Sounds good to me. That makes the solution very simple.
The new extension would then work very similar to RFC 8449.
The ExtensionData of the "large_record_size" extension is
uint32 LargeRecordSizeLimit;
When negotiated, all records protected with application_traffic_secret are
changed:
OLD:
struct {
ContentType opaque_type = application_data; /* 23 */
ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
uint16 length;
opaque encrypted_record[TLSCiphertext.length];
} TLSCiphertext;
NEW:
struct {
uint32 length;
opaque encrypted_record[TLSCiphertext.length];
} TLSLargeCiphertext;
OLD:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|0|0|1|C|S|L|E E|
+-+-+-+-+-+-+-+-+
| Connection ID | Legend:
| (if any, |
/ length as / C - Connection ID (CID) present
| negotiated) | S - Sequence number length
+-+-+-+-+-+-+-+-+ L - Length present
| 8 or 16 bit | E - Epoch
|Sequence Number|
+-+-+-+-+-+-+-+-+
| 16 bit Length |
| (if present) |
+-+-+-+-+-+-+-+-+
NEW
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|0|0|1|C|S|L|E E|
+-+-+-+-+-+-+-+-+
| Connection ID | Legend:
| (if any, |
/ length as / C - Connection ID (CID) present
| negotiated) | S - Sequence number length
+-+-+-+-+-+-+-+-+ L - Length present
| 8 or 16 bit | E - Epoch
|Sequence Number|
+-+-+-+-+-+-+-+-+
| 32 bit Length |
| (if present) |
+-+-+-+-+-+-+-+-+
From: TLS <tls-boun...@ietf.org> on behalf of Martin Thomson
<m...@lowentropy.net>
Date: Wednesday, 20 March 2024 at 13:47
To: tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] Next steps for Large Record Sizes for TLS and DTLS
In offline discussion l was convinced that a bigger change might be needed.
The shifting is cute, but we might be able to do better.
This won't be wire compatible with the existing protocol, so maybe just embrace
that and change the record header. This would happen when switching from
handshake protection to application data protection. We can drop the version
and content type and reclaim some of the savings for a longer length field.
On Wed, Mar 20, 2024, at 13:42, John Mattsson wrote:
> Hi,
>
> My summary from the TLS WG session yesterday:
>
> - Let’s adopt and figure out the final details later.
> - Show performance data.
> - Should be new extension, i.e., not used together with "record size
> limit".
> - The new extension should redefine the meaning of the uint16 length
> field in the TLSCiphertext to allow records larger than 2^16 bytes.
>
> Simple suggestion:
>
> In the new extension the client and server negotiate an uint8 value n.
> Client suggest a value n_max. Server selects n where 0 <= n <= n_max or
> rejects the extension. Agreeing on a value n means:
>
> - The length field in the record means 2^n * length bytes instead of
> length bytes. I.e., left shifted similar to the TCP window scale option.
> - The client and server are willing to receive records of size 2^n *
> (2^16 - 1) bytes.
> - Up to 2^n - 1 bytes of padding might be required.
> - AEAD limits are reduced with a factor 2^(n+2).
>
> Thought?
>
> Cheers,
> John Preuß Mattsson
>
> *From: *internet-dra...@ietf.org <internet-dra...@ietf.org>
> *Date: *Tuesday, 5 March 2024 at 06:16
> *To: *John Mattsson <john.matts...@ericsson.com>, Michael Tüxen
> <tue...@fh-muenster.de>, Hannes Tschofenig <hannes.tschofe...@gmx.net>,
> Hannes Tschofenig <hannes.tschofe...@gmx.net>, John Mattsson
> <john.matts...@ericsson.com>, Michael Tuexen <tue...@fh-muenster.de>
> *Subject: *New Version Notification for
> draft-mattsson-tls-super-jumbo-record-limit-02.txt
> A new version of Internet-Draft
> draft-mattsson-tls-super-jumbo-record-limit-02.txt has been successfully
> submitted by John Preuß Mattsson and posted to the
> IETF repository.
>
> Name: draft-mattsson-tls-super-jumbo-record-limit
> Revision: 02
> Title: Large Record Sizes for TLS and DTLS
> Date: 2024-03-04
> Group: Individual Submission
> Pages: 6
> URL:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-mattsson-tls-super-jumbo-record-limit-02.txt&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406539633%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=OMjrxOxbWsSB2PBCpAi83OzLPPdnJEP%2F1lyBB1EvFLM%3D&reserved=0<https://www.ietf.org/archive/id/draft-mattsson-tls-super-jumbo-record-limit-02.txt>
> Status:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-mattsson-tls-super-jumbo-record-limit%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406546672%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=XVjTKWNaluHBY%2FVWzSJ7p5uOg3lGGi7kj6rGf8xTwxU%3D&reserved=0<https://datatracker.ietf.org/doc/draft-mattsson-tls-super-jumbo-record-limit/>
> HTML:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-mattsson-tls-super-jumbo-record-limit-02.html&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406552176%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FVvxBRpt%2FzNzB3gSuibaLV4VjAiWmsR5CM94OmZVy3o%3D&reserved=0<https://www.ietf.org/archive/id/draft-mattsson-tls-super-jumbo-record-limit-02.html>
> HTMLized:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-mattsson-tls-super-jumbo-record-limit&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406556177%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Lcmo5nY%2Fxq9iCsIrMtqzwr2banzyxaqpM6R5MJzht0o%3D&reserved=0<https://datatracker.ietf.org/doc/html/draft-mattsson-tls-super-jumbo-record-limit>
> Diff:
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-mattsson-tls-super-jumbo-record-limit-02&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406560362%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=00G5NyvowjgAW7WWiXjmD337Zf%2Fw%2FNgaT2PRfXzMrcg%3D&reserved=0<https://author-tools.ietf.org/iddiff?url2=draft-mattsson-tls-super-jumbo-record-limit-02>
>
> Abstract:
>
> RFC 8449 defines a record size limit extension for TLS and DTLS
> allowing endpoints to negotiate a record size limit smaller than the
> protocol-defined maximum record size, which is around 2^14 bytes.
> This document specifies a TLS flag extension to be used in
> combination with the record size limit extension allowing endpoints
> to use a record size limit larger than the protocol-defined maximum
> record size, but not more than about 2^16 bytes.
>
>
>
> The IETF Secretariat
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406564817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AMG1oWGtRdyPeRK5NaqPf6PhjzTSDSgFRFfj8ktqHWQ%3D&reserved=0<https://www.ietf.org/mailman/listinfo/tls>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C162b752f6c2948a0998a08dc48907011%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638465032406568465%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ec0BixMocrt%2BxBU91HaQ3v6oLemcc5IzsMiJE%2FmxiNU%3D&reserved=0<https://www.ietf.org/mailman/listinfo/tls>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
