On Thu, Jan 7, 2021 at 4:39 PM Benjamin Kaduk <ka...@mit.edu> wrote: > On Mon, Jan 04, 2021 at 03:40:34PM -0800, Martin Duke via Datatracker > wrote: > > Martin Duke has entered the following ballot position for > > draft-ietf-tls-external-psk-importer-06: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > This is probably just my own ignorance, but I see two potential problems > in Sec > > 4.1. > > > > - 'The identity of "ipskx" as sent on the wire is ImportedIdentity, > i.e., the > > serialized content of ImportedIdentity is used as the content of > > PskIdentity.identity in the PSK extension.' IIUC ImportedIdentity has a > maximum > > length of 2^17 + 2. But the Identity field in the PSK option has a > maximum > > length of 2^16-1. I presume this never actually happens, but the spec > should > > handle the boundary condition, perhaps by limiting the first two fields > of > > Imported Identity to sum to 2^16-5 bytes or something. > > I'll leave this one for the authors. >
I can see how someone would want this, but in practice that's not how it's generally done in TLS. Trying to compute the precise upper bounds gets complicated very fast when there are multiple fields. We do generally try to get the lower bound right, though even then there have been mistakes: https://github.com/ekr/tls13-spec/pull/56/files -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
