Dear IETF TLS Working Group, I am reaching out to seek clarification on specific aspects of Connection ID (CID) management in DTLS 1.3, as detailed in RFC 9147.
The current specification delineates the process for issuing new CIDs via a NewConnectionId message. However, the methodology for retiring old CIDs seems subject to various interpretations. Is it correct to assume that an endpoint dictates the number of active CIDs it manages and that CIDs should be utilized in the sequence they are provided? For example, if the initial negotiated CID is 0 and an endpoint subsequently issues NewConnectionId with CIDs 1, 2, and 3, my interpretation is that upon receiving the first datagram from a new path (which is also applicable for an existing path), the records should ideally be tagged with the next CID (1, 2, or 3) rather than CID 0. This approach suggests that upon the reception of a higher CID, lower CIDs should be considered retired and later removed. This understanding implies that CIDs in DTLS 1.3 are not designed for multipath operations, and it is anticipated that only one path (one CID) would be active at a given time. Could you please confirm if this interpretation is in alignment with the intended specifications, or offer additional insights into the appropriate management of CIDs in DTLS 1.3? Including such clarification in the RFC would be invaluable in mitigating potential confusion. Thank you. Kristijan
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
