IETF Logo Mail Archive

Re: [TLS] Proposed text for removing renegotiation

David Holmes <d.holmes@f5.com> Thu, 12 June 2014 16:20 UTC

Return-Path: <d.holmes@f5.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F0431B2A2B for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 09:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.652
X-Spam-Level:
X-Spam-Status: No, score=-7.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfMVUUJ8xpF9 for <tls@ietfa.amsl.com>; Thu, 12 Jun 2014 09:20:19 -0700 (PDT)
Received: from mail.f5.com (mail.f5.com [208.85.209.139]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC2881B2AA9 for <tls@ietf.org>; Thu, 12 Jun 2014 09:20:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=f5.com; i=@f5.com; q=dns/txt; s=seattle; t=1402590019; x=1434126019; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=5/0/K0WsoN2De03tOjtWYGUyexayM99CpfTETF9mCq8=; b=hawonlVg7K09bjTF7W1qpfRWFwMxldBoSzyV0LSFMmR6HySpgux3c03Z vLfEUEzLSGjNZZZBrMCqTXjrdDsM3dmZVigKNoX/M1BZXXqNI38zui6q/ QcK76FiS6J1ckcgoF6oF3njvBTJnQAmZ/ReE1sI9A1b8vZUjR5AtRdGrt 4=;
X-IronPort-AV: E=Sophos;i="5.01,466,1400025600"; d="scan'208";a="115523189"
X-IPAS-Result: AlYFAO/RmVPAqArr/2dsb2JhbABahDipTgEBAQEBAQaZHgGBIHWEBAEBBDorFBACAQgNFRQQMiUCBA4N2mUXhVyITjEHgyuBFgShVY9rgi8
Received: from unknown (HELO exchmail.f5net.com) ([192.168.10.235]) by mail.f5.com with ESMTP/TLS/AES128-SHA; 12 Jun 2014 16:20:18 +0000
Received: from SEAEMBX02.olympus.F5Net.com ([fe80::a5e3:d11c:e46a:e7c7]) by SEAECAS04.olympus.F5Net.com ([::1]) with mapi id 14.03.0181.006; Thu, 12 Jun 2014 09:20:17 -0700
From: David Holmes <d.holmes@f5.com>
To: Watson Ladd <watsonbladd@gmail.com>, "Kemp, David P." <DPKemp@missi.ncsc.mil>
Thread-Topic: [TLS] Proposed text for removing renegotiation
Thread-Index: AQHPhdwqCg8gt7OZi0qJtRIa8EVlLJtss9iw
Date: Thu, 12 Jun 2014 16:20:17 +0000
Deferred-Delivery: Thu, 12 Jun 2014 16:20:00 +0000
Message-ID: <859F43324A6FEC448BFEA30C90405FA90550E0@SEAEMBX02.olympus.F5Net.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <5B1D7E570380A64989D4C069F7D14BC8CB7F66D6@PINTO.missi.ncsc.mil> <CACsn0ckoNvNQye09ekHPNtEMdhU58QzbWJiufTwGfkjBynKqxA@mail.gmail.com>
In-Reply-To: <CACsn0ckoNvNQye09ekHPNtEMdhU58QzbWJiufTwGfkjBynKqxA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.15.155]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/G_XCCHimEUpeXxsVHB91gLl35LI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 16:20:20 -0000

Some field data here.

Our load-balancers/SSL terminators let customers set a time interval for renegotiation (the default is never). 

We retain support customers for a period of time and have the ability to grep through customer configurations.

Over the previous 90 or 180 days (or whatever our retention period is) there are 33 customers using renegotiation (on 56 hosts). This is approximately 0.5% of the customers.

Of those hosts:
* The selected interval values range from 3 seconds (!!!) to 86400 - with an average being around 3600 seconds.
* Lots of 10-second renegotiation intervals as well.
* Seems to be a slight preference to the Financial vertical.

I'm not suggesting that this data moves the conversation about renegotiation one way or the other.

v2.23.0 | Report a Bug | By Email