Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
Tommy Pauly <tpauly@apple.com> Wed, 20 November 2019 02:40 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43048120220 for <tls@ietfa.amsl.com>; Tue, 19 Nov 2019 18:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJg6jhPKH42Z for <tls@ietfa.amsl.com>; Tue, 19 Nov 2019 18:40:38 -0800 (PST)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 920D41201E0 for <tls@ietf.org>; Tue, 19 Nov 2019 18:40:38 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id xAK2WKL3014863; Tue, 19 Nov 2019 18:40:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=h1YJUCykqHBRCu/rtSfRGwPf39WpOGIny/y99WoGKyY=; b=kcB2p86o4sHHaYwc7bH1VVb/DiPROcGoXDr8JxraOu7TqzW7rAyNoOpYrrBKFbd4U4/s aJsvZLCTLszLjmiBqiwlR0UbBH8S/IIDMGgo3n61YXfizwOqTCptsHY8gbHtq1wJ9Elj GGNGzfegwivvK27bgyCz13kVzpGhX+q5WOdp4fEBv9wKiPxsbwVUWW+cqEtsX2ko8eT9 12uc/cTf+47LNhCq9hpU+b0e4BPeshX5x6Vhtew3QvXqdl9cmn8qNkJqrE7rDP1MaHN0 frXBTJqV7Amh5pJsbXzIo4V/Gu4tW7mCyaF1uDSxekKYT6wnsrDeKanE8+wALBa+F+mN 9w==
Received: from sg3-postinop-sz01.asia.apple.com (sg3-postinop-sz01.asia.apple.com [17.84.80.96]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 2wagyykm4x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 19 Nov 2019 18:40:35 -0800
Received: from sng-mmpp-sz01.asia.apple.com (sng-mmpp-sz01.asia.apple.com [17.84.80.62]) by sg3-postinop-sz01.asia.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0Q1800LO7Y3LF000@sg3-postinop-sz01.asia.apple.com>; Wed, 20 Nov 2019 10:40:33 +0800 (+08)
Received: from process_milters-daemon.sng-mmpp-sz01.asia.apple.com by sng-mmpp-sz01.asia.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0Q1800D00VMCYJ00@sng-mmpp-sz01.asia.apple.com>; Wed, 20 Nov 2019 10:40:33 +0800 (+08)
X-Va-A:
X-Va-T-CD: ae695c802e0d396617b4b2b2108e7c6a
X-Va-E-CD: 7f7e14a8463c26a765e1ab3769b5d901
X-Va-R-CD: 6a2bc58b15f70a522f15c151e4c2a302
X-Va-CD: 0
X-Va-ID: 0f31403d-b657-4504-84a6-95cf2f09a7e9
X-V-A:
X-V-T-CD: ae695c802e0d396617b4b2b2108e7c6a
X-V-E-CD: 7f7e14a8463c26a765e1ab3769b5d901
X-V-R-CD: 6a2bc58b15f70a522f15c151e4c2a302
X-V-CD: 0
X-V-ID: 7b958fb2-e44f-4169-a178-618c64a59bce
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-11-19_08:,, signatures=0
Received: from [17.235.155.28] by sng-mmpp-sz01.asia.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0Q1800MHIY3DVP80@sng-mmpp-sz01.asia.apple.com>; Wed, 20 Nov 2019 10:40:28 +0800 (+08)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <14690874-E301-4BC0-B385-00DEBCBA94C2@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_5F98897B-09E2-4B9A-9863-380306F7FCF8"
MIME-version: 1.0 (Mac OS X Mail 13.0 \(3594.4.17\))
Date: Wed, 20 Nov 2019 10:40:20 +0800
In-reply-to: <CADZyTkmaUVj=sFdgg93MuM2au0B=1M1k3yCA1XDoaAneVDmnNw@mail.gmail.com>
Cc: tls <tls@ietf.org>
To: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>
References: <2FB1D8AD-2C22-4A09-B7AF-0EFD6F0DBACA@sn3rd.com> <0469b84c-3009-427a-99ca-e7f6817f0b6c@www.fastmail.com> <caa6f6b4-537c-46bb-a04b-28d2b59f8ecd@www.fastmail.com> <20191116100546.GP34850@straasha.imrryr.org> <20191116103855.GQ20609@akamai.com> <20191116110425.GR34850@straasha.imrryr.org> <556d2210-4af7-b398-fbd7-eab2685d7c62@wizmail.org> <20191116210617.GS34850@straasha.imrryr.org> <20191116235952.GR20609@akamai.com> <20191117002249.GV34850@straasha.imrryr.org> <CADZyTkmaUVj=sFdgg93MuM2au0B=1M1k3yCA1XDoaAneVDmnNw@mail.gmail.com>
X-Mailer: Apple Mail (2.3594.4.17)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-11-19_08:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HQkAbFXE41ChumfiABJNBgjsTGo>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 02:40:40 -0000
> On Nov 19, 2019, at 5:20 PM, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org> wrote: > > Hi, > > Just to followup the discussion. I support Viktor,'s proposal as it provides the ability to the client to specify what it wants rather than let the server guess. What I am wondering is whether we are catching all possible client "policies" or whether we should consider some additional reserved values. Typically I do not see case where 200 tickets may be requested, so we may have some place for reserved bits if needed. > > I see my comment of how tickets are generated as complementary. > > Yours, > Daniel > > > > On Sun, Nov 17, 2019 at 8:23 AM Viktor Dukhovni <ietf-dane@dukhovni..org <mailto:ietf-dane@dukhovni.org>> wrote: > On Sat, Nov 16, 2019 at 03:59:53PM -0800, Benjamin Kaduk wrote: > > > > That also works, effectively treat 0xff as "-1", but all other > > > values as non-negative, with 0 a request for re-use. An isomorphic > > > encoding, but without the "-1". > > > > [Jeremy had a more eloquent description of the vague sketch of an idea that I had in my head] > > Jeremy's "isomorphic" encoding works fine for me, and is likely less confusing. > So, FWIW, it has my support. Fleshing it out a bit more, I am proposing: > > - 0xff => send no tickets > > - 0x00 => reuse requested: > + send no tickets if presented ticket is accepted and reusable > + send one ticket if presented ticket is accepted, but is not reusable > (expired, or reuse is not allowed). > + Also send one ticket if session could not be resumed and a full > handshake was performed. Clients that reuse tickets don't need a > separate one for each session, so one per full handshake should > suffice. > > - 0x01-0xfe => client wants single-use tickets: > + send up to that many tickets on full handshake, > + however, generally send just 1 ticket on resumption, or when > replacing tickets during long-lived connections. This helps to > reduce chronic ticket "oversupply". Having a recommendation to generally just send one ticket doesn't address the motivating use case for the document, which is Happy Eyeballs (connection racing). Having multiple tickets is required in a steady state, so we shouldn't recommend against that. Any client that wants to only do the reuse case can just not use this extension. Thanks, Tommy > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] WGLC for draft-ietf-tls-ticketrequests Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Jeremy Harris
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests David Schinazi
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Benjamin Kaduk
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Watson Ladd
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Nico Williams
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Bill Frantz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Tommy Pauly
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Ben Schwartz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Ben Schwartz
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Daniel Migault
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Rob Sayre
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Hubert Kario
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Jeremy Harris
- Re: [TLS] WGLC for draft-ietf-tls-ticketrequests Viktor Dukhovni