Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt

To: tls at ietf.org
Subject: Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
From: Michael D'Errico <mike-list at pobox.com>
Date: Thu, 22 Oct 2009 21:29:18 -0700
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=V+kHTVGji599 NOXj63lispUESf8=; b=xdK/IoUIdjfqTtYcP4nrZap6n0eY9jwOLGKWnTUWoznE yVI1CpaUKuPqRB1qaOaHPjmK7VujZ3gKmo79Qj9Zc9K79oLqdolq0Gb3i88+6rzF CjIwG5g1eJG7GumLoe1jfX0C9sJ0HmtAWp3nJ6kP7Ckbs8FSAMcKa4pRsIQI0Ew=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=Y8dhMR /Mr4pCuJXfS4xIxiB1OwVxcHmp8Hqb+NCdmeRvw7fVr/rITsc5aAJzHmSyklxGVU fx5lT4n2Znup4pHuffly5AWdVYgSJ6hrfn5IpAaSpPhF/H9PKuR+gaGHMNGGwQTR Ahr7iiTBVbVTqrNQ1bLm5AjaxJZm4qvwABmdQ=
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE508E1B2D8 at xmb-sjc-225.amer.cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE508E1B2D8 at xmb-sjc-225.amer.cisco.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

The link appears to go to the correct version of the draft, but the
header of each page says it is draft -00 dated June 2008.

Overall the draft seems to be good, but one thing I think is missing
is for the server to be able to somehow tell the client to switch to
a different port for DTLS over UDP (I don't know about other types
of transports).  The simplest scheme I can envision is that the
HelloVerifyRequest and ServerHello messages would be sent from the
port the client initially contacted.  The ServerHello would contain
a DTLS_PortChange extension listing the new port number.  The
remainder of the handshake and subsequent data transfer would occur
on this new port.

Comments on the draft:

In section 3. Overview of DTLS, it says:

    1. TLS's traffic encryption layer does not allow independent
    decryption of individual records.  If record N is not received,
    then record N+1 cannot be decrypted.

I don't believe this is always true -- if a block cipher is used,
then since there is an explicit IV given, you can decrypt the record.
The MAC, however, will not calculate correctly due to the wrong
sequence number, so the missing record will be detected.  Stream
(and AEAD?) ciphers would fail to decrypt as stated.

Near the top of page 9, the abbreviation CSS is used.  I think that
should have been CCS, but I would suggest spelling out ChangeCipher
Spec rather than abbreviating.

At the very end of section 4.2.1 (top of page 17) it mentions a
HelloVerify message (not HelloVerifyRequest).  Should that be a
ClientHello message (with cookie)?

Typos:

  - last line of page 3: "they typically requires" strike the s.
  - section 4.1.1 second line, "that clients" remove "that"
  - top of page 14 - "forget" should be "forgery"

Mike


Joseph Salowey (jsalowey) wrote:

This is an announcement for working group last call on DTLS 1.2 (RFC
4347-bis).  The document is available here:

http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-03

Please send any comments to the list by October 26, 2009.  It is useful
to send an indication to the list if you have read the document and
think it is ready for publication even if you don't have specific

comments.

Thanks,

Joe

Follow-Ups:
- Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
  - From: Joseph Salowey (jsalowey)

References:
- [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: [TLS] TLS 1.2 and CertificateRequest message
Next by Date: [TLS] FW: Join the MashSSL Incubator Group (Call for Participation)
Previous by thread: Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
Next by thread: Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt
Index(es):
- Date
- Thread

Re: [TLS] Working group last call for draft-ietf-tls-rfc4347-bis-03.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.