IETF Logo Mail Archive

Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05

Matt Corallo <tcpinc@bluematt.me> Mon, 02 November 2015 02:05 UTC

Return-Path: <tcpinc@bluematt.me>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9531B4191 for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 18:05:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ss5b8dscFcuR for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 18:05:44 -0800 (PST)
Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2EB11B4148 for <tcpinc@ietf.org>; Sun, 1 Nov 2015 18:05:44 -0800 (PST)
Received: from [172.17.0.1] (gw.vpn.bluematt.me [162.243.132.6]) by mail.bluematt.me (Postfix) with ESMTPSA id CC15E539F7; Mon, 2 Nov 2015 02:05:43 +0000 (UTC)
To: Eric Rescorla <ekr@rtfm.com>
References: <56267097.7060509@tik.ee.ethz.ch> <5636BE5A.9090408@bluematt.me> <CABcZeBPjvHuycOu-QtA6ScuvHErhyvHF+YLxd7Cd7LxfJtikZw@mail.gmail.com> <5636C31E.9060202@bluematt.me> <CABcZeBNztS5svgwjyVRoSSBRXy=uWh1+RSBsNckTGNfAxEiSNg@mail.gmail.com>
From: Matt Corallo <tcpinc@bluematt.me>
Message-ID: <5636C4F6.7010809@bluematt.me>
Date: Mon, 02 Nov 2015 02:05:42 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBNztS5svgwjyVRoSSBRXy=uWh1+RSBsNckTGNfAxEiSNg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/4HBM8tDRVoaKFNdxO5HyEXT-g0A>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 02:05:46 -0000

Am I incorrect in reading that both tls-option and tcpcrypt require a
full three-way-handshake, and then the client is unable to send data for
another round-trip as it must wait for another response from the server
before session keys have been agreed upon?

Moving client pubkeys into SYN is slightly crazy, but would shave off a
RTT before client's first send.

On 11/02/15 01:59, Eric Rescorla wrote:
> 
> 
> On Mon, Nov 2, 2015 at 10:57 AM, Matt Corallo <tcpinc@bluematt.me
> <mailto:tcpinc@bluematt.me>> wrote:
> 
>     Indeed, it does effect both tls-option and tcpcrypt as written. However,
>     fixing it in tls-option appears to require departing from TLS, 
> 
> 
> Again, I don't believe that this is correct.  The mode described here
> is the basic operating mode for TLS 1.3 [0].
> 
> -Ekr
> 
> [0] TLS 1.2 is equally fast to the client's first send (if you use False
> Start)
> but slower for the server's.
> 
> 
>     whereas
>     fixing it in tcpcrypt does not.
> 
>     On 11/02/15 01:42, Eric Rescorla wrote:
>     > On Mon, Nov 2, 2015 at 10:37 AM, Matt Corallo <tcpinc@bluematt.me <mailto:tcpinc@bluematt.me>
>     > <mailto:tcpinc@bluematt.me <mailto:tcpinc@bluematt.me>>> wrote:
>     >
>     >     I do not support adopting tcpinc-tls-option because:
>     >
>     >     * Using TLS (even a limited set of allowed options) as the tcpinc
>     >     mechanism loses the "defense in depth" property that tcpinc nicely
>     >     provides for some applications.
>     >     * I believe the extra round-trip for new connections to a new
>     server
>     >     will significantly harm adoption of such a proposal.
>     >
>     >
>     > Can you elaborate on this? As indicated in the document, in TLS 1.3
>     > the server can send his first byte upon receiving the client's first
>     > handshake message (in the ACK) and the client can send upon
>     > receiving the server's first handshake message (in the server's
>     > response to that message). I believe this shares the same latency
>     > characteristics as tcpcrypt.
>     >
>     > -Ekr
> 
> 
> 
> 
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc
>

v2.23.0 | Report a Bug | By Email