Record Size Limit Extension for Transport Layer Security (TLS)
draft-ietf-tls-record-limit-01

Document Type Active Internet-Draft (tls WG)
Last updated 2017-09-07
Replaces draft-thomson-tls-record-limit
Stream IETF
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
TLS                                                           M. Thomson
Internet-Draft                                                   Mozilla
Updates: 6066 (if approved)                            September 7, 2017
Intended status: Standards Track
Expires: March 11, 2018

     Record Size Limit Extension for Transport Layer Security (TLS)
                     draft-ietf-tls-record-limit-01

Abstract

   An extension to Transport Layer Security (TLS) is defined that allows
   endpoints to negotiate the maximum size of protected records that
   each will send the other.

   This replaces the maximum fragment length extension defined in RFC
   6066.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 11, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Thomson                  Expires March 11, 2018                 [Page 1]
Internet-Draft              TLS Record Limit              September 2017

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Limitations of the "max_fragment_length" Extension  . . . . .   3
   4.  The "record_size_limit" Extension . . . . . . . . . . . . . .   4
     4.1.  Record Expansion Limits . . . . . . . . . . . . . . . . .   5
   5.  Deprecating "max_fragment_length" . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   Implementing Transport Layer Security (TLS) [I-D.ietf-tls-tls13] for
   constrained devices can be challenging.  However, recent improvements
   to the design and implementation of cryptographic algorithms have
   made TLS accessible to some highly limited devices (see for example
   [RFC7925]).

   Receiving large protected records can be particularly difficult for a
   device with limited operating memory.  TLS versions 1.2 and earlier
   [RFC5246] permit senders to generate records 16384 octets in size,
   plus any expansion from compression and protection up to 2048 octets
   (though typically this expansion is only 16 octets).  TLS 1.3 reduces
   the allowance for expansion to 256 octets.  Allocating up to 18K of
   memory for ciphertext is beyond the capacity of some implementations.

   An Authentication Encryption with Additional Data (AEAD) ciphers (see
   [RFC5116]) API requires that an entire record be present to decrypt
   and authenticate it.  Similarly, other ciphers cannot produce
   authenticated data until the entire record is present.  Thus,
   incremental processing of records minimally exposes endpoints to the
   risk of forged data.

   The "max_fragment_length" extension [RFC6066] was designed to enable
   constrained clients to negotiate a lower record size.  However,
   "max_fragment_length" suffers from several design problems (see
   Section 3).

Thomson                  Expires March 11, 2018                 [Page 2]
Internet-Draft              TLS Record Limit              September 2017
Show full document text