Re: [TLS] Alignment of the TLS/DTLS header

To: Nikos Mavrogiannopoulos <nmav at gnutls.org>
Subject: Re: [TLS] Alignment of the TLS/DTLS header
From: Eric Rescorla <ekr at networkresonance.com>
Date: Sun, 27 Jul 2008 21:28:46 -0700
Cc: tls at ietf.org, "Abhijit Choudhury \(achoudhu\)" <achoudhu at cisco.com>
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <488B5536.7020006@gnutls.org>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <0A7D7D6BC1EEF6489C3D0AE1B6B1619506DC7A5C@xmb-sjc-223.amer.cisco.com> <488B5536.7020006@gnutls.org>
Sender: tls-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

At Sat, 26 Jul 2008 19:47:50 +0300,
Nikos Mavrogiannopoulos wrote:
> 
> Abhijit Choudhury (achoudhu) wrote:
> 
> > TLS, and hence DTLS, are possibly the only protocols that have
> > an odd number of bytes in the header. One thing I have consistently 
> > seen in HW and even in SW implementations of DTLS is that the 
> > 13 byte DTLS header causes implementation challenges. Almost all
> > headers in the IP packet are 4-byte aligned.
> 
> > For ASICs, having the 13-byte DTLS header misaligns the HW parsers
> > so that subsequent headers in application-data type packets are
> > harder to parse out. 
> Why is this? Probably if the design is based on an ASIC that parses IP
> packets, it will not be optimal, but can't a design specifically for TLS
> parse those packets optimally?
> 
> > For processor based implementations, sometimes 
> > the 13-byte header results in additional copies, and reduced
> > performance.
> I cannot understand this. Could you please elaborate?

After thinking about this for a while, this seems like a pretty
significant change to make to DTLS, especially given that I don't
expect us to change TLS 1.2 at this point, so hardware will need 
to support the unaligned version anyway.

I'd prefer not to do this absent some pretty compelling 
data indicating that it makes a big performance difference.

-Ekr


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Alignment of the TLS/DTLS header
  - From: Abhijit Choudhury (achoudhu)
- Re: [TLS] Alignment of the TLS/DTLS header
  - From: Nikos Mavrogiannopoulos

Prev by Date: [TLS] DTLS and failed cookie validation
Next by Date: [TLS] comments on draft-urien-tls-keygen-00
Previous by thread: Re: [TLS] Alignment of the TLS/DTLS header
Next by thread: [TLS] DTLS and failed cookie validation
Index(es):
- Date
- Thread

Re: [TLS] Alignment of the TLS/DTLS header

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.