March 19, 2008 3:24 AM
> Subject: [TLS] DTLS 1.2: Call for spec ambiguities
> 
> 
> > The plan I proposed in Philadelphia for DTLS 1.2 includes
> > clarification of any issues that weren't clear in RFC 4347.
> > I intend to collect a list of those issues and then
> > have discussion/propose resolutions on the mailing list.
> > I'm already aware of three such issues:
> >
> > - Inclusion of the first ClientHello and HelloVerifyRequest
> >   in CertificateVerify
> > - Handshake header inclusion in message hashes
> > - Whether PMTU discovery makes sense
> >
> > The first two seem to be pretty simple and have obvious
> > answers. The third requires talking to the TSV area.
> >
> > If WG members are aware of other issues, can you mail them
> > to me or the list by the end of April? I'll then summarize
> > on the list and start threads to discuss them.
> >
> > -Ekr
> > _______________________________________________
> > TLS mailing list
> > TLS at ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] DTLS 1.2: Call for spec ambiguities
  - From: Eric Rescorla
- Re: [TLS] DTLS 1.2: Call for spec ambiguities
  - From: tom.petch

Prev by Date: Re: [TLS] DTLS 1.2: Call for spec ambiguities
Next by Date: Re: [TLS] Implementation survey: Client Certificate URL extension
Previous by thread: Re: [TLS] DTLS 1.2: Call for spec ambiguities
Next by thread: [TLS] I-D ACTION:draft-ietf-tls-rfc4346-bis-10.txt
Index(es):
- Date
- Thread

Re: [TLS] DTLS 1.2: Call for spec ambiguities

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.