On 02/19/2018 11:55 AM, Jim Schaad wrote: > >> -----Original Message----- >> From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] >> Sent: Monday, February 19, 2018 9:51 AM >> To: Jim Schaad <i...@augustcellars.com> >> Cc: 'Martin Thomson' <martin.thom...@gmail.com>; tls@ietf.org; draft-ietf- >> tls-record-li...@ietf.org >> Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit >> >> On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote: >>> >>>> -----Original Message----- >>>> From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] >>>> Sent: Monday, February 19, 2018 9:18 AM >>>> To: Jim Schaad <i...@augustcellars.com> >>>> Cc: 'Martin Thomson' <martin.thom...@gmail.com>; tls@ietf.org; >>>> draft-ietf- tls-record-li...@ietf.org >>>> Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit >>>> >>>> >>>> You need to consider the case where there is some unknown-to-server >>>> extension that happens to alter the limit. >>> I am not sure how, as a that server, I could possibly do that. I >>> can't act on something I don't understand. >> Because the server can not know the semantics of unknown extensions, it has >> to assume any such can alter the maximum limit. Of course, when it comes to >> that, the server could just not error on too large limits regardless of other >> extensions. > But if the server does not understand the new extension, then it would not be > returned to the client so that the client would understand how the server > decided on what the maximum value that it is going to use for the client is. > The client can then abort the connection if it does not like the new limit. > However, I think that this would only affect the MAY in the proposed text. > >
Consider the hypothetical case where we define an extension my_mtu_is_absurd, that lets you send 2**16-1-byte records, so the client sends that extension as well as a record_size_limit extension including the 2**16-1-byte value. A server that does not know about my_mtu_is_absurd might say "this value 2**16-1 is way too big; I'm going to abort", and that's the behavior that we're trying to prevent. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
