Re: [TLS] Fwd: I-D Action:draft-bmoeller-tls-falsestart-00.txt

Michael D'Errico <mike-list@pobox.com> Thu, 03 June 2010 17:32 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C96B3A69F5 for <tls@core3.amsl.com>; Thu, 3 Jun 2010 10:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.092
X-Spam-Level:
X-Spam-Status: No, score=-0.092 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T59d5pbHXBzs for <tls@core3.amsl.com>; Thu, 3 Jun 2010 10:32:00 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id AFD603A69EA for <tls@ietf.org>; Thu, 3 Jun 2010 10:31:59 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 46728B9F41; Thu, 3 Jun 2010 13:31:46 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=3dCGObgzxsgE FzO43xBBT82gCko=; b=Sfyue0XKOEbrVQqYqCY0SVGKj+aea9N3x0+3OU9jMkTx m2N5qGRbvaYgNKuOtqGnt+c3bJjp0O2ehznhxtrN5OTkLRB0k9shAFfXty91W8xG UOqafDL35aH+x3b7eR2zqNa95TtnbEsP2qbOyZ+3FqfSRbPc4D9sYW1OBzi7Pzg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=px3v5Q XErGm8xmmSkQGKa9CJDfziIsw/pbNulVgdirEq5sIOoIuwyplIwT3IL9MGYI0Qo3 9zc65xRk9F6xljIJ5qY+ULFuCx5szghUTkDpiRkLLRUm/wzXfWLxC87hqI1CCRSN MZMflbeY1906rDVG2GSgIbBxfRlxNKgu6ztrw=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 21BB3B9F3D; Thu, 3 Jun 2010 13:31:44 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 81588B9F29; Thu, 3 Jun 2010 13:31:37 -0400 (EDT)
Message-ID: <4C07E6F8.2090102@pobox.com>
Date: Thu, 03 Jun 2010 10:31:36 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Bodo Moeller <bmoeller@acm.org>
References: <AANLkTik3ZhyzI7-Re8FjNtC5xpH-aDplSyzcmgWoDgNd@mail.gmail.com> <2728902C-B235-4AAB-8EAE-19D673A38CB6@acm.org>
In-Reply-To: <2728902C-B235-4AAB-8EAE-19D673A38CB6@acm.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: E0DE34FE-6F35-11DF-B6D8-6730EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Cc: TLS Working Group <tls@ietf.org>, Nagendra Modadugu <nagendra@cs.stanford.edu>
Subject: Re: [TLS] Fwd: I-D Action:draft-bmoeller-tls-falsestart-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2010 17:32:02 -0000

I think the current name doesn't describe the feature very well.  SMTP and
HTTP call it "pipelining" so perhaps you could use that name instead.  My
software should tolerate TLS pipelining if a peer were to use it, but I
don't feel comfortable adding it as a feature.

Mike



Bodo Moeller wrote:
> A downside of deploying TLS is the latency penalty due to the TLS 
> handshake: when starting a new session, HTTPS needs two additional 
> round-trip times compared with unencrypted HTTP.  This document shows 
> that it's easy to do better than that, just by changing the client's 
> protocol implementation -- no change to server code is required to speed 
> up full handshakes.
> 
> (Similarly, a server-only change can speed up abbreviated handshakes for 
> application protocols in which, unlike HTTP, the server sends data first.)
> 
> An example implementation for OpenSSL is available as 
> handshake_cutthrough.patch at 
> http://bazaar.launchpad.net/~nagendra/openssl-patches/trunk/files.
> 
> Bodo
> 
> 
> 
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>> 	Title           : Transport Layer Security (TLS) False Start
>> 	Author(s)       : A. Langley, et al.
>> 	Filename        : draft-bmoeller-tls-falsestart-00.txt
>> 	Pages           : 11
>> 	Date            : 2010-06-02
>>
>> This document specifies an optional behavior of TLS implementations,
>> dubbed False Start.  It affects only protocol timing, not on-the-wire
>> protocol data, and can be implemented unilaterally.  The TLS False
>> Start feature leads to a latency reduction of one round trip for
>> certain handshakes.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-bmoeller-tls-falsestart-00.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> Below is the data which will enable a MIME compliant mail reader
>> implementation to automatically retrieve the ASCII version of the
>> Internet-Draft.
>>
>> <ftp://ftp.ietf.org/internet-drafts/draft-bmoeller-tls-falsestart-00.txt>