Re: [TLS] Do we actually need semi-static DHE-based 0-RTT?
"Salz, Rich" <rsalz@akamai.com> Fri, 19 February 2016 15:01 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 147A71B30EB for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 07:01:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.707
X-Spam-Level:
X-Spam-Status: No, score=-2.707 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-OOU4IwD__0 for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 07:01:34 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id CCAC41ACEE6 for <tls@ietf.org>; Fri, 19 Feb 2016 07:01:34 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 84512433433; Fri, 19 Feb 2016 15:01:33 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 6E2B0433401; Fri, 19 Feb 2016 15:01:33 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1455894093; bh=51WBSjy+tYeMYZrw8RHUwhwKT/aF5sZaSJBRdnCu2W8=; l=546; h=From:To:Date:References:In-Reply-To:From; b=y+MPo0CF6bOpBxhM1yu5JxoYQokNFM4twciodA6uZlPA+og4KOmS1PjKpjzqWDCPx 0FtUNXeQZDSSrtnO4NFLBTbpT5VnctUlx6WItg3RdXCpatAZjSLdr7PjgnRSOijVT1 4VgqSOuxG44gBZ7PMFNetOg/n2qPHIfLhoi64bC4=
Received: from email.msg.corp.akamai.com (ustx2ex-cas4.msg.corp.akamai.com [172.27.25.33]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 51B561FC87; Fri, 19 Feb 2016 15:01:33 +0000 (GMT)
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Fri, 19 Feb 2016 09:01:32 -0600
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1076.000; Fri, 19 Feb 2016 09:01:32 -0600
From: "Salz, Rich" <rsalz@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Do we actually need semi-static DHE-based 0-RTT?
Thread-Index: AQHRarGLa9EhrohM80eEsJBlM29TlJ8zdqvQ
Date: Fri, 19 Feb 2016 15:01:31 +0000
Message-ID: <75b91c8af44e4520a5433d48c97582b0@ustx2ex-dag1mb1.msg.corp.akamai.com>
References: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com>
In-Reply-To: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.47.143]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Hjf7TCHE241ZgDvZTgkvT8J92Oc>
Subject: Re: [TLS] Do we actually need semi-static DHE-based 0-RTT?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 15:01:37 -0000
I greatly prefer one way to do things. (Python not perl, if you will :) On the other hand, there is an elegance about using a single well-understood mechanism even if it has operational burdens. We all know how to secure PSK material, though, right? :) But what dose this do about encrypted-SNI? -- Senior Architect, Akamai Technologies IM: richsalz@jabber.at Twitter: RichSalz
- [TLS] Do we actually need semi-static DHE-based 0… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Bill Cox
- Re: [TLS] Do we actually need semi-static DHE-bas… Salz, Rich
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Scott Fluhrer (sfluhrer)
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- [TLS] Mass 0RTT of subresources with no prior kno… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Martin Thomson
- Re: [TLS] Mass 0RTT of subresources with no prior… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Eric Rescorla
- Re: [TLS] Mass 0RTT of subresources with no prior… Ilari Liusvaara
- Re: [TLS] Do we actually need semi-static DHE-bas… Nick Sullivan