IETF Logo Mail Archive

Re: [TLS] Separate APIs for 0-RTT

Loganaden Velvindron <loganaden@gmail.com> Tue, 13 June 2017 16:36 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A59B12EAE4 for <tls@ietfa.amsl.com>; Tue, 13 Jun 2017 09:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HHuCRrZGQ-pY for <tls@ietfa.amsl.com>; Tue, 13 Jun 2017 09:36:31 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E326F12EAB8 for <tls@ietf.org>; Tue, 13 Jun 2017 09:36:29 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id m47so44172496iti.1 for <tls@ietf.org>; Tue, 13 Jun 2017 09:36:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7H+VcFzZJzdEL0IJy3OZ47d+mTIEs+SbN8HYRkiaQZo=; b=s2cr1mVKq048FOUe2c6h9qocENQkWZztswVIRgwyUKp04yVqIAxK9aWc5VZLEpN04F ea/p9GPZXJggB+Ha76LsuaBsNLHstlKI2mKDQD5DUqofmzguRyCyi1rXZeP5nLj2P+U3 CskTvX7zTCrZlQsW71IkJDXLjWFjxWZScsGa6GJr08dlJVkSXxSPdNtYPArU4uX6nncx OsCHz+tr4rVBSADeGuwRxdhV9vGm2yAndPyBrnBJqcA0HKHxMvyVLnEYfLqYkiEoAXXC IU3tqVXPfgfWgXX88ROCx+agaVTGmVoioRt/xmPfIDlvrjNxaExi4bzYysDE+KLgl4uP UOoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7H+VcFzZJzdEL0IJy3OZ47d+mTIEs+SbN8HYRkiaQZo=; b=ImtnD6e0tehXmymfqXVQY/BxvtM8iP1Loe61yOVjC/UA5MUfNIbcaoRn3CXzmWMPFV ynX7P7RL9a0yCeYn0rbgw2j9G9yeULO+iIjdONOrRSRmwDnnrk1REEl1PySJrGH30idF F0yyuO36jIwCINjG+wE8ROIjdwBorh0mJGp4L7xFisOacm2I50p1frjTxtyzb+PG74rH kgQ12AJZAnd2Jku5qq5VrYsQxDtOU06GZIzacmSji/JxTtf3hpklx5f0Qr4qpXj1wS7i a3l4Awku9mEoY4Pl5VFIssXkte5wXow/rZss84keGvWBnegjtKHpRDr61C883rcjYKPb VUAg==
X-Gm-Message-State: AODbwcCCNc+x7VofgRsYLF+7Ntn3Tv92xq8iSFxFMyqnILD3/mnl4jCw GkkjGLRXoUho7nw6Pv3nOOH9+uxkMg==
X-Received: by 10.36.121.22 with SMTP id z22mr18122150itc.59.1497371789254; Tue, 13 Jun 2017 09:36:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.228.175 with HTTP; Tue, 13 Jun 2017 09:36:28 -0700 (PDT)
In-Reply-To: <20170613105409.GB8983@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBPkRhjLNT2QKO+DgfjE8-e-KrJ5XOLbA9bR24R1Fd96MQ@mail.gmail.com> <20170613105409.GB8983@LK-Perkele-V2.elisa-laajakaista.fi>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Tue, 13 Jun 2017 20:36:28 +0400
Message-ID: <CAOp4FwQet1seTXzK68q9vK90sQ0PaHKAK4UWvuK3XJipBVpUVw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/89FALUJ7yrHX0tqX4JKDWiZnN1Y>
Subject: Re: [TLS] Separate APIs for 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2017 16:36:35 -0000

On Tue, Jun 13, 2017 at 2:54 PM, Ilari Liusvaara
<ilariliusvaara@welho.com> wrote:
> On Tue, Jun 13, 2017 at 09:28:49AM +0100, Eric Rescorla wrote:
>> The current text says:
>>
>>    0-RTT data has very different security properties from data
>>    transmitted after a completed handshake: it can be replayed.
>>    Implementations SHOULD provide different functions for reading and
>>    writing 0-RTT data and data transmitted after the handshake, and
>>    SHOULD NOT automatically resend 0-RTT data if it is rejected by the
>>    server.
>>
>> I think the second piece of guidance (about automatic re-send) is still
>> good but it seems like implementations are mostly converging on a single
>> API. Of the implementations I know, NSS, BoringSSL (I think), and Mint have
>> a single API and OpenSSL's use of two APIs is an outlier. I don't think
>> it's helpful to have a SHOULD that a lot of people violate, especially when
>> this also indicates we don't have consensus on this SHOULD.
>>
>> I propose we remove this recommendation in favor of one which simply says
>> that implementations should need applications to opt-in to 0-RTT. That
>> would allow implementations to have either API.
>
> I think it is VERY bad idea for TLS client library to do 0-RTT without
> application explicitly opting in to that (e.g., via setting a special
> setting, or using API call sequences that didn't work at all for
> n-RTT).
>

I also agree here.

v2.23.0 | Report a Bug | By Email