Re: [TLS] consensus call: draft-ietf-tls-ticketrequests
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 05 March 2020 05:53 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B1333A0D7E for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 21:53:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MFCi9KHnC8R8 for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 21:53:06 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF383A0D8D for <tls@ietf.org>; Wed, 4 Mar 2020 21:53:06 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id A9C321AFFBC; Thu, 5 Mar 2020 00:53:05 -0500 (EST)
Date: Thu, 05 Mar 2020 00:53:05 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20200305055305.GX7977@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <4E07012F-AB53-4727-A309-D8A15222A433@sn3rd.com> <0E7E2E43-CC46-488E-981E-BF8417821D85@sn3rd.com> <debd3b67-4089-a108-c285-45dccd8cc114@cs.tcd.ie> <CACsn0c=dS3sGRhT5kZGduhR3MynuxDSRnsA2a=kfpyu_0NWKPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0c=dS3sGRhT5kZGduhR3MynuxDSRnsA2a=kfpyu_0NWKPw@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2bJCbC75eLVLBggsZ8ZL6ybj3Fg>
Subject: Re: [TLS] consensus call: draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 05:53:15 -0000
On Wed, Mar 04, 2020 at 08:32:45PM -0800, Watson Ladd wrote: > > Yes. I think Viktor's use case is one to not bugger > > up (even if one doesn't need to support it) and don't > > see how supporting it breaks something. (While also > > disliking generic ticket reuse.) > > It's not the usecase: it's the program. Postfix made architectural > choices that make storing tickets allegedly expensive. These fit into a existing archicture of security-hardened privilege-separated ephemeral processes that handle a modest number of deliveries and exit to be replaced by new processes, concurrent delivery (within sensible bounds) to the same destination, because serializing all output to the same destination really kills performance, ... The architecture is actually reasonably well thought out. It is true that Postfix could probably learn to have a multi-slot cache, and to keep updating on each and every resumption. But the shared ticket cache is backed by Berkeley DB or LMDB, and especially in the case of LMDB's copy-on-write design a high write rate (hundreds of new tickets per second) is not particularly appealing. In any case, Postfix is but an example of an application where ephemeral tickets are mere security theatre, there is simply no privacy benefit, and no plausible use-case for early data. I am all down with discouraging ticket reuse, not enabling it by default, ... but none of that amounts to a sound reason for precluding reuse where non-reuse has demonstrably no value. > I would be a lot more sympathetic if Viktor could provide actual > measurements with actual numbers demonstrating that rewriting tickets > is an insurmountable obstacle, given all the other time taken by > opening connections and sending mail. Why does it have to be an insurmountable obstacle. What's wrong with the observation that I have a well-oiled mature code-base that works well with multi-use tickets, and would need significant refactoring to take advantage of ephemeral tickets. It is true that with returning a fresh ticket each time, the cache churn is not a *disaster* for Postfix, but it is unnecessary, and not just Postfix, but also other application can benefit from avoiding ticket churn security theatre. > There also is the possibility that a different architecture that > reduces contention on the cache (say by not having multiple processes > attempting to open connection to the same server at once, or switching > to storage system that accomodates multiple simultaneous writers) > would have better performance. So I gather I should trade-off optimizing mail queue management for optimizing ticket cache management? (I don't think so...) > 0-RTT=> replay=> either single use tickets or idempotent methods only. > And then we learned that websites don't have idempotent GET always. > Hence the interest in server side enforcement of single use tickets. There's no GET in SMTP. The transaction starts with a 220 greeting from the server to the client. Then eventually STARTTLS, and a new EHLO from client to server. There's no 0-RTT, no early data, ... I think a singular focus in this WG on HTTPS as the sole motivating use-case is unfortunate. -- Viktor.
- [TLS] consensus call: draft-ietf-tls-request Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-request Sean Turner
- [TLS] consensus call: draft-ietf-tls-ticketreques… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Salz, Rich
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Daniel Migault
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Watson Ladd
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Christopher Wood
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… David Schinazi
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Carrick Bartle
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Carrick Bartle
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Victor Vasiliev
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… David Benjamin
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Russ Housley
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Martin Thomson
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Christopher Wood
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Martin Thomson
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Watson Ladd
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Watson Ladd
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Jeremy Harris
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Eric Rescorla
- Re: [TLS] consensus call: (not precluding ticket … Eric Rescorla
- Re: [TLS] [EXTERNAL] Re: consensus call: draft-ie… Andrei Popov
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Salz, Rich
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Kyle Nekritz
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Benjamin Kaduk
- Re: [TLS] consensus call: (not precluding ticket … Benjamin Kaduk
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Benjamin Kaduk
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Martin Thomson
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Benjamin Kaduk
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner