Record Size Limit Extension for Transport Layer Security (TLS)
draft-ietf-tls-record-limit-03

Document Type Active Internet-Draft (tls WG)
Last updated 2018-05-31 (latest revision 2018-05-17)
Replaces draft-thomson-tls-record-limit
Stream IETF
Intended RFC status Proposed Standard
Formats plain text xml pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Sean Turner
Shepherd write-up Show (last changed 2018-02-01)
IESG IESG state RFC Ed Queue
Consensus Boilerplate Yes
Telechat date
Responsible AD Benjamin Kaduk
Send notices to Sean Turner <sean@sn3rd.com>
IANA IANA review state IANA OK - Actions Needed
IANA action state On Hold
RFC Editor RFC Editor state EDIT
TLS                                                           M. Thomson
Internet-Draft                                                   Mozilla
Updates: 6066 (if approved)                                 May 17, 2018
Intended status: Standards Track
Expires: November 18, 2018

     Record Size Limit Extension for Transport Layer Security (TLS)
                     draft-ietf-tls-record-limit-03

Abstract

   An extension to Transport Layer Security (TLS) is defined that allows
   endpoints to negotiate the maximum size of protected records that
   each will send the other.

   This replaces the maximum fragment length extension defined in RFC
   6066.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 18, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Thomson                 Expires November 18, 2018               [Page 1]
Internet-Draft              TLS Record Limit                    May 2018

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Limitations of the "max_fragment_length" Extension  . . . . .   3
   4.  The "record_size_limit" Extension . . . . . . . . . . . . . .   4
     4.1.  Record Expansion Limits . . . . . . . . . . . . . . . . .   6
   5.  Deprecating "max_fragment_length" . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Implementing Transport Layer Security (TLS) [TLS] or Datagram TLS
   (DTLS) [DTLS] constrained devices can be challenging.  However,
   recent improvements to the design and implementation of cryptographic
   algorithms have made TLS accessible to some highly limited devices
   (see for example [RFC7925]).

   Receiving large protected records can be particularly difficult for a
   device with limited operating memory.  TLS versions 1.2 and earlier
   [RFC5246] permit senders to generate records 16384 octets in size,
   plus any expansion from compression and protection up to 2048 octets
   (though typically this expansion is only 16 octets).  TLS 1.3 reduces
   the allowance for expansion to 256 octets.  Allocating up to 18K of
   memory for ciphertext is beyond the capacity of some implementations.

   An Authentication Encryption with Additional Data (AEAD) cipher (see
   [RFC5116]) API requires that an entire record be present to decrypt
   and authenticate it.  Similarly, other ciphers cannot produce
   authenticated data until the entire record is present.  Incremental
   processing of records could expose endpoints to the risk of forged
   data.

   The "max_fragment_length" extension [RFC6066] was designed to enable
   constrained clients to negotiate a lower record size.  However,
   "max_fragment_length" suffers from several design problems (see
   Section 3).

Thomson                 Expires November 18, 2018               [Page 2]
Internet-Draft              TLS Record Limit                    May 2018

   This document defines a "record_size_limit" extension (Section 4).
   This extension replaces "max_fragment_length" [RFC6066], which this
   document deprecates.  This extension is valid in all versions of TLS.

   A smaller protected record size is just one of many problems that a
Show full document text