IETF Logo Mail Archive

Re: [TLS] Triple Handshake Fix.

Martin Thomson <martin.thomson@gmail.com> Mon, 05 May 2014 20:20 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51A071A0424 for <tls@ietfa.amsl.com>; Mon, 5 May 2014 13:20:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-I8Bi2B5Oxi for <tls@ietfa.amsl.com>; Mon, 5 May 2014 13:20:39 -0700 (PDT)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id CE58F1A041F for <tls@ietf.org>; Mon, 5 May 2014 13:20:38 -0700 (PDT)
Received: by mail-wg0-f43.google.com with SMTP id l18so6958535wgh.26 for <tls@ietf.org>; Mon, 05 May 2014 13:20:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6vMOQx88RYWe40xkpNIJDIYb45JM998WUTdfhHPMtnU=; b=sdOPt5RF693WV983aC9oRf5PCNyTsc04hkAp70OhCRngrD5B32pOflofRA9WfCo7Ie GD2hzwKuJ2wHAvWUU8CCe6caBH61pfgoO/yt3mLE6JcEaTT11g9ZgQhPdetLLnBibpD6 dnOQfZhFqTu0fCsQmhg7B4uWiAauacXVbmLLqQAqwJK7qWD/gJuVzD2YSl2tOjXLOeto VpWuN1bsev1KCix1sNtk5psZvALsQcDWNdnVUs6980oXKGYK6yYGOE1lQ+0jP0FioVD2 YKkHX51X0d8QkFPfBLCkNaWVANF4u6DissOvZfvEzWCuxfKSnwS6OemQMPCkDoG84Oh/ Oj4w==
MIME-Version: 1.0
X-Received: by 10.180.84.226 with SMTP id c2mr17573369wiz.50.1399321234734; Mon, 05 May 2014 13:20:34 -0700 (PDT)
Received: by 10.227.77.10 with HTTP; Mon, 5 May 2014 13:20:34 -0700 (PDT)
In-Reply-To: <CADMpkcKTYhNAdNVypGiGu-axNWitLGRKzE3R6Rc81qJ2Jq6_bA@mail.gmail.com>
References: <CAL9PXLyGjM0R-NRdqzbfKWOvbLjT+mwE9uT0BQTpiFt5p27ATQ@mail.gmail.com> <CALR0ui+RfdFiQ4-1Odb8DKa3Kc_Ont__eBnpMNa9Obm1FeCi2A@mail.gmail.com> <CADMpkc+JeDDebHs0G3G3f17AGw9EjOe=EcK1dh_mikKjyF1DbQ@mail.gmail.com> <CA+_8ft7fwatXJjDmcsHvXG5W+CRPAx8N1+cT9Mh86pntQ7=_vQ@mail.gmail.com> <CAK3OfOgrXFeBEx8EWHaxvp7ZtQJ2YAap1myn5BHWKesTMCYEXA@mail.gmail.com> <CADMpkcKTYhNAdNVypGiGu-axNWitLGRKzE3R6Rc81qJ2Jq6_bA@mail.gmail.com>
Date: Mon, 05 May 2014 13:20:34 -0700
Message-ID: <CABkgnnWwuC4BmSiNx5c9MHuGCTmJgT1ZyhKJwdR1_LW9Sxzuqw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/HUtmk5erYgI4mfT1Bp6rzGBOtGM
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Triple Handshake Fix.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 20:20:40 -0000

On 5 May 2014 12:54, Bodo Moeller <bmoeller@acm.org> wrote:
> Losing session resumption for most connections can be significant for
> computational cost and latency.

At least those are the only costs.  At least the session can still be
established.  There are some use cases that depend on renegotiation
that cannot be addressed otherwise.  For instance, protecting client
certificates from passive inspection.

Neither option is good, but perhaps we can allow implementations (or
deployments) to pick what measure suits them (or both).  I'd certainly
put 2 down as the default.

v2.23.0 | Report a Bug | By Email