Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
From: Michael Tüxen <Michael.Tuexen at lurchi.franken.de>
Date: Tue, 14 Oct 2008 13:40:21 +0200
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081014104657.BEA426C3D3F at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <3D67B0D0-BFE2-4DFF-A847-C4BF3BFCE08E at fh-muenster.de> <20081014104657.BEA426C3D3F at kilo.rtfm.com>
Sender: tls-bounces at ietf.org

Hi Eric,

I would prefer something like:

- For DTLS over TCP or SCTP, which automatically fragment
  and reassemble datagrams, the upper layer protocol
  MUST NOT write any record that exceeds 2^14 byte.

The reason is that a while ago it took me some time
to understand that someone talking about small messages
really was talking about messages of 64KB. Large message
were about several MB. I'm not sure what these guys
would understand when reading "effectively infinite".

Best regards
Michael

On Oct 14, 2008, at 12:46 PM, Eric Rescorla wrote:

At Tue, 14 Oct 2008 10:04:37 +0200,
Robin Seggelmann wrote:


Hello all,
I was just checking the draft for changes relevant to DTLS over SCTP
and came across the following new paragraph:

- For DTLS over TCP or SCTP, which automatically fragment
  and reassemble datagrams, the upper layer protocol
  SHOULD be informed that the PMTU is effectively infinite.

What does 'effectively infinite' mean? TLS limits the message size to
2^14 bytes, so shouldn't this limit also apply to DTLS? If the
message size really is arbitrary, doesn't this affect some cipher
algorithms? Or should the application then ignore the announced
'infinite' PMTU and limit the message size anyway?



Yes, that's a fair point. OTOH, this is a maximum message size
which is related to, but not identical to, the PMTU. Operationally
the application needs to restrict itself to 2^14 and associated
limits. I'm tempted to simply add a parenthetical "(though of
course applications still MUST NOT write any record that exceeds
2^14 bytes)"

-Ekr


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
  - From: Eric Rescorla

References:
- [TLS] draft-ietf-tls-rfc4347-bis-00.txt
  - From: Robin Seggelmann
- Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
  - From: Eric Rescorla

Prev by Date: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
Next by Date: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
Previous by thread: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
Next by thread: Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-ietf-tls-rfc4347-bis-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.