Re: [tcpm] SYN/ACK Payloads, draft 01
Eric Rescorla <ekr@networkresonance.com> Wed, 13 August 2008 19:39 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A28E3A6ACF; Wed, 13 Aug 2008 12:39:59 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 179F228C1AB for <tcpm@core3.amsl.com>; Wed, 13 Aug 2008 12:39:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.081
X-Spam-Level:
X-Spam-Status: No, score=-1.081 tagged_above=-999 required=5 tests=[AWL=1.518, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MqsgpTtIaUFI for <tcpm@core3.amsl.com>; Wed, 13 Aug 2008 12:39:52 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id F3E6628C1AF for <tcpm@ietf.org>; Wed, 13 Aug 2008 12:39:51 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id C4C5B50848; Wed, 13 Aug 2008 12:50:27 -0700 (PDT)
Date: Wed, 13 Aug 2008 12:50:27 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Adam Langley <agl@imperialviolet.org>
In-Reply-To: <396556a20808131145y1be0fb4saeb7bbf74d078268@mail.gmail.com>
References: <396556a20808111035s2b974233o1e9d3671e82e3350@mail.gmail.com> <20080813172752.AA7A650846@romeo.rtfm.com> <396556a20808131047q781675a3if23d727ef5ae918f@mail.gmail.com> <20080813181630.A1E6750848@romeo.rtfm.com> <396556a20808131145y1be0fb4saeb7bbf74d078268@mail.gmail.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080813195027.C4C5B50848@romeo.rtfm.com>
Cc: tcpm@ietf.org
Subject: Re: [tcpm] SYN/ACK Payloads, draft 01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
At Wed, 13 Aug 2008 11:45:07 -0700, Adam Langley wrote: > > On Wed, Aug 13, 2008 at 11:16 AM, Eric Rescorla > <ekr@networkresonance.com> wrote: > > I'm srory, I don't understand what you're saying here. Does this > > data appear to the application to be part of the data stream > > or not? > > Yes, the data is part of the application stream. However, including a > payload in the SYN/ACK frame is permitted by TCP. Thus application > protocols in which the server speaks first could include payloads in > the SYN/ACK today, with no changes. Admittedly many stacks will only > ACK the SYN flag and not the data, so the data has to be > retransmitted, but the changes needed don't need any standard work. > > The option proposed here is just for "client speaks first" to escape > that mode and switch to a "server speaks first" mode. Right, but this has application-level semantics because the content of the server's data is not what an unmodified client expects. So, it's not just a timing issue: the server sends different data to the client if this option is included or not. > > OK, this wasn't entirely clear from reading the draft. > > I didn't include it in the draft because it seemed out of scope, but > maybe I should since attentive readers are obviously picking up on it. > > > But the premise of this scheme is that people don't do TLS > > because of either (1) latency or (2) lack of opportunistic > > negotiation. As far as I can tell, neither is correct. Rather, > > it's concerns about server performance. And server performance > > can be improved by a number of mechanisms within TLS that > > are (1) backward compatible with TLS and (2) don't require > > modifying the kernel. > > (1) is certainly a concern today. Even a single round trip. Most > actual numbers on this are considered secrets by the organisations in > a good place to gather them, but here's one soundbite: > > "every 100ms of latency costs Amazon 1% of profit" > http://radar.oreilly.com/2008/08/radar-theme-web-ops.html Well, this is just an unsupported claim in the presentation, so I have no idea what the underlying data is. However, superficially I find it deeply implausible. I have a Comcast business line, a fast computer, and a modern version of Firefox and it takes about 5 seconds to load Amazon's home page. There are lots of things Amazon could do to improve that performance (e.g., show me less images on the main page). Given that they don't, it's pretty hard to take complaints about a couple of hundred ms latency seriously. > (2) is also a concern: simply put, users type http by habit. And the servers could say "use TLS next time" and the browsers could remember that. > Additionally, getting TLS certificates is a pain for small sites. Huh? I've done this. It's cheap (< $50/yr) and simple (< 10 minutes). > As > for server load, curve25519 can be performed in 240us on a Core2 and > Salsa20/8 runs at 2 cycles/byte (same hardware). That reduces server > load. You're conflating unrelated issues, since TLS is perfectly capable of using these algorithms, if someone thought it was worth defining a cipher suite. > But, really, I don't really know the reasons why TLS isn't ubiquitous > even with ubiquitous support. But, given that it isn't, I'm looking to > the best that I can with a very low-cost (i.e. computation, latency) > system. This sounds to me like a classic case of premature optimization. For all you know the reason TLS isn't ubiquitous is that it doesn't have a cool name. Maybe we should work on that instead. > > That said, if you're willing to burn even very small amounts > > of data in the SYN, you can do something TLS-compatible by > > passing a compressed ClientHello of some kind + FastTrack. > > This only works with static RSA one the server side, but > > so does the scheme you propose. > > I can reasonably fit 14 bytes in a SYN frame. I did consider trying to > get RSA in the SYN (because then the computation costs could be mostly > put on the server), but I don't think I can fit anything useful in > there. (Not even a good elliptic key). I'm talking about a different dataflow. your dataflow is: Client Server ------ ------ SYN + PPExt -> <- SYN/ACK + PPExt + [Crypto stuff] [Crypto Stuff] -> [HTTP Req] Consider the basic TLS handshake from 4346: ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data But the client can techncially start sending data as soon as it has sent Finished, so that leaves us with: ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> Application Data Which is the same number of messages as in your example. The problem is now sending them before the 3-way handshake completes. The Server's first message can be stuffed in the SYN/ACK payload, but the ClientHello cannot be stuffed in a SYN option. But if you were willing to define compressed versions of the most common ClientHello options, you could just say in the SYN option "I speak package 9" and then the server could send the ServerHello right away. You'd need to move some of the ClientHello (e.g., the Random) to the Client's first real message, but that's technically feasible. -Ekr _______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Lars Eggert
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Sergio Freire
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Michael Tüxen
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Eric Rescorla
- Re: [tcpm] SYN/ACK Payloads, draft 01 Michael Tüxen
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Caitlin Bestler
- Re: [tcpm] SYN/ACK Payloads, draft 01 Adam Langley
- Re: [tcpm] SYN/ACK Payloads, draft 01 Anantha Ramaiah (ananth)
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch
- Re: [tcpm] SYN/ACK Payloads, draft 01 Joe Touch