On 20.03.24 11:08, David Benjamin wrote:
I can't say what was going on in the SSLv3 days, but yes record size limits are important for memory. Whatever the maximum record size is, the peer can force you to buffer that many bytes in memory. That means the maximum record size is actually a DoS parameter for the protocol.
Ok, that at least confirms the theory.The difference between 16KiB and 64KiB seems small with current computers, but I suppose back in the SSL days this was a huge difference and a nice side effect for current embedded systems with limited memory.
I think what puzzled me most was that there was no explanation at all about why that limit is there. It seemed a bit random (why 2^14 and not 2^15 or 2^10), and whenever there is a restriction like that, IMHO there should be some explanation as to why it is that way.
Looking at specs from an implementer's and researcher's view, implementers want to understand why they need to follow specific restrictions, researchers want to know what assumptions were made, so they can prove that the assumptions were correct (or use that assumption in their research).
Also for future specifications, it's always good to have rationales so you can understand if a proposal that would change that (like the Large Record Sizes draft) would break things or not. Maybe there is a not immediately obvious reason as to why a seemingly-arbitrary restriction is put in place.
But I guess this is not an issue single to TLS, but for all IETF documents. Cheers, Janfred -- Herr Jan-Frederik Rieckers Security, Trust & Identity Services E-Mail: rieck...@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370 Pronomen: er/sein | Pronouns: he/him __________________________________________________________________________________DFN - Deutsches Forschungsnetz | German National Research and Education Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1 | 10178 Berlin https://www.dfn.deVorstand: Prof. Dr.-Ing. Stefan Wesner | Prof. Dr. Helmut Reiser | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch VR AG Charlottenburg 7729B | USt.-ID. DE 136623822
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
