IETF Logo Mail Archive

Re: [TLS] Idempotency and the application developer

Nico Williams <nico@cryptonector.com> Fri, 05 May 2017 05:04 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30AA91293E0 for <tls@ietfa.amsl.com>; Thu, 4 May 2017 22:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agFxMPyuBKUC for <tls@ietfa.amsl.com>; Thu, 4 May 2017 22:04:17 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86DCF1293F9 for <tls@ietf.org>; Thu, 4 May 2017 22:04:16 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTP id 205E26000A60B; Thu, 4 May 2017 22:04:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=CruxRLy4HJ+8dr vdoSWlogZj6vY=; b=VQ7OBIrCI4dG8Mxchb0Yybv4h843CJB6f81qGTddtxiT6Z 2oIUFjKWb/W9I9zusGQiNMyX8DPWDKj1LIVLNdR0cYstMjT7gvqtyCGl8kPNGBmP ydRrdYPqfkxFD/bdXReV9C1FO5zPcytxS6prHYZOabpGzpfVhNLKK/f2H6VuU=
Received: from localhost (cpe-70-123-158-140.austin.res.rr.com [70.123.158.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTPSA id B3E3760002A24; Thu, 4 May 2017 22:04:15 -0700 (PDT)
Date: Fri, 05 May 2017 00:04:13 -0500
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: Watson Ladd <watsonbladd@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20170505050412.GE10188@localhost>
References: <CACsn0ckPOU+mSCZdBycYKvAN=rLuVHnbsFNSOqZiN8oK_nJVBw@mail.gmail.com> <830b5237-d3d1-2f3b-3e8d-a4cc75870fd9@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <830b5237-d3d1-2f3b-3e8d-a4cc75870fd9@akamai.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DNwRcZ8iuQE8S_ND5W4YMYRpo7g>
Subject: Re: [TLS] Idempotency and the application developer
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2017 05:04:18 -0000

On Thu, May 04, 2017 at 11:22:47PM -0500, Benjamin Kaduk wrote:
> On 05/04/2017 06:35 PM, Watson Ladd wrote:
> > If you are willing to buffer 0-RTT until completion before going to
> > the thing that makes the response, you can handle this problem for the
> > responsemaker. This will work for most applications I can think of,
> > and you need to handle large, drawn out requests anyway. This sounds
> > like it would work as a solution, but I am sure there are details I
> > haven't discovered yet.
> 
> The server is allowed to buffer the 0-RTT data while processing it and
> delay a response until the handshake is completed, yes.  (I think this
> is the "way to force 1-RTT at the application layer" that Nico wants.) 

I'm not up on the details of how 0-rtt works in TLS 1.3.  I don't know
if there's a way for the server to cause a round-trip to occur, nor if
there's a way for the client to then confirm the 0-rtt data in that
round-trip.

I do think having such functionality would be very helpful for cases
where the server runs a) without a replay cache, and b) can accept
idempotent and non-idempotent requests.

I think always requiring a replay cache is not likely to work out in
practice.

> It removes the latency benefits of 0-RTT [for that request] and might be

Because [for that request] there are no benefits of 0-rtt.

> annoying to implement with APIs that only give you a single data stream
> (but probably not too bad), but the application layer at the server has
> the capability to solve these idempotency/replay problems. 
> Unfortunately, we are the TLS layer and cannot assume that we control or
> can cooperate with the application.  Which leads right back to the
> "application profile is required" bit, of course.

Yes, sure, but the application profile rubber has to meet the road.
That usually means that the devil is in the APIs.

An application that wants a "dumb secure socket"... just can't have
0-rtt.

HTTP should be trivial to profile... if only GET weren't abused here and
there.

Nico
--

v2.23.0 | Report a Bug | By Email