Re: [TLS] Fwd: New Version Notification for draft-ieft-tls-falsestart-00.txt

Brian Smith <brian@briansmith.org> Wed, 13 May 2015 02:08 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1B21A9051 for <tls@ietfa.amsl.com>; Tue, 12 May 2015 19:08:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T2Pyvd0TT_rb for <tls@ietfa.amsl.com>; Tue, 12 May 2015 19:08:13 -0700 (PDT)
Received: from mail-oi0-f46.google.com (mail-oi0-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6246F1A904D for <tls@ietf.org>; Tue, 12 May 2015 19:08:13 -0700 (PDT)
Received: by oiko83 with SMTP id o83so20591840oik.1 for <tls@ietf.org>; Tue, 12 May 2015 19:08:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=pXK/8kfzVeTaZwNp4Jt99FqlmzKBFjZycdaKh8oNaeA=; b=HPzU8jhO0H4iETyN10nuzAfEeeuCpUnbm84p/jAZk151QjaIkhwyK/egPoBTmeF8Jh bGd1IctyPLZj/qwhmKm90eQb+MKDII4MHOdxrzjZBT/VM2T08O3PbOyimmaxmqwkJTlL Rzif/gy7oZuDg7wFtXKk5jT52pc9YcLysfsYR9hnOdloAqg+6I9frAZVoaN4tL53wcu1 VniAdmFDvlg/nFvhJGDLFQWhPEyNimaL+kaYSeCByFEY0xSxgL1XB7KO/5xph8FkXi9N pbQ5d7lunIjhxfPyOg9gGl6QziP7QlDicJafq7qXc0knjmMNnfvpg147cRAhqqTfyxhV pqCw==
X-Gm-Message-State: ALoCoQkwXN0eIV7MK2JBuK4S4NgMfEL0njvW7DU2I3tLNQBi+xIfM+qIYD/u7v3xPFtsB/sCqQtl
MIME-Version: 1.0
X-Received: by 10.202.91.11 with SMTP id p11mr13463329oib.125.1431482892867; Tue, 12 May 2015 19:08:12 -0700 (PDT)
Received: by 10.76.90.97 with HTTP; Tue, 12 May 2015 19:08:12 -0700 (PDT)
In-Reply-To: <CABkgnnWM7718gZoZrjW7d3gTUUGs3LzUKO6c_fCyDTi0pj7KaQ@mail.gmail.com>
References: <20150506101230.32573.26774.idtracker@ietfa.amsl.com> <CADMpkcLzW-ci5ZVocQ-Tz9vS6-ngM5vb_0E1P0SZS-obdAZDRw@mail.gmail.com> <CABkgnnWM7718gZoZrjW7d3gTUUGs3LzUKO6c_fCyDTi0pj7KaQ@mail.gmail.com>
Date: Tue, 12 May 2015 16:08:12 -1000
Message-ID: <CAFewVt6zkBgmJJEKVb-6DCN2UJNXpXRUtPb9i95CbF8MWcLLRg@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=001a113d29ee54eeb30515ed15ed
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/04p9gJ166cRCL0W7fBK9BEX2sdE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: New Version Notification for draft-ieft-tls-falsestart-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 02:08:18 -0000

On Thu, May 7, 2015 at 11:25 AM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> If the client certificate is to be enciphered in an immediate
> renegotiation handshake, and both initial and renegotiation use False
> Start, the client should probably check the Finished message on the
> first before completing the renegotiation. Unless there are issues
> delaying the Finished delivery, the client should have that prior to
> when it needs to send the certificate.
>

We should just say that False Start should only be done during the initial
handshake, and MUST NOT be done during renegotiation. Do any
implementations False Start during renegotiation?

Note that you can create a session during the initial TLS handshake and
then resume that session during the renegotiation, so there was already a
way to nearly guarantee a 1-RTT renegotiation handshake with vanilla TLS,
as long as both sides support session resumption. And, if either
implementation is too conservative to implement session resumption, that's
a good hint that they'd rather not do False Start either.

Cheers,
Brian