Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05
Matt Corallo <tcpinc@bluematt.me> Mon, 02 November 2015 02:01 UTC
Return-Path: <tcpinc@bluematt.me>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242ED1B4177 for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 18:01:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ml0pAlZSOQRq for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 18:01:19 -0800 (PST)
Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23BAB1B4168 for <tcpinc@ietf.org>; Sun, 1 Nov 2015 18:01:19 -0800 (PST)
Received: from [172.17.0.1] (gw.vpn.bluematt.me [162.243.132.6]) by mail.bluematt.me (Postfix) with ESMTPSA id EF60A539F7; Mon, 2 Nov 2015 02:01:17 +0000 (UTC)
To: Eric Rescorla <ekr@rtfm.com>
References: <56267097.7060509@tik.ee.ethz.ch> <5636BE5A.9090408@bluematt.me> <CABcZeBPjvHuycOu-QtA6ScuvHErhyvHF+YLxd7Cd7LxfJtikZw@mail.gmail.com> <5636C31E.9060202@bluematt.me>
From: Matt Corallo <tcpinc@bluematt.me>
Message-ID: <5636C3EC.8010401@bluematt.me>
Date: Mon, 02 Nov 2015 02:01:16 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <5636C31E.9060202@bluematt.me>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/jGjNvPlmIBNlB5mHgt9EkBUBU8A>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 02:01:21 -0000
I should also mention this is due to the way tcp-eno is written, but my point is, even if tcp-eno were rewritten, tls-option would have to depart from tls further to fix it. On 11/02/15 01:57, Matt Corallo wrote: > Indeed, it does effect both tls-option and tcpcrypt as written. However, > fixing it in tls-option appears to require departing from TLS, whereas > fixing it in tcpcrypt does not. > > On 11/02/15 01:42, Eric Rescorla wrote: >> On Mon, Nov 2, 2015 at 10:37 AM, Matt Corallo <tcpinc@bluematt.me >> <mailto:tcpinc@bluematt.me>> wrote: >> >> I do not support adopting tcpinc-tls-option because: >> >> * Using TLS (even a limited set of allowed options) as the tcpinc >> mechanism loses the "defense in depth" property that tcpinc nicely >> provides for some applications. >> * I believe the extra round-trip for new connections to a new server >> will significantly harm adoption of such a proposal. >> >> >> Can you elaborate on this? As indicated in the document, in TLS 1.3 >> the server can send his first byte upon receiving the client's first >> handshake message (in the ACK) and the client can send upon >> receiving the server's first handshake message (in the server's >> response to that message). I believe this shares the same latency >> characteristics as tcpcrypt. >> >> -Ekr > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc >
- [tcpinc] Call for adoption of draft-rescorla-tcpi… Mirja Kühlewind
- Re: [tcpinc] Call for adoption of draft-rescorla-… Stephen Farrell
- Re: [tcpinc] Call for adoption of draft-rescorla-… Ted Hardie
- Re: [tcpinc] Call for adoption of draft-rescorla-… DIEGO LOPEZ GARCIA
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eggert, Lars
- Re: [tcpinc] Call for adoption of draft-rescorla-… emile.stephan
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Yuchung Cheng
- Re: [tcpinc] Call for adoption of draft-rescorla-… ianG
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Border, John
- Re: [tcpinc] Call for adoption of draft-rescorla-… Derek Fawcus
- Re: [tcpinc] Call for adoption of draft-rescorla-… Stephen Kent
- [tcpinc] Reminder: 2 days left [was: Re: Call for… Mirja Kühlewind
- Re: [tcpinc] Call for adoption of draft-rescorla-… Matt Corallo
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Matt Corallo
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Matt Corallo
- Re: [tcpinc] Call for adoption of draft-rescorla-… Matt Corallo
- Re: [tcpinc] Call for adoption of draft-rescorla-… Eric Rescorla
- Re: [tcpinc] Call for adoption of draft-rescorla-… Martin Thomson
- Re: [tcpinc] Call for adoption of draft-rescorla-… Cullen Jennings
- Re: [tcpinc] Call for adoption of draft-rescorla-… Joseph Lorenzo Hall
- Re: [tcpinc] Call for adoption of draft-rescorla-… Sean Turner
- Re: [tcpinc] Call for adoption of draft-rescorla-… David Mazieres