On Mon, Feb 19, 2018 at 09:55:51AM -0800, Jim Schaad wrote:
> > -----Original Message-----
> > From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com]
> > Sent: Monday, February 19, 2018 9:51 AM
> > To: Jim Schaad <i...@augustcellars.com>
> > Cc: 'Martin Thomson' <martin.thom...@gmail.com>; tls@ietf.org; draft-ietf-
> > tls-record-li...@ietf.org
> > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
> >
> > Because the server can not know the semantics of unknown extensions, it has
> > to assume any such can alter the maximum limit. Of course, when it comes to
> > that, the server could just not error on too large limits regardless of 
> > other
> > extensions.
> But if the server does not understand the new extension, then it would
> not be returned to the client so that the client would understand how
> the server decided on what the maximum value that it is going to use for
> the client is.  The client can then abort the connection if it does not
> like the new limit.  However, I think that this would only affect the
> MAY in the proposed text.

Suppose client supports large-records extension that allows records up
to 65535 bytes, but the server does not know about this extension.

Then ClientHello which has record size limit of 65519 and the
extension MUST NOT cause an abort, because such ClientHello is fully

This would be very unusual requirement. So better to specify that the
server MUST accept overly large values, internally truncating to the
negotiated protocol maximums or implementation maximums, whichever is

The server to client direction is different matter. Client always
understands all server extensions (there is a requirement to abort
otherwise) so it knows what is the maximum possible record size for
the negotiated protocol and can check that. However, it must still
internally trunccate that to implementation maximums.

Also, the values are capability advertisments, so the server value can
be larger or smaller than the client value. Following is fully legal
and well-defined in TLS 1.3:

Client: maximum-record-size=1025 (do not send me more than 1024 bytes
of record plaintext).
Server: maximum-record-size=16385 (understood, send me any size you
like within protocol limits).


TLS mailing list

Reply via email to