I don't support this PR. Compactness of wire presentation is important (and acknowledged - why would there be a compressed header otherwise) and implicit CIDs should hence allowed and authenticated via AEAD additional data, preferably by generally adopting the pseudo header AAD approach. Disappointingly, despite its length the discussion so far has failed to point out concrete problems with the resulting header format malleability.
________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Christopher Wood <c...@heapingbits.net> Sent: Friday, May 22, 2020 1:09 AM To: Thomas Fossati <thomas.foss...@arm.com>; TLS@ietf.org <TLS@ietf.org> Subject: Re: [TLS] Banning implicit CIDs in DTLS On Thu, May 21, 2020, at 9:22 AM, Thomas Fossati wrote: > Hi Chris, > > On 21/05/2020, 17:00, "Christopher Wood" <c...@heapingbits.net> wrote: > > *One proposal to address this is by extending the AAD to include the > > pseudo-header. However, the chairs feel this is an unnecessary > > divergence from QUIC. > > I don't understand the "unnecessary" in the above para, i.e., why are we > so tied to QUIC in this case? I'm asking because it looks like this was > a core criterion in the Chairs' proposal. Sorry for the confusion! The point here was that QUIC authenticates what's on the wire, which we felt was important. I should have spelled that out. There are of course other things to consider, as Martin points out. Best, Chris _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
