IETF Logo Mail Archive

Re: [hybi] On TLS-only Approaches

Roberto Peon <fenix@google.com> Sun, 22 August 2010 19:49 UTC

Return-Path: <fenix@google.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 276393A6952 for <hybi@core3.amsl.com>; Sun, 22 Aug 2010 12:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.105
X-Spam-Level:
X-Spam-Status: No, score=-104.105 tagged_above=-999 required=5 tests=[AWL=1.871, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D42F7ZLbIRt5 for <hybi@core3.amsl.com>; Sun, 22 Aug 2010 12:49:12 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 83BD13A68F9 for <hybi@ietf.org>; Sun, 22 Aug 2010 12:49:11 -0700 (PDT)
Received: from kpbe17.cbf.corp.google.com (kpbe17.cbf.corp.google.com [172.25.105.81]) by smtp-out.google.com with ESMTP id o7MJniZ2003184 for <hybi@ietf.org>; Sun, 22 Aug 2010 12:49:44 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1282506584; bh=ntlG+n5ON3oiCGfbOcLuZPx3fQM=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=oQHVFkQV7wJRiM/bB4WSVevexb0tMlqdcL1K1hWY5c7IrKRqMGIIt8Ait5/NZTyI2 30xApxbOKx9uShKjcpfrQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=Lovvgc2x1rLmvEF4VaF+GYF9VeEOOycXBSm/BGVvF+hT784RZPwqXl5zOOoYX5wTl pu2dip6kEi9rZfS6m8AWA==
Received: from yxe42 (yxe42.prod.google.com [10.190.2.42]) by kpbe17.cbf.corp.google.com with ESMTP id o7MJmsmG001927 for <hybi@ietf.org>; Sun, 22 Aug 2010 12:49:42 -0700
Received: by yxe42 with SMTP id 42so2173751yxe.13 for <hybi@ietf.org>; Sun, 22 Aug 2010 12:49:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.138.4 with SMTP id q4mr4464199ybn.59.1282506581405; Sun, 22 Aug 2010 12:49:41 -0700 (PDT)
Received: by 10.150.177.20 with HTTP; Sun, 22 Aug 2010 12:49:41 -0700 (PDT)
In-Reply-To: <AANLkTikJcbyEZ-Y0FOXni89L8Awa_UBmMMDvLgsOuoou@mail.gmail.com>
References: <AANLkTikJcbyEZ-Y0FOXni89L8Awa_UBmMMDvLgsOuoou@mail.gmail.com>
Date: Sun, 22 Aug 2010 12:49:41 -0700
Message-ID: <AANLkTikCneFuWwmTZvqLEvrPzbngFk-JcyOkdmqeLfq6@mail.gmail.com>
From: Roberto Peon <fenix@google.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="000e0cd72caa34ef00048e6ed5c7"
X-System-Of-Record: true
Cc: Server-Initiated HTTP <hybi@ietf.org>
Subject: Re: [hybi] On TLS-only Approaches
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Aug 2010 19:49:13 -0000

There are downsides from the pure TLS approach, which we've not yet figured
out how to overcome on the SPDY side.
It boils down to ensuring that schools and other institutions can *easily*
perform MITM monitoring/censoring.
We may already be facing these problems as we deploy a new protocol which
their proxies don't understand.

If we allowed/configured the NULL cipher for TLS, then MITM proxies could
still monitor, if perhaps not censor, but you're asking for trouble there.

-=R

On Sun, Aug 22, 2010 at 12:45 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> I'd like to take a brief detour from the topic of framing and (re)discuss
> the topic of whether
> we want to require TLS only. Aside from the obvious security advantages, it
> appears
> that TLS-based approaches are likely to be a lot more successful. Adam
> Langley
> reports (http://www.ietf.org/mail-archive/web/tls/current/msg05593.html)
> that their
> tests show 95% success with TLS-only approaches as compared to 67% with
> HTTP approaches. This argues that people who want to be successful will
> choose
> to run WebSockets over TLS.
>
> OK, you say, so what's the harm in specifying HTTP and HTTPS versions. I
> see
> two arguments against this:
>
> (1) It just increases the attack surface.
> (2) It means that we're forced to design things into this protocol that we
> could get
> from TLS.
>
> Exhibit A for the second argument is of course NPN or something like it.
> Currently,
> we're forced to design a handshake that ensures that the client and server
> are
> both speaking Websockets; this is necessarily a bit hacky and likely to
> either
> make the proxy problem worse (encryption) or cost us a round trip (MAC
> handshake).
> By contrast, if we're really using TLS, then we can just build this
> mechanism into
> TLS without paying any penalty.
>
> I just want to get ahead of one possible objection to this line of
> reasoning: that
> there is a performance penalty for TLS. Even if you don't find the
> arguments that
> TLS perf isn't an issue convincing (
> http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html),
> and FWIW I do, if, as I argue, you're going to pay that cost anyway, then
> our
> goal should be to minimize the cost of the combined system, and that is
> easiest
> to do if we simply assume TLS all the time.
>
> -Ekr
>
>
> _______________________________________________
> hybi mailing list
> hybi@ietf.org
> https://www.ietf.org/mailman/listinfo/hybi
>
>

v2.23.0 | Report a Bug | By Email