Re: [TLS] 0-RTT and Anti-Replay

Colm MacCárthaigh <colm@allcosts.net> Mon, 23 March 2015 04:32 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA3AD1A0194 for <tls@ietfa.amsl.com>; Sun, 22 Mar 2015 21:32:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTcKKsJxKXzV for <tls@ietfa.amsl.com>; Sun, 22 Mar 2015 21:32:15 -0700 (PDT)
Received: from mail-oi0-f42.google.com (mail-oi0-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFB91A0191 for <tls@ietf.org>; Sun, 22 Mar 2015 21:32:15 -0700 (PDT)
Received: by oiag65 with SMTP id g65so131590473oia.2 for <tls@ietf.org>; Sun, 22 Mar 2015 21:32:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=N+E05uW0wwZa1ZE+v71ooqNMsll/IlJ+faeip/UPta8=; b=Ie/tvx4cgEPAyGWzQlXfFJ44bQ1PP2BnStrWVzdIJAEN8h5kTuaWV9xp4zTV/fyp/t difbBIKXwxbDDxkTdydLeuNATy6PcXgzbrDLdincqqpaWon1ZoD70b29VrcEdT1na318 bff3ZwJsCDij5QW72QEgdG5XS6ZhVlQcw3My4QHsSSGEUFg80TWljhq2g7Kw2XtEAQ5n cJRZZbO2DjLzbOJjvsbyaYUHruRpCCFp7BsqjDSTkYpIW52jcBJSC4Ri6+Cbk//MehJk 7RLIobZPUH2cAFnYO/3TsG28TyfwfqtQNPO5nFK+nw4Rbs/+5iR5ECr3U6QWggc2csRm 3Kgg==
X-Gm-Message-State: ALoCoQkiwFmJEPjmaPoqcpOVjpd1t3kPWsC91hymV91nLaLo8OtKfOKlcWTe2SI/xoa4ClkPSDOG
MIME-Version: 1.0
X-Received: by 10.202.228.201 with SMTP id b192mr26756040oih.40.1427085134581; Sun, 22 Mar 2015 21:32:14 -0700 (PDT)
Received: by 10.76.129.235 with HTTP; Sun, 22 Mar 2015 21:32:14 -0700 (PDT)
In-Reply-To: <CABkgnnWXtpuSKH-eEou9O7qncUSeuiv=4kw_GE6Um8VW3dcohQ@mail.gmail.com>
References: <CABcZeBP9LaGhDVETsJeecnAtSPUj=Kv37rb_2esDi3YaGk9b4w@mail.gmail.com> <550F6582.9040602@brainhub.org> <CABcZeBNn92Zu7Hfu5z8qD=AZDn=jUkZ3phk18G7S1z7XJNQ9sQ@mail.gmail.com> <CABkgnnWXtpuSKH-eEou9O7qncUSeuiv=4kw_GE6Um8VW3dcohQ@mail.gmail.com>
Date: Sun, 22 Mar 2015 21:32:14 -0700
Message-ID: <CAAF6GDcD9CfLwrFDr67dT+FNo3DT1=VH=GPizchtftm2Hfj9dQ@mail.gmail.com>
From: Colm MacCárthaigh <colm@allcosts.net>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8asCRQsUfhc7RgAV-f0aWsc6tyk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0-RTT and Anti-Replay
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 04:32:15 -0000

On Sun, Mar 22, 2015 at 8:35 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> For HTTP, I think we can use that first flight for idempotent queries
> quite easily and (at worst) the HTTP/2 connection preface.

This seems so open to error as to be untenable. Quite a lot of HTTP
based APIs are not idempotent, probably even the majority. Even where
API calls can be made idempotent in the theoretical sense, in the real
world there is often throttling and billing/metering state associated
even just with the raw number of calls made. So they are
non-idempotent by side-effect.

-- 
Colm