IETF Logo Mail Archive

Re: [TLS] Forged RST (was: About encrypting SNI)

Bill Frantz <frantz@pwpconsult.com> Sat, 19 April 2014 15:55 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49DA41A001F for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 08:55:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4GGU572x4-dV for <tls@ietfa.amsl.com>; Sat, 19 Apr 2014 08:55:30 -0700 (PDT)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) by ietfa.amsl.com (Postfix) with ESMTP id 592AE1A001E for <tls@ietf.org>; Sat, 19 Apr 2014 08:55:30 -0700 (PDT)
Received: from [174.226.64.241] (helo=Williams-MacBook-Pro.local) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1WbXbu-0000x6-U3; Sat, 19 Apr 2014 11:55:23 -0400
Date: Sat, 19 Apr 2014 08:55:22 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Yoav Nir <ynir.ietf@gmail.com>
X-Priority: 3
In-Reply-To: <822C36AB-27AC-4844-8C83-449064FC345C@gmail.com>
Message-ID: <r422Ps-1075i-12718ABB05044695BAD8DA77F4CC973F@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79dfe4a6a1a534755339048d3142935f1c350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 174.226.64.241
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-ZkZRsM78G0gl8IDg354dZYNCio
Cc: tls@ietf.org
Subject: Re: [TLS] Forged RST (was: About encrypting SNI)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2014 15:55:33 -0000

On 4/17/14 at 1:27 AM, ynir.ietf@gmail.com (Yoav Nir) wrote:

> Those who won’t use TCP are doomed to re-create it. To get a UDP-based protocol to replace TCP for 
> the web you’d need all of reliable delivery through (selective?) retransmissions, bandwidth 
> detection, replay protection, a whole lot of things that took the transport community years to get 
> right. Yes, there have been many attempts, but there’s a reason TCP is still the protocol everyone 
> uses for pretty much any type of bulk transfer. And this is before we even begin to talk about 
> middleboxes dropping unrecognized UDP services.

Absolutely correct.

However, one could set up a DTLS session and then initialize the TCP protocol within that session.

I don't think anyone has considered this inversion before. It may not be useful, but...

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Privacy is dead, get over    | Periwinkle
(408)356-8506      | it.                          | 16345 Englewood Ave
www.pwpconsult.com |              - Scott McNealy | Los Gatos, CA 95032

v2.23.0 | Report a Bug | By Email