Ekr, I appreciate that this is hard to represent in 8446 notation. Would it be possible to add some text in 4.1 that says "Due to the maximum size of the PSK extension, the external_identity and context fields MUST sum to a length of 2^16-5", or something to that effect?
IMO, it would be unfortunate if the PSK Importer interface allowed parameters that result in undefined behavior on the wire. If this is unworkable or very very dumb for some other reason, I am willing to accept that feedback. Martin On Thu, Jan 7, 2021 at 4:57 PM Eric Rescorla <e...@rtfm.com> wrote: > > > On Thu, Jan 7, 2021 at 4:39 PM Benjamin Kaduk <ka...@mit.edu> wrote: > >> On Mon, Jan 04, 2021 at 03:40:34PM -0800, Martin Duke via Datatracker >> wrote: >> > Martin Duke has entered the following ballot position for >> > draft-ietf-tls-external-psk-importer-06: Discuss >> > >> > When responding, please keep the subject line intact and reply to all >> > email addresses included in the To and CC lines. (Feel free to cut this >> > introductory paragraph, however.) >> > >> > >> > Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html >> > for more information about IESG DISCUSS and COMMENT positions. >> > >> > >> > The document, along with other ballot positions, can be found here: >> > https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-importer/ >> > >> > >> > >> > ---------------------------------------------------------------------- >> > DISCUSS: >> > ---------------------------------------------------------------------- >> > >> > This is probably just my own ignorance, but I see two potential >> problems in Sec >> > 4.1. >> > >> > - 'The identity of "ipskx" as sent on the wire is ImportedIdentity, >> i.e., the >> > serialized content of ImportedIdentity is used as the content of >> > PskIdentity.identity in the PSK extension.' IIUC ImportedIdentity has a >> maximum >> > length of 2^17 + 2. But the Identity field in the PSK option has a >> maximum >> > length of 2^16-1. I presume this never actually happens, but the spec >> should >> > handle the boundary condition, perhaps by limiting the first two fields >> of >> > Imported Identity to sum to 2^16-5 bytes or something. >> >> I'll leave this one for the authors. >> > > I can see how someone would want this, but in practice that's not how it's > generally done in TLS. Trying to compute the precise upper bounds gets > complicated very fast when there are multiple fields. We do generally > try to get the lower bound right, though even then there have been > mistakes: > > https://github.com/ekr/tls13-spec/pull/56/files > > -Ekr >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
