Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ben Kaduk's TLS Comment 25 #4501

Closed
LPardue opened this issue Jan 6, 2021 · 3 comments
Closed

Ben Kaduk's TLS Comment 25 #4501

LPardue opened this issue Jan 6, 2021 · 3 comments
Labels
-tls editorial An issue that does not affect the design of the protocol; does not require consensus. iesg An issue raised during IESG review.
Projects
Late Stage Processing
Milestone
tls-iesg

Comments

@LPardue
Copy link
Member

LPardue commented Jan 6, 2021

@kaduk said:

Section 9

In various places (e.g., §4.1.4) we recommend to buffer (or "retain")
data that cannot be processed yet. Perhaps it goes without saying, but
such buffering needs limits in place in order to avoid DoS.

It may be too banal to mention again here that the Initial secret/keys
are not particularly secure, but I'll mention it just in case we want
to.
@LPardue LPardue added -tls iesg An issue raised during IESG review. labels Jan 6, 2021
@LPardue LPardue added this to the tls-iesg milestone Jan 6, 2021
@martinthomson martinthomson added the editorial An issue that does not affect the design of the protocol; does not require consensus. label Jan 6, 2021
@martinthomson
Copy link
Member

Two separate comments in this issue:

  1. We address buffering and retention in Section 7.5 of the transport doc and referenced in Section 4.1.3. I think that suffices.
  2. Given that we dedicate Section 7 to the issue of "security" for Initial packets, it probably isn't necessary to repeat things here. (We might consider moving Section 7 to this section, I guess. I just don't like the grab-bag that is security considerations.)

I don't think we should do anything in response to this, though I might be convinced to move Section 7. I will say that it's really annoying to move sections, so I'd need a push.

@seanturner
Copy link
Contributor

I do not see any reason to move it. This entire document is all about security considerations.

@kaduk
Copy link
Contributor

kaduk commented Jan 10, 2021

  1. We address buffering and retention in Section 7.5 of the transport doc and referenced in Section 4.1.3. I think that suffices.

Yes, that looks like it should suffice. (I read -tls before -transport and didn't think to check if -transport said anything on this topic.)

  1. Given that we dedicate Section 7 to the issue of "security" for Initial packets, it probably isn't necessary to repeat things here. (We might consider moving Section 7 to this section, I guess. I just don't like the grab-bag that is security considerations.)

I only mentioned it because sometimes people skip to the named security considerations section and pretend they can ignore the rest of the document. That's ill-advised, of course, and we need not go out of our way to support it -- we do already say that there are many security-relevant details in the rest of the document. So this one is looking like close with no change, and thanks for the pointer to the transport section.

@larseggert larseggert added this to Triage in Late Stage Processing via automation Jan 11, 2021
Late Stage Processing automation moved this from Triage to Issue Handled Jan 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-tls editorial An issue that does not affect the design of the protocol; does not require consensus. iesg An issue raised during IESG review.
Projects
Late Stage Processing
  
Issue Handled
Milestone
tls-iesg
Development

No branches or pull requests
4 participants
@martinthomson @kaduk @seanturner @LPardue