Re: [TLS] Is stateless HelloRetryRequest worthwhile? (was Re: TLS 1.3 Problem?)

Michael D'Errico <> Wed, 30 September 2020 17:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BE9983A0B64 for <>; Wed, 30 Sep 2020 10:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key); domainkeys=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M1WQyS2AZGm6 for <>; Wed, 30 Sep 2020 10:21:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 255063A0BC0 for <>; Wed, 30 Sep 2020 10:21:02 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id 9399B8FBAC for <>; Wed, 30 Sep 2020 13:21:01 -0400 (EDT) (envelope-from
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=ZE8h82HC/+5+ QBWpOGK4GsJYcwk=; b=SO3U/pjSKZ7vLEreOmUboLTvivCcy4X98M8HvLtZDr/L I0sSHVEG3MROpcZZ2stJ6lJ9T4T5qzk+Pdjz2SfEwDqDA07quq/h4bku76GkMEzl 5XVIPWJ2a5CX44SVtaVf5GdDx+MAd6zpt1U+5CMzsc19RcrKY4UH1NndWS4fhIk=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=VgKZr2 MlwnOPt6iMjPDik6WkafU922/ayRjwdtgymKhenqtrai+rLOQPu7PAtA8DAATVBo brw5BzrFTlAAs4G0yS799GHy7zLXryfZlou7qdkgq3MLW4+0UxEIDXFN3NhYBfhV pTaVK+XFFhOZlrg7XFvgLYWzwP4p+kUVcY0/A=
Received: from (unknown []) by (Postfix) with ESMTP id 8B1488FBAB for <>; Wed, 30 Sep 2020 13:21:01 -0400 (EDT) (envelope-from
Received: from MacBookPro.local (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 7DE3C8FBA9 for <>; Wed, 30 Sep 2020 13:21:00 -0400 (EDT) (envelope-from
References: <> <> <> <> <> <> <> <> <> <>
From: Michael D'Errico <>
Message-ID: <>
Date: Wed, 30 Sep 2020 13:20:59 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
X-Pobox-Relay-ID: 4F71C0F2-0341-11EB-8C87-2F5D23BA3BAF-38729857!
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [TLS] Is stateless HelloRetryRequest worthwhile? (was Re: TLS 1.3 Problem?)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Sep 2020 17:21:08 -0000

 > The costs you describe are trivial.

The general idea among developers these days that CPU
cycles are free is a huge problem.

You didn't answer my biggest question, though, which was
whether you (or anybody else!) has had success using stateless
HelloRetryRequest to increase the number of connections a
datacenter can handle due to the fact that the servers were
memory-bound.  The amount of memory to hold the first
ClientHello message is trivial.  But if doing stateless HRR has
measurably increased the performance of a data center's web
serving capability, I'll change my mind about it.

 > We also implement DTLS where this is properly useful.

I can't find the DTLS 1.3 spec.  Which RFC is it?