Re: [TLS] Alert type for connection limit or server busy?
Yoav Nir <ynir.ietf@gmail.com> Wed, 02 April 2014 07:24 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A031A014D for <tls@ietfa.amsl.com>; Wed, 2 Apr 2014 00:24:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0QnRzlBJYo3 for <tls@ietfa.amsl.com>; Wed, 2 Apr 2014 00:24:06 -0700 (PDT)
Received: from mail-we0-x22f.google.com (mail-we0-x22f.google.com [IPv6:2a00:1450:400c:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id DDA361A006E for <tls@ietf.org>; Wed, 2 Apr 2014 00:24:05 -0700 (PDT)
Received: by mail-we0-f175.google.com with SMTP id q58so7444637wes.34 for <tls@ietf.org>; Wed, 02 Apr 2014 00:24:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=qRHEiAcKZt4bGef8llzjEjiIQnZf6gRdODoLMu2OPdE=; b=MTCwuCxcc2Y0ejtdeJsFWmBog6V1xRigiIrWY17dFgCYwNcv7Dl6TbrmvnEgGQjDmN C5v4TsXvnaNEHBZC8Y8xy5pTrL5u0YNR+pkaVPKu51ntwEFAJotzqR26dqelLTOG/Cf1 oJC0FH5YSD8NbJTZSAgwZbzgTL/jWg3/kWh37+v0cb2UF5yCtwFhGLvuqnu/g/7LOHPc REPp5JpkA5HF+0zhC8DCV6D1FZlmM+HIz+4+8UE4TUraZ+kUTs4c0kX2LDjIBeo5TmLf JtH4DMApOgYJA6jV5Ke7Pa0WDB7L8bFQV+uQcP45CnesTraZeyewf/QW7lTGhbAtOthc IpYQ==
X-Received: by 10.194.80.7 with SMTP id n7mr28990250wjx.8.1396423441672; Wed, 02 Apr 2014 00:24:01 -0700 (PDT)
Received: from [172.24.251.171] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id x3sm2507905eep.17.2014.04.02.00.23.59 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 02 Apr 2014 00:24:00 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_FCC40987-7BB6-4258-BC2B-F27C1F76AF02"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAKC-DJi2CHC5Jqu77qE7NxgF0P5QdhQvsRdfdzvhLeHbCnC0iA@mail.gmail.com>
Date: Wed, 02 Apr 2014 10:23:54 +0300
Message-Id: <7A0B56B8-8599-4042-A52D-DA6ECBF0BEC2@gmail.com>
References: <EBC54843816A0E9AD64C880F@96B2F16665FF96BAE59E9B90> <CAKC-DJi2CHC5Jqu77qE7NxgF0P5QdhQvsRdfdzvhLeHbCnC0iA@mail.gmail.com>
To: Erik Nygren <erik+ietf@nygren.org>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/FnATyl90MQh7QeqLo4W_GJo-i7U
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Alert type for connection limit or server busy?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 07:24:10 -0000
Hi Erik I raised a similar idea on the SAAG mailing list and at the SAAG meeting in London. This method is often called “client puzzles”. For me this is interesting for both IKE and TLS. There is an issue that makes this a hard sell, and that is a patent. See my post to SAAG: http://www.ietf.org/mail-archive/web/saag/current/msg04579.html I’ve asked some people who work for the patent owner, and am waiting to hear from them. Yoav On Apr 2, 2014, at 8:44 AM, Erik Nygren <erik+ietf@nygren.org> wrote: > Along these lines, it would be worth discussing an optional proof-of-work extension such that the server could introduce an extra RT by pose a problem back to the client under certain overload circumstances and then wait for a successful response from the client before performing additional cryptographic operations. This would be something that would normally only be used when the server is under attack to help it selectively raise the bar. (Clients could also chose to abandon the connection.) > > For example, a server under attack could propose back to clients: > > { partial_value, num_bits, SHA256(full_value) } > > where the first num_bits of full_value have been zeroed out. The client must respond back with full_value before the the server will spend additional CPU time on the negotiation. This also lets the server select different values for num_bits depending on how much load it is intending to shed (or perhaps based on how many connections have come in from that particular client recently). > > While not necessarily being "fair" to low-powered devices, it would be extremely valuable for allowing servers to selectively shed load by controlling how symmetric the workload for a given set of clients must be. > > Erik > > > > On Tue, Apr 1, 2014 at 12:35 PM, Chris Newman <chris.newman@oracle.com> wrote: > Is there a TLS Alert type that can be used by a TLS server to reject a TLS > client connection based on a per-IP-address connection limit? > > The idea would be to have the server reject the connection before spending > cycles on the TLS negotiation. But it's important to inform the client why the > connection is rejected in order to reduce the number and severity of support > calls that might be generated by such a limit if the connections were silently > dropped. > > Another case that's interesting is when the server is temporarily overloaded > and wants to reserve CPU cycles for existing connections rather than spending > cycles accepting new connections. Again, it's desirable to indicate to the > client the cause of this connection failure in an attempt to reduce the number > and severity of support calls and also desirable not to spend unnecessary > server time on the TLS negotiation. > > With the STARTTLS model, applications could just reject at the banner with a > text error message. But with the separate-port-for-TLS model, this needs to be > done in the TLS layer. > > I didn't see appropriate alerts in RFC 5246 section 7.2. > > Could alerts for these two cases be added as an extension or a TLS 1.3 feature? > > - Chris > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Alert type for connection limit or server b… Chris Newman
- Re: [TLS] Alert type for connection limit or serv… Erik Nygren
- Re: [TLS] Alert type for connection limit or serv… Alyssa Rowan
- Re: [TLS] Alert type for connection limit or serv… Alyssa Rowan
- Re: [TLS] Alert type for connection limit or serv… Erik Nygren
- Re: [TLS] Alert type for connection limit or serv… Yoav Nir