I don't support this PR. Compactness of wire presentation is important (and acknowledged - why would there be a compressed header otherwise) and implicit CIDs should hence allowed and authenticated via AEAD additional data, preferably by generally adopting the pseudo header AAD approach. Disappointingly, despite its length the discussion so far has failed to point out concrete problems with the resulting header format malleability.
________________________________ From: TLS <[email protected]> on behalf of Christopher Wood <[email protected]> Sent: Friday, May 22, 2020 1:09 AM To: Thomas Fossati <[email protected]>; [email protected] <[email protected]> Subject: Re: [TLS] Banning implicit CIDs in DTLS On Thu, May 21, 2020, at 9:22 AM, Thomas Fossati wrote: > Hi Chris, > > On 21/05/2020, 17:00, "Christopher Wood" <[email protected]> wrote: > > *One proposal to address this is by extending the AAD to include the > > pseudo-header. However, the chairs feel this is an unnecessary > > divergence from QUIC. > > I don't understand the "unnecessary" in the above para, i.e., why are we > so tied to QUIC in this case? I'm asking because it looks like this was > a core criterion in the Chairs' proposal. Sorry for the confusion! The point here was that QUIC authenticates what's on the wire, which we felt was important. I should have spelled that out. There are of course other things to consider, as Martin points out. Best, Chris _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
