[TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)
Dave Garrett <davemgarrett@gmail.com> Sat, 20 February 2016 00:38 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B0321B341C for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 16:38:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dF0Ka3sBUz8C for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 16:38:34 -0800 (PST)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C46E1B32CA for <tls@ietf.org>; Fri, 19 Feb 2016 16:38:34 -0800 (PST)
Received: by mail-yw0-x22c.google.com with SMTP id g127so80625591ywf.2 for <tls@ietf.org>; Fri, 19 Feb 2016 16:38:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=yte74+qR87ju00nLWwB0M/ZwQdF3OYpAJtoY51cE500=; b=Jt/wmDyesYhrdjYT2jsF6OfuP76/canSx1BDiBW+JbiwoqLPCwFXoQkjIuAgvzelsN eEg98MSXiLk5Ewkbg1oEqMZGCT+6eyPC15LOSdh6aVozHdTDhQLCvYWp1CzUMTpW+REB IcOKRPip6oEGp9dwCydg7w3fxhdAQGbepXAxWOREFbGih7YEtkdH/rpNmbn8MyGfAXLQ kGOBJ/8buIFYKSkPml9rhxV/tvQWR6YqJai1a4UHlMF1nnFMJu7sVWK778SlVcXMDP6A RCY4qYqfCF3u8ByuDawNmy4orZzabk4zCg3G4DzU3xvrpwFZjwCdfSLxXmRngeu6N4Ys Qtrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=yte74+qR87ju00nLWwB0M/ZwQdF3OYpAJtoY51cE500=; b=ADCUMEOxYz0I891rJV9rHolR7tFlxNsVhflsbnwySXyFiSFXxa+s9bQ8wza9DR9M5+ zLyY8kkj8umVe15tpYzvnTwxjKa/aFKMnBX6mhPEUpFt9hV0/Dx+vYbGwyqTnFbLn3+/ lDOgSw8RB020Ga0vTjiAoLasQ+tFsl5dCVtjRZzxPb0Y3mtBGb9hEwTJcyKEhVQE4Bls sChFts/KvtXVmXAuWXuYhdLtx69xPy78yMn8WFC9YqplXu/+aZoMmyQgunnEcmTca/bb AwRvZR2QB57r4u9yrOZCnBQ+RlBUQ73mjunwTSsNR0GKCD34HVCoo9cJJbW+zhAzzvnB yp5A==
X-Gm-Message-State: AG10YORW1ScrbHPM5GRxGzDiskFHifDZxxoN4SshL+lHWL8W5j2lFVQuHgM2+hVmRVXxqA==
X-Received: by 10.129.87.3 with SMTP id l3mr8515685ywb.149.1455928713514; Fri, 19 Feb 2016 16:38:33 -0800 (PST)
Received: from dave-laptop.localnet (pool-71-175-20-227.phlapa.fios.verizon.net. [71.175.20.227]) by smtp.gmail.com with ESMTPSA id o23sm10608789ywd.30.2016.02.19.16.38.32 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 19 Feb 2016 16:38:32 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Date: Fri, 19 Feb 2016 19:38:31 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com> <201602191815.10375.davemgarrett@gmail.com> <CABcZeBOrLnSrQXEYZGdNLFD+KyoCHj=NT=RWfcP26hK6XyMbzQ@mail.gmail.com>
In-Reply-To: <CABcZeBOrLnSrQXEYZGdNLFD+KyoCHj=NT=RWfcP26hK6XyMbzQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201602191938.31574.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1_qTcoCLt6c2Q58JAvTuB_B4ITc>
Subject: [TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2016 00:38:35 -0000
I just had an idea. There is significant doubt of how useful semi-static DHE 0RTT would be due to the difficulty of distributing the configs out-of-bound. I don't dispute this; I merely dispute that no capability is better than minimal, in this realm. There is another way that they could be helpful, however. Take a typical HTTP page and a client with no prior knowledge. (could be applicable to other applications, but the TLS WG does have a charter to take special note of HTTP latency; subresources' lack of HTTPS often is a stated reason for a site's lack of HTTPS overall) There will be a 1RTT cost without having a pre-cached way to do 0RTT, and then after that there will be a 1RTT cost for *every* subresource on a different server. To do HTTPS for the servers of 3rd party scripts, ads, user-posted images/video embeds, etc., each of those servers will need to be connected to by the client with TLS and no prior knowledge, meaning a 1RTT cost. This could be significantly optimized by creating a new HTTP extension that allows servers to enumerate the domains on a page, cache all those domains' semi-static DHE config, and push them to each client in their first flight returning the primary resource. This would allow all subresources to be fetched by the client with a 0RTT cost, and just a single 1RTT cost for the primary resource. Servers could simply refresh their cache of their subresources' semi-static DHE configs on a daily basis. A stale config can be sent to a client and it can still fallback to 1RTT, though. Clients would not need to have any prior knowledge in order to significantly benefit from 0RTT in this scenario. TLS 1.3 would need to have some way of facilitating this scenario in order to devise a way to do this sort of thing in HTTP (or another general protocol with subresources). The general point I'm trying to convey here is that we can come up with ways to use this to improve latency noticeably, if given the underlying capability. We don't know how effectively it can be used until we try. Dave
- [TLS] Do we actually need semi-static DHE-based 0… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Bill Cox
- Re: [TLS] Do we actually need semi-static DHE-bas… Salz, Rich
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Scott Fluhrer (sfluhrer)
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- [TLS] Mass 0RTT of subresources with no prior kno… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Martin Thomson
- Re: [TLS] Mass 0RTT of subresources with no prior… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Eric Rescorla
- Re: [TLS] Mass 0RTT of subresources with no prior… Ilari Liusvaara
- Re: [TLS] Do we actually need semi-static DHE-bas… Nick Sullivan