Re: [tcpm] SYN/ACK Payloads, draft 01
"Adam Langley" <agl@imperialviolet.org> Wed, 13 August 2008 17:48 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3BEB3A6852; Wed, 13 Aug 2008 10:48:05 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 043303A6852 for <tcpm@core3.amsl.com>; Wed, 13 Aug 2008 10:48:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.457
X-Spam-Level:
X-Spam-Status: No, score=-1.457 tagged_above=-999 required=5 tests=[AWL=0.520, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jp+E3OqwFmoZ for <tcpm@core3.amsl.com>; Wed, 13 Aug 2008 10:48:03 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by core3.amsl.com (Postfix) with ESMTP id D0DD13A67F3 for <tcpm@ietf.org>; Wed, 13 Aug 2008 10:48:03 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so74232rvf.49 for <tcpm@ietf.org>; Wed, 13 Aug 2008 10:47:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=RA9do/Qv7uwl1eDHpuq3HTTN01gzcxAetPRdgvNcDMI=; b=YkUrh8m8Ckxy+swtAQ0ompMpLea++Y3sRAlpK0KaMO+HKVuGJT7JvwEKVcMZM/fnFM X1O2SqLekSf3uItPte/Y3sK/e+T7XUG0r0I+G8ZmkSGVCaD4jl0oNmh95Bldo3RGb2nH FvTpeRaYUwP2i2gIS28vRtT2jgb6owMVUcA+g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=cOL7bbw1IMHMha+G4oUj44SscyeSbRGMI/4ZFHtrYkPoHKYdlbMDsJ0zHrYlw/rJ7F xHGgOLZixkfGSoD4HieyVH1Ihj2cc7f67mYbehTecIIPpm6357DMwN6B9j4bKrOmgBBD fSIgowlTbqWOztXGlLfI2lNZl8fWdlu12bcUA=
Received: by 10.141.176.13 with SMTP id d13mr73825rvp.196.1218649677134; Wed, 13 Aug 2008 10:47:57 -0700 (PDT)
Received: by 10.141.37.3 with HTTP; Wed, 13 Aug 2008 10:47:57 -0700 (PDT)
Message-ID: <396556a20808131047q781675a3if23d727ef5ae918f@mail.gmail.com>
Date: Wed, 13 Aug 2008 10:47:57 -0700
From: Adam Langley <agl@imperialviolet.org>
To: Eric Rescorla <ekr@networkresonance.com>
In-Reply-To: <20080813172752.AA7A650846@romeo.rtfm.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <396556a20808111035s2b974233o1e9d3671e82e3350@mail.gmail.com> <20080813172752.AA7A650846@romeo.rtfm.com>
X-Google-Sender-Auth: e14f5e4e880ec2db
Cc: tcpm@ietf.org
Subject: Re: [tcpm] SYN/ACK Payloads, draft 01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Wed, Aug 13, 2008 at 10:27 AM, Eric Rescorla <ekr@networkresonance.com> wrote: > S 4. Opportunistic HTTP Encryption > > As I understand this mechanism, what's being proposed is this: [snip] > Do I have that right? Yep, > 1. The PPExt payload is overloaded here. First, it's signalling > a transport message "it's OK to put stuff in the SYN/ACK". Second, > it's signalling an application layer message "It's OK to send me > a crypto handshake as the first thing you send." Note that in > an ordinary HTTP connection, this data would be invalid. Actually, it's only signaling the application extension. The SYNACK payloads are valid in any TCP connection, although this spec does make some guarantees about weather the stacks will process them. > This overloading seems fairly unwise, since it would preclude > any other use of this SYN/ACK payload in the future. The format of the SYNACK payload for this scheme is similar to the option space: i.e. it's a tagged, extensible payload. > 2. It's not clear to me that opportunistic security for HTTP is that > great. Unlike, for instance, SMTP, HTTP fetches are nearly always > the result of some URI, so it's very easy to simply indicate > in the URI that the server supports HTTPS. This is superior > from a security perspective for the usual reasons (referential > integrity, etc...) I believe that there's a use for a low-cost cryptographic scheme, such as this. Despite widespread TLS deployment, most traffic is still in the clear, including semi-sensitive information. I would rather that traffic be protected with TLS but, since that isn't happening, I would rather this than nothing. Opinions on this vary. Some folks think it's a great idea (including some working on implementing the TLS Fast-Track you cite below), some, like you are unimpressed. Fundamentally, I'm only asking for an option number to try it out. > 4. Some of the latency benefit you're getting here is from not > negotiating the crypto algorithms; this is why in TLS the > client speaks first. This isn't an issue for the symmetric > algorithm since the server could provide a list, but it's > a real issue for the asymmetric algorithm, since it provides > no agility in the case of upgrade or compromise. If, for > instance, someone successfully attacks this curve but there > are other, strong curves available, then we'd be hosed. Firstly, this isn't rigorous crypto, so the primitives here are in the enviable situation of being good enough if it's infeasible to break them in near-real time. If you want real security, use TLS. As mentioned above, the SYNACK payload is a tagged structure. Since there are very tight space constraints it probably wouldn't be possible to offer several elliptic curve points, but if curve25519 were totally broken there is a gradual upgrade path by upgrading clients and then switching servers to offer another tag with a different curve. Older clients would fall back to no encryption, but it doesn't require a flag day. > It's true that SSH latency is really bad, but it's really much > worse than you suggest, since the authentication handshake takes > several exchanges as well. [GutXX] It's not clear to me that removing > 1 RTT helps here. I'm skeptical that there are really that > many applications that involve bringing up and tearing down > a lot of SSH connections. You're correct. This isn't the greatest example, I was just looking for some diversity to suggest that this isn't limited to HTTP. > S 6. Compressed HTTP Headers > I don't know how much value this adds, but note that the server's > indication that it supports compressed headers lives in the same > section of the datastream as the crypto stuff from S 5. So, we > now need some sort of framing mechanism for this data to allow > clients which know about opportunistic crypto but not compressed > headers to ignore that advertisement. Yep. Again, the framing mechanism already exists, although it's not specified in the draft because it's not in scope for a TCPM draft. The framing mechanism also allows for any other crazy HTTP (or any other "client transmits first") protocol extensions in the future. I think that, even if you don't much care for the opportunistic encryption, that's fairly powerful. Cheers AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Lars Eggert
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Michael Tüxen
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Michael Tüxen
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Anantha Ramaiah (ananth)
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch