IETF Logo Mail Archive

Re: [TLS] A flags extension

Hubert Kario <hkario@redhat.com> Wed, 03 April 2019 11:03 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7B1812008B for <tls@ietfa.amsl.com>; Wed, 3 Apr 2019 04:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHFir4Zv5Or7 for <tls@ietfa.amsl.com>; Wed, 3 Apr 2019 04:03:28 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83203120091 for <tls@ietf.org>; Wed, 3 Apr 2019 04:03:28 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D7E5D308427C; Wed, 3 Apr 2019 11:03:17 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.83]) by smtp.corp.redhat.com (Postfix) with ESMTP id 00D24608AD; Wed, 3 Apr 2019 11:03:14 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: Christian Huitema <huitema@huitema.net>
Cc: Martin Thomson <mt@lowentropy.net>, tls@ietf.org
Date: Wed, 03 Apr 2019 13:03:07 +0200
Message-ID: <6301899.6P8vclEgcA@pintsize.usersys.redhat.com>
In-Reply-To: <e4d4f883-f65d-e9f1-82f0-8d30b540991d@huitema.net>
References: <A7EC005E-3463-406B-930F-925B4D2338E4@gmail.com> <2719088.tQPqK0Ev7F@pintsize.usersys.redhat.com> <e4d4f883-f65d-e9f1-82f0-8d30b540991d@huitema.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2138393.kk4MFY0jaO"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Wed, 03 Apr 2019 11:03:22 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/I0-WIRHspwIx8Rc_IUigb26Hl80>
Subject: Re: [TLS] A flags extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 11:03:31 -0000

On Tuesday, 2 April 2019 18:29:18 CEST Christian Huitema wrote:
> On 4/2/2019 4:42 AM, Hubert Kario wrote:
> > On Monday, 1 April 2019 23:05:41 CEST Martin Thomson wrote:
> >> On Mon, Apr 1, 2019, at 12:40, Hubert Kario wrote:
> >>>>> would possibly reduce the size of is ServerHello or
> >>>>> EncryptedExtensions
> >>>> 
> >>>> Those are messages where we have size pressure.
> >>> 
> >>> why? in what use case?
> >> 
> >> QUIC. We have 3600 bytes to play with in that flight. And Certificate is
> >> often more than that.
> > 
> > then maybe it's QUIC that should be modified to allow for more than 3600
> > bytes to actually make it deployable?
> > 
> > I mean, seriously, if you you need to be bit-pinching now, what will
> > happen
> > when PQC gets deployed?!
> 
> The problem is "amplification" -- how much data the server is willing to
> send without assurance that the client's address is not spoofed. The
> current decision is "no more than 3 times the size of the data sent by
> the client", which is enforced to be at least 1200 bytes. Quic does work
> if the server flight is longer than that, but then the handshake takes
> at least 2*RTT instead of 1*RTT.

so how many connections will end up with a 2RTT instead of 1RTT handshake if 
the server response is not smaller by those 12 bytes or so?

how many connections will actually end up with larger server response because 
they need to send just one flag?
 
> That said, yes, there is a problem if PQC requires the client hello to
> be larger than 1200 bytes.

or the server has certificates with PQC signatures that are few KiB long...

the more PQC is deployed, to more the balance will be skewed towards the 
server, as far as data sent is concerned
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

v2.23.0 | Report a Bug | By Email