IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Watson Ladd <watsonbladd@gmail.com> Thu, 23 January 2020 17:43 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7641201CE for <tls@ietfa.amsl.com>; Thu, 23 Jan 2020 09:43:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uiIbwvpjRwZG for <tls@ietfa.amsl.com>; Thu, 23 Jan 2020 09:43:36 -0800 (PST)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1FE120144 for <tls@ietf.org>; Thu, 23 Jan 2020 09:43:36 -0800 (PST)
Received: by mail-lj1-x22e.google.com with SMTP id q8so4467173ljj.11 for <tls@ietf.org>; Thu, 23 Jan 2020 09:43:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=kVQtrXlSmYriDl5n6uGN+MNXkwfP4TW2bTFlrPuLcXE=; b=XzclI9HJ1tqdJANWUGxxptATDrkxraHZ7YHkldVCq02cu1XS5fl31Q/X/XoO3ahLpj C75PoEneAiOlWa9Pcpomj4f4ZUTGF4fg7ltYJJqtHHvV3HlTi4NqZst2tTfVra6hhkh9 ddj/XISmIG+j4RgLhptV0KcnG24z24AD0aWop0Dzr8XCEGvqCP1uLS6G+twrE5kX3zWn dPc4gwHYtYJfCucxbvZFmMEpOr9axfFHYUlRhsVENf5L4VKLyfw3lG8t4d9vZnRDfjy3 RQisSEiHTHL39H6W67k1lllXFBw94GhPfzknraxjww6IVHcfYbbDcbppeoRao6Qs9r6E wYNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=kVQtrXlSmYriDl5n6uGN+MNXkwfP4TW2bTFlrPuLcXE=; b=oa1dIs79c06JMQoiKF7Rat4Gg8ugCmzCUUPAcbXq/TaN0U8T5dsP45yT1qvcNABxk3 +XScDOW7AXDn+hdkj4xRx+ar357WbHfGA0VvrPaEoYuDbtSO89rnFSmq40yj8qAseX6y +hoIO1VN4EF7x1bGdRstwD6pcpcccCEcpTjUI7g1EZVCd7YSn2Pem9Cs3ssdl9HY65qZ SCXKrlh3OoGQ/i3fQgXH/3JS5xVAhqJz8zJyNTsl+o2Wvo8YfXvC7npBYRaiLLzIc2xT hXlP0Hhxuke7ivdaCuHeGpH88z/w/8krKgzusvlGVtncvKT8CMfMHAk44n+4GtC1V1sN JlZg==
X-Gm-Message-State: APjAAAXg8N8VYbWyZ/IKIjCPZ5DGfMNkz+0mrWNk0StkScrdKOY5zj/B vjDjFLEyeWXm3ZvWUlh5g8n8juJX0ii21QN6Lm3tjTsc
X-Google-Smtp-Source: APXvYqwRuzjdveCxPqpbXPHqtcbiSmgMZZCHmOzjZq+y2UZo/sDhVefdiluEGAP4MEnHEbXYarMRbk8+pb4kU6sQJhk=
X-Received: by 2002:a2e:b5ac:: with SMTP id f12mr24111595ljn.0.1579801413772; Thu, 23 Jan 2020 09:43:33 -0800 (PST)
MIME-Version: 1.0
References: <CAPDSy+6DFJ+OYRtYK6eEiUt1noiik4KxqrGFx0ro_RL2Mft_VA@mail.gmail.com> <fd37bd2a-c799-4bf4-95b3-65943681683b@www.fastmail.com> <20200121055411.GJ73491@straasha.imrryr.org> <97de6364-c628-45aa-8613-ba1a32cc41b2@www.fastmail.com> <A5448AC9-6EBB-48F9-A1B0-A787FBBCFF05@akamai.com> <08A4B0CD-9903-4027-B672-E8C7AFB34B4D@akamai.com> <20200123005528.GA12073@localhost> <CAN2QdAH7t4fPgBfBSO7Ni1As2bVB9QvCw1s9j0ggqvTRUATE8A@mail.gmail.com> <20200123021455.GA73491@straasha.imrryr.org> <87427017-551e-4633-a0d3-75f378879aa9@redhat.com> <20200123124055.GF73491@straasha.imrryr.org>
In-Reply-To: <20200123124055.GF73491@straasha.imrryr.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 23 Jan 2020 09:43:21 -0800
Message-ID: <CACsn0cngxBQTB+Pfw6t_+qsSFb0Kf8mV1U1J1UTsPJiUk=vg0w@mail.gmail.com>
To: TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000156825059cd22e21"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/52RAEHg0D4-2PgTQCuSq3vFk71o>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 17:43:39 -0000

On Thu, Jan 23, 2020, 4:41 AM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Thu, Jan 23, 2020 at 12:57:31PM +0100, Hubert Kario wrote:
>
> > > The deployed base of Postfix servers issues multi-use tickets (always,
> > > there's no extension to tell me otherwise), and sends zero tickets
> > > on resumption, so I need to not just throw away tickets that are
> > > still valid.
> >
> > I wonder if the approach with a database with strict ACID-ity is the
> > correct one for ticket storage.
>
> It isn't "strict acidity", but there never more than one ticket per
> peer, stores replace the existing entry, loads read the latest entry
> stored.
>
> > What I mean, is that, especially in postfix case, using slightly older
> > ticket that it could will have minimal impact on the connection.
>
> Slightly older is unavoidable, because time passes between configuring
> an SSL connection to use a particular session and actually using it.
>
> If tickets rotate too fast, busy Postfix SMTP clients will frequently
> end up with stale tickets, and will fail resumption much of the time.
>
> The server accepts reuse, and defaults to assuming that the client is
> willing to reuse.
>
> If the extension provides a tiny bit more signalling at no cost to
> applications that have no use for reuse, then I'll be able to also
> support clients that explicitly signal non-reuse (e.g. MUAs talking
> to a service that is both MSA and SMTP relay).
>
> > Thus a database that is basically append only, with clients that look
> > for newest ticket (and disregard races on this lookup) and a
> > garbage-collection process that removes old tickets every few hours
> > will work ok.
>
> There is indeed a GC process, but we're using off-the-shelf indexed
> file dabases (Berkeley DB or LMDB), which are not append only.  And
> in any case, this is rather tangential.
>
> The real issue is that I'd like to offer clients that don't reuse a
> fresh ticket, but allow clients that do reuse to continue to do that.
>

Sending a new ticket doesn't force clients to store it.

>
> Anyway, I wanted to avoid TL;DR, and just present an argument based
> largely on:
>
>     - No actual complexity to those that don't ever want reuse
>     - Pontential savings to those who for some reason do reuse.
>
> That really ought to be enough, given that ignoring the reuse
> case and always issuign a ticket is *free*:
>
>     /* Hande non-use, ignore reuse, and impose local limit */
>     if (ticknum == 0) ticknum = 1;
>     else if (ticknum == 255) ticknum = 0;
>     else if (ticknum > ticklimit) ticknum = ticklimit;
>

What if we reverse the 0 and 255 case, and use the number 1 to mean 1? Now
the code is a no-op.

I still don't get the savings: tickets are free for the server and clients
can always not store them. With 0-rtt single use tickets are a lot more
compelling.


>     /* now proceed as in previously solved problem */
>
>   v.s. extension as-is:
>
>     /* Impose local limit */
>     if (ticknum > ticklimit) ticknum = ticklimit;
>
> That's a totally trivial change that yields status-quo, but allows other
> implementations to do something more intelligent with "ticknum == 0".
>
> --
>     Viktor.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email