[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Datagram TLS

To: "'Eric Rescorla'" <ekr@rtfm.com>, <ipsec@lists.tislabs.com>, <ietf-tls@lists.certicom.com>
Subject: RE: Datagram TLS
From: "Yoav Nir" <ynir@checkpoint.com>
Date: Wed, 4 Feb 2004 15:49:30 +0200
Importance: Normal
In-reply-to: <20040130170427.D34967224@sierra.rtfm.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Eric.

Here's two comments:

1. In section 3.2.1 (Packet Loss), as well as 4.2.4 you state that both
client and server should keep a retransmission timer and retransmit when it
expires.  This raises the question of who retransmits first, the client or
the server.  This leads to an unpredictable flow, which leads to race
conditions for implementations.  For the case of the HelloVerifyRequest we
have an additional disadvantage in that it requires the gateway to keep a
state.  I suggest that the client alone retransmits, and the server only
replies.  After receiving the second ClientHello it should keep enough state
to retransmit its previous reply, but it should never retransmit on its own.
IMO this makes the protocol flow more predictable and easy to analyze.
It does require that all negotiations have an even number of flights, like
in IKEv2, and unlike IKEv1.

2. In section 4.2.1 (Denial of Service Countermeasures) it is stated that
the technique used by Photuris is used to generate and to verify the
stateless cookie in the ClientHello message.  I believe that Internet drafts
should only mandate things that are necessary for interoperability.  In this
case, the cookie is generated and verified by the same server.  There should
be no mandate for the protocol.  I suggest that the Photuris technique be
mentioned only as a suggestion and that the PHOTURIS document be Informative
rather than Normative.  That way, if someone creates a stateless cookie
technique that's better than Photuris, you won't have to change the draft.



-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Eric Rescorla
Sent: Friday, January 30, 2004 7:04 PM
To: ipsec@lists.tislabs.com; ietf-tls@lists.certicom.com
Subject: Datagram TLS


This seems relevant to these working groups.

Although TLS is quite useful as a generic security layer protocol for
lots of applications, it is limited by its reliance on datagram
transport. It seems like it would be useful to deploy TLS-style security
for datagram apps. To this end, Nagendra Modadugu and I have designed a
variant on TLS which works properly over datagram transport but is
otherwise intended to be as similar to TLS as possible.

http://www.ietf.org/internet-drafts/draft-rescorla-dtls-00.txt

Comments welcome...

-Ekr

Prev by Date: Re: IANA document
Next by Date: Re: IANA document
Previous by thread: Re: Datagram TLS
Next by thread: Re: Issue #76: TFC padding in ESPv3 and requirments for IKEv2
Index(es):
- Date
- Thread