Re: [TLS] Connection ID in TLS

2018-03-20 Thread Stephen Checkoway
> On Mar 20, 2018, at 18:45, John Mattsson wrote: > > Correct, I just copied pasted the length of the arrays, should be length = > cid_length + encrypted_record.length. > > The example was taken from draft-ietf-tls-tls13-27. If I understand > correctly, It seems like the same circular definit

Re: [TLS] Connection ID in TLS

2018-03-20 Thread Benjamin Kaduk
The issue is that the "TLSCiphertext.length" is the same field as the "uint16 length", so you are saying that this field has the value of "cid_length plus itself", which is impossible in integers modulo [a value larger than cid_length]. In the "formal" grammar, you'd need to define a new field. -

Re: [TLS] Connection ID in TLS

2018-03-20 Thread Benjamin Kaduk
On Tue, Mar 20, 2018 at 11:29:09PM +, John Mattsson wrote: > I don’t think it is required either, the mechanisms in > draft-schmertmann-dice-codtls and draft-friel-tls-over-http clearly wotks, > but Hannes Tschofenig brought it up as a new mechanism that can be used to > simplify things in A

Re: [TLS] Connection ID in TLS

2018-03-20 Thread John Mattsson
Correct, I just copied pasted the length of the arrays, should be length = cid_length + encrypted_record.length. The example was taken from draft-ietf-tls-tls13-27. If I understand correctly, It seems like the same circular definition is done there as well --

Re: [TLS] Connection ID in TLS

2018-03-20 Thread John Mattsson
for ATLS if we can use Connection ID. From: "r...@ipv.sx" Date: Tuesday, 20 March 2018 at 17:37 To: "Fossati, Thomas (Nokia - GB/Cambridge)" Cc: John Mattsson , "TLS@ietf.org" Subject: Re: [TLS] Connection ID in TLS I don't think Connection-ID is really requ

Re: [TLS] Connection ID in TLS

2018-03-20 Thread Stephen Checkoway
> On Mar 20, 2018, at 11:38, John Mattsson wrote: > > I think Connection ID is an important enabler for end-to-end security with > (D)TLS. There seems to be important use cases for connection ID in TLS as > well, see https://www.ietf.org/mailman/listinfo/atlas. At the Monday > afternoon TLS

Re: [TLS] Connection ID in TLS

2018-03-20 Thread Richard Barnes
I don't think Connection-ID is really required for ATLS. As Carsten and Owen mentioned in the side meeting, there are a few ways to use HTTP to correlate the relevant messages. On Tue, Mar 20, 2018 at 5:15 PM, Fossati, Thomas (Nokia - GB/Cambridge) < thomas.foss...@nokia.com> wrote: > On 20/03/2

Re: [TLS] Connection ID in TLS

2018-03-20 Thread Fossati, Thomas (Nokia - GB/Cambridge)
On 20/03/2018, 16:38, "TLS on behalf of John Mattsson" wrote: > At the Monday afternoon TLS session, it was stated that Connection ID > in TLS was unemployable in the wild due to middleboxes. Couldn't that > be solved by placing the cid field after the length field? Are you referring to slide 13