Re: [hybi] On TLS-only Approaches
John Tamplin <jat@google.com> Mon, 23 August 2010 04:30 UTC
Return-Path: <jat@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 570153A697D for <hybi@core3.amsl.com>; Sun, 22 Aug 2010 21:30:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.368
X-Spam-Level:
X-Spam-Status: No, score=-105.368 tagged_above=-999 required=5 tests=[AWL=0.608, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jk45URWttWtM for <hybi@core3.amsl.com>; Sun, 22 Aug 2010 21:29:55 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 9F1683A6823 for <hybi@ietf.org>; Sun, 22 Aug 2010 21:29:54 -0700 (PDT)
Received: from wpaz37.hot.corp.google.com (wpaz37.hot.corp.google.com [172.24.198.101]) by smtp-out.google.com with ESMTP id o7N4URYC012578 for <hybi@ietf.org>; Sun, 22 Aug 2010 21:30:27 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1282537827; bh=+OOgCsNHYN6VtW+HZWGl34Knpww=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Jhq4Dx/VuRJrUvG+gQ1HCjy3t1xYqIMEsjdlqyqzjrOK2JdTYKrlaHfeOwIclx69x eQ8aP+xHkMc1oAcnkaTtg==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=s/kwf9Ox9DB2OG6hMGN/sYESXlglgB6qRPncf2NTa9pjndJoa6wFF2333DsR6+U/Z ZncxmcTol49hgYYXlxJPw==
Received: from gxk27 (gxk27.prod.google.com [10.202.11.27]) by wpaz37.hot.corp.google.com with ESMTP id o7N4UGPx002114 for <hybi@ietf.org>; Sun, 22 Aug 2010 21:30:26 -0700
Received: by gxk27 with SMTP id 27so2179162gxk.22 for <hybi@ietf.org>; Sun, 22 Aug 2010 21:30:26 -0700 (PDT)
Received: by 10.151.15.10 with SMTP id s10mr4514731ybi.371.1282537826106; Sun, 22 Aug 2010 21:30:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.103.4 with HTTP; Sun, 22 Aug 2010 21:30:06 -0700 (PDT)
In-Reply-To: <AANLkTin5b-EsvSpAGNuOKCWDea_yA11dnRe1y3MNO0+G@mail.gmail.com>
References: <AANLkTikJcbyEZ-Y0FOXni89L8Awa_UBmMMDvLgsOuoou@mail.gmail.com> <AANLkTin3r+f1Fn_X5O401PSANRrcgttLR-P4qMJZWKtV@mail.gmail.com> <A8694FF9-334D-42D9-ADDB-6AC23890F9DA@apple.com> <AANLkTinmfRG3qDUK0gYeDV2JEZP74CKWjSD42Mhi=+R+@mail.gmail.com> <AANLkTin5b-EsvSpAGNuOKCWDea_yA11dnRe1y3MNO0+G@mail.gmail.com>
From: John Tamplin <jat@google.com>
Date: Mon, 23 Aug 2010 00:30:06 -0400
Message-ID: <AANLkTimC6hmpDJk48Op8oUSObiMgUd6jhiKWmsn8V4VU@mail.gmail.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: multipart/alternative; boundary="000e0cd6e81e893f54048e761b89"
X-System-Of-Record: true
Cc: Server-Initiated HTTP <hybi@ietf.org>
Subject: Re: [hybi] On TLS-only Approaches
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2010 04:30:55 -0000
X-List-Received-Date: Mon, 23 Aug 2010 04:30:55 -0000
On Mon, Aug 23, 2010 at 12:13 AM, Adam Barth <ietf@adambarth.com> wrote: > I should probably let EKR respond here, but I'll ask anyway. What > does the message overhead look like for the null cipher spec? We > don't necessarily need to use a non-null cipher spec for ws even if we > use a TLS handshake (of course, we need a reasonable cipher spec for > wss). It looks to me, according to openssl ciphers, the only NULL cipher supported is AECDH-NULL-SHA which still does SHA1 for integrity protection, so I assume it would have the same overhead. RFC4346 seems to indicate a TLS_NULL_WITH_NULL_NULL CipherSuite option which would have a 0-byte MAC, so presumably you would only pay the 5-byte record overhead and there would be no padding. That is more reasonable, but still seems large considering we have been arguing over a few bytes in the framing. -- John A. Tamplin Software Engineer (GWT), Google
- Re: [hybi] On TLS-only Approaches Adam Barth
- Re: [hybi] On TLS-only Approaches John Tamplin
- [hybi] On TLS-only Approaches Eric Rescorla
- Re: [hybi] On TLS-only Approaches Roberto Peon
- Re: [hybi] On TLS-only Approaches John Tamplin
- Re: [hybi] On TLS-only Approaches Adam Barth
- Re: [hybi] On TLS-only Approaches John Tamplin
- Re: [hybi] On TLS-only Approaches Adam Barth
- Re: [hybi] On TLS-only Approaches Mark Nottingham
- Re: [hybi] On TLS-only Approaches Adam Barth
- Re: [hybi] On TLS-only Approaches Maciej Stachowiak
- Re: [hybi] On TLS-only Approaches Maciej Stachowiak
- Re: [hybi] On TLS-only Approaches Maciej Stachowiak
- Re: [hybi] On TLS-only Approaches John Tamplin
- Re: [hybi] On TLS-only Approaches Adam Barth
- Re: [hybi] On TLS-only Approaches Mike Belshe
- Re: [hybi] On TLS-only Approaches Mark Nottingham
- Re: [hybi] On TLS-only Approaches Brian Smith
- Re: [hybi] On TLS-only Approaches Shelby Moore
- Re: [hybi] On TLS-only Approaches Eric Rescorla
- Re: [hybi] On TLS-only Approaches Daniel Stenberg