Re: [TLS] Proposed text for removing renegotiation

Eric Rescorla <ekr@rtfm.com> Thu, 12 June 2014 16:36 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5017C1A01AA for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 09:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id haBACcBWy-n3 for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 09:35:57 -0700 (PDT)
Received: from mail-we0-f169.google.com (mail-we0-f169.google.com [74.125.82.169]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A1151B27B6 for <tls@ietf.org>; Thu, 12 Jun 2014 09:35:57 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id t60so1612776wes.14 for <tls@ietf.org>; Thu, 12 Jun 2014 09:35:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=W5HWoIbPtPuRS6FYUfNbup7WvV87VtL738fslvr7b44=; b=SADwqGmJEL1DgNsp6ks9K2z8UGrU6zn35MtTGJMxF9NuiSaQYLo0ZkUyBxnkhCLOqP wcOlYDkRlfFfgWiitLeGbqawtFA7WPit7FokOLYUvz4a2aZGVNu78GrR0vA0SM//zoxP MOSwTasnGP8GlsKkC2qZ1Ox4xiJKuZLlZPdK3OS2xkSRzWHd2w2f1GeSpk/dSa4Ye5Cn 3RWKAPM/s6A9upCp3iiZNLARRgUuOyJNacw3COii28RbI5/kQLE9o2OmqPnPpjLGWT/u 3mBxXIzr4UcpQNPNMed6g8a+qiCqqhIXZghDwE3dGGV3trLkDgqj1hmMKAWTaS63K20d 1Fqg==
X-Gm-Message-State: ALoCoQldp9CrnLoWZTRUxLstTg6c0ADxG76p0zTHrwb78QdfNwc7ES/GQn6n44yKB5W4nRXaetnF
X-Received: by 10.194.10.130 with SMTP id i2mr17550236wjb.70.1402590955596; Thu, 12 Jun 2014 09:35:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Thu, 12 Jun 2014 09:35:15 -0700 (PDT)
X-Originating-IP: [2620:101:80fc:232:496:bac1:f2cc:1e8c]
In-Reply-To: <859F43324A6FEC448BFEA30C90405FA90550E0@SEAEMBX02.olympus.F5Net.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <5B1D7E570380A64989D4C069F7D14BC8CB7F66D6@PINTO.missi.ncsc.mil> <CACsn0ckoNvNQye09ekHPNtEMdhU58QzbWJiufTwGfkjBynKqxA@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA90550E0@SEAEMBX02.olympus.F5Net.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 12 Jun 2014 09:35:15 -0700
Message-ID: <CABcZeBNqU5WdDfdGF391ntCDHThWOg8ZQ0CxKPj5yiV--cY-+w@mail.gmail.com>
To: David Holmes <d.holmes@f5.com>
Content-Type: multipart/alternative; boundary=047d7b450586ac8aae04fba6272c
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/CDHUBUpx11Bflvsiv8PAT2zfWxg
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 16:36:02 -0000

On Thu, Jun 12, 2014 at 9:20 AM, David Holmes <d.holmes@f5.com> wrote:

> Some field data here.
>
> Our load-balancers/SSL terminators let customers set a time interval for
> renegotiation (the default is never).
>
> We retain support customers for a period of time and have the ability to
> grep through customer configurations.
>
> Over the previous 90 or 180 days (or whatever our retention period is)
> there are 33 customers using renegotiation (on 56 hosts). This is
> approximately 0.5% of the customers.
>
> Of those hosts:
> * The selected interval values range from 3 seconds (!!!) to 86400 - with
> an average being around 3600 seconds.
> * Lots of 10-second renegotiation intervals as well.
> * Seems to be a slight preference to the Financial vertical.
>
> I'm not suggesting that this data moves the conversation about
> renegotiation one way or the other.


Do you have any idea why they want this?

-Ekr


> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>