Re: [TLS] Session resumption ticket reuse considered harmful
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 05 March 2020 23:15 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 010C63A0E03 for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 15:15:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id alw1cRca27mE for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 15:15:27 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62FDE3A0E02 for <tls@ietf.org>; Thu, 5 Mar 2020 15:15:27 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 9BE991B0CA3; Thu, 5 Mar 2020 18:15:26 -0500 (EST)
Date: Thu, 05 Mar 2020 18:15:26 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20200305231526.GC7977@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <20200305205524.GR18021@localhost> <CAN2QdAGja9JoXsSSnmdkjHk7kNbDpEiMVkPpA6VDCfRjo9DRVw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAN2QdAGja9JoXsSSnmdkjHk7kNbDpEiMVkPpA6VDCfRjo9DRVw@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0UO5-2X9-IBBDAAq-NGAnSIYdxc>
Subject: Re: [TLS] Session resumption ticket reuse considered harmful
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 23:15:29 -0000
On Thu, Mar 05, 2020 at 02:49:23PM -0800, Watson Ladd wrote: > My skepticism is entirely a function of this being a late breaking > change to a relatively simple proposal, with not very much in the way > of quantifiable evidence to back up the concern that shared cache > contention is a big overhead. Is it 1%? .5? 10%? of the total time to > use a connection. At 10% we definitely need to do something, at .01% > we almost certainly don't. It isn't just the impact on client ticket cache processing, whatever it might be. Tickets can be quite large when client certs are in use, because various TLS APIs promise server applications the ability to return the client cert (or full chain) at the completion of the handshake, which means recording the client cert or chain in the ticket. And with PQ certs about to get substantially bigger than RSA certs, I don't see why carefully designed servers and clients need to engage in wasteful network traffic, CPU and I/O costs. In the case of Postfix, the new ticket has to be generated, encrypted and transmitted by the server, received and decrypted by the client, then base64 encoded and transmitted to the tlsmgr(8) process, which stores it an LMDB or Berkeley DB database, incurring I/O costs to store it (likely also an fsync). With spinning rust the MTA's throughput is largely limited by the number of synchronous writes to disk per second, and additional synchronous writes degrade overall throughput. -- Viktor.
- [TLS] Session resumption ticket reuse considered … Nico Williams
- Re: [TLS] Session resumption ticket reuse conside… Martin Thomson
- Re: [TLS] Session resumption ticket reuse conside… Salz, Rich
- Re: [TLS] Session resumption ticket reuse conside… Nico Williams
- Re: [TLS] Session resumption ticket reuse conside… Watson Ladd
- Re: [TLS] Session resumption ticket reuse conside… Nico Williams
- Re: [TLS] Session resumption ticket reuse conside… Nico Williams
- Re: [TLS] Session resumption ticket reuse conside… Viktor Dukhovni
- Re: [TLS] Session resumption ticket reuse conside… Nico Williams
- Re: [TLS] Session resumption ticket reuse conside… Watson Ladd
- Re: [TLS] Session resumption ticket reuse conside… Salz, Rich
- Re: [TLS] Session resumption ticket reuse conside… Nico Williams