IETF Logo Mail Archive

[TLS] Re: Bytes server -> client

Raghu Saxena <poiasdpoiasd@live.com> Fri, 08 November 2024 07:18 UTC

Return-Path: <poiasdpoiasd@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC927C1DA1EA for <tls@ietfa.amsl.com>; Thu, 7 Nov 2024 23:18:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFcyNGjWDGXI for <tls@ietfa.amsl.com>; Thu, 7 Nov 2024 23:18:13 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01olkn2036.outbound.protection.outlook.com [40.92.63.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E58B4C1D531D for <tls@ietf.org>; Thu, 7 Nov 2024 23:18:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PWb70dzaL7/NhkaCWieEYqQsrcXGwiIhpFxUzcJHNyL9UACHhM4NgCefLbxs6TswtywHVEAnaEd3Irft9MX10BVNmRQrvsUH//+CSU42aKQ14xddddpbY6gQXIhTmtbUaF6vWZN/c2luLbi3DCDmZ1AHUMY8yQmnq0lX6yYrzVAsZaLsrb/sm+gN+tZ8dezV1vSOMs6Pu8RYnJb3Mf3HxgyY5yncJN1GEf/l6CLaWVqh9vPqlhOXqNoAWOFrIuRHAoipsfb83NajaJzT78HsPFQQIh38sCLA5W9Vam+tUOPceKUQ7401x1fO3RkmI7kL/aW/sc2sjPUYoeB+cFv7FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w9baqwvnNLGbEA12fsa1rLS9zlLIbRvQRthnBYMEfYc=; b=md4eEbALqF+U0bJxXzJlF73+smfgnhH7wyU0M9ZYxrKsJlKruDYbCJ1HL2hbqqdRvmJYBkNWRjMcAvs3H9uHdJC2Ukx9DGInv81v+/QqkWMbkMVKf5LEGgYUcbMjYvidvIzeVSQASzO8Q0diBDW0U1d+9bYUWl+hDvteN5++mJwBgko0XOxrjhIYP2jtVe4QnIlmSwpcB8cB1kTRzjHtfaczcUM6t1fTWuvPDxvhrUNN3eK2yqWOiELkg0DfK0v2wAhdqn/E/LVRWb+h8IInEcXd7KerlBwFI4XhCcHhyR9x7/dkKt84tEf4OUpZNcltz2f9pmlIwUdZZjmHwMS64Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w9baqwvnNLGbEA12fsa1rLS9zlLIbRvQRthnBYMEfYc=; b=bu0RuF9VvtlvI6Mx1uFW8n7sF9ozGxGwkYUsmpIOhm2QLP3Z5yKfeQlq3pE5HmagsRHkHTP9oszklQkYAtiAok+1PSylRUj4cgZQnGif/Q/BaL/fFzh4r9H6CFxiTC+pgVfgQQLkPdX3h4VGyfXEx5cHjCR7/aitf2Gy4AOK+Fwjn5xivKayJoCedgU9qvNx7fPXK7VbGfGnIxRPOPjkC2DaIn/kqKOuq4JOoVege2QhrlzCa9YE1WS23hWCT7SGCbfmUcQOic0sA8dTz8PaSL7EeM5+qlC/W6PFAmTCMyosN3K49dyTXmUjmifpr1bH8wlVlhUueU2JclyFOMy9GQ==
Received: from ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:246::5) by SYYP282MB1197.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:b7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.10; Fri, 8 Nov 2024 07:18:09 +0000
Received: from ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM ([fe80::5a2d:ed43:6b7a:6178]) by ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM ([fe80::5a2d:ed43:6b7a:6178%6]) with mapi id 15.20.8158.007; Fri, 8 Nov 2024 07:18:09 +0000
Message-ID: <ME0P282MB5587057E101756B878B90E18A35D2@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM>
Date: Fri, 08 Nov 2024 15:17:59 +0800
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <CAMjbhoUdt53ypQMFgNDh6YM9kDpP8pEB7Ost1nBPFF=kwi-gsA@mail.gmail.com>
Content-Language: en-US
From: Raghu Saxena <poiasdpoiasd@live.com>
In-Reply-To: <CAMjbhoUdt53ypQMFgNDh6YM9kDpP8pEB7Ost1nBPFF=kwi-gsA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------ovsYROIUYQoyBhLWPynb90YS"
X-ClientProxiedBy: SG2P153CA0030.APCP153.PROD.OUTLOOK.COM (2603:1096:4:c7::17) To ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:246::5)
X-Microsoft-Original-Message-ID: <6a19d6fa-6a14-4b23-adeb-aac348cb50a2@live.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: ME0P282MB5587:EE_|SYYP282MB1197:EE_
X-MS-Office365-Filtering-Correlation-Id: 0e47721b-e9a0-40d2-dae5-08dcffc57f96
X-Microsoft-Antispam: BCL:0;ARA:14566002|8060799006|7092599003|15080799006|6092099012|5072599009|19110799003|461199028|13095399003|440099028|3412199025;
X-Microsoft-Antispam-Message-Info: 5WaIusvMxSLWPPJIsbMq/Opi2oNiQQwjXQiS9PfyTfDHL7kuPkUNprYMz1/qXpytwH7h+juOPzYE7TFnpGvuuaE7rfVErqS4RttOWWAKrfq4YAOdI9OZDjtvzpiLNpW5yIcOQy8X2EitF2seeeHoVdPd0ZFDsfmKnN7IVEQAntGxU0yHtYmUARP31eviiBUDJxedcyRFsld8wn/9LGNYuArmPQXeGho0XwrVkTxz5ntuaYUkTcZ5z4YJTaZY6P/GWDumEOHK9rYpzCHbksFUkAuZDo7vk5W4iLXIJ5ozSVeQqL19d56dLrKfTwFrHg8ZPSU5VbpVTTuFSuOlJxojYkonIZatb4iPbGz8ITNLUjdwysywHzQuN7GYSL1TOyjCf1x2gmwjG6oEStR2cC5Wz1tZhICVGl5D1LHpnhKgFE9/6tMJ/g1y4kG2O3UZDJCg6hcep9ZFfY0Bmn1A7L3F7fx9ajy4jr9zIp5YbhFBZWpMooqXQQOzWEhUXZ11tXIEAMH0Gm69DpK4J7gKcxWJabXO0AeaIWBdeAPtagh7Lj2AcjRQT0+ycR8M8rdRXDZwIBzz2BJ41PPCQReFFvQbAE0AA0II8yVlDMpJ2pGJTJe54nessyi5OwWja2v6n+gazFDASnYZ1jgzPxgigXjNSDIcuCQEXKMKsHXbuA8xzc9uMmy9aLhT5BNiphBD6LQLCKmppTULn+nQdN9sqVLeFkYeV/c+7x7yg/jc/85GgyDX1hNDeYYJvYIDckx7W3rmEGNPjGpwBSObpY4VkZYffsVChfGE0iIkfLnsByuY+6yagb6DzLKCh8aG9Hes3FmPAXugxwg7zFlz73zdRhxE2wjP6s2Xnt1yn1HPtX5GzbCoWA4LJFUh6djJDkAZWu8tfuxU00DMA0kmDye7v7ytgTh4MS5P5O496ArbdvLk6gY8L/SjiTVyKOOJkmLX7Y3pYKYgxYSRuRhfODGhB75zHhVPk0kQFyhes9HyQ3O6/e+SViPDh4ObWzWslCwVJaUkpbPA+0gO6vrWqhWS3XdSiKtXQorRWXXBAkZzXg/6Q6/jUr3VqOSX+cz/o02rdKutzgAYHmTAmBpXlfj53jrlpCA495927LRD60R35EErylM=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 1xuN+tAmx4vCtZaXAJus+0bDwvPYfRFXCmKhvzQcTTSqTpO4qNyCbO7yppWwsWPCHjGQsqxdMINKr3hkHQylO2rjpxBkRjTr/cMxXPRmq09NPlydQI4HTT3quNbVnNOYJRB+WqedHiDXqiQi5N6dNkggaaUnD1l2VRo/5UBvs2RJoAkWJhaG8vLDSWXdsVV4sJqo7PZTp8L0W/Dt/49I8gid+/E+cvs+hgBoG2rPLUwXO0jFNP94nQ9MANLownyc3agFXLVlXkw3ttJFZjDlw6RKFb0wnzJ4BI33hATCV3Rrgz9D8Pz+but+jdgj6X1sj3hhcK7BifqeyJI+TkdRvKYMyPigd7tlCJW0pCghWfldVWgzR42NIfo6cAw3WoYvHCmzYq6VGeqMA3GgriOvRNIyrZq+66u1/rTk5rd+Rp8tXdzrLErjinHhozjgCDq5HMTo9876/LLY6uepEUZ32AbEvk70ubKtgp/NIX7YvSLsicwM9Kt/BuNUVwsUER8jBYBWVLRV0w9GJYzfCO9oleh2iWfDAajghwOPPanTGwic84A7yIR2UccdNTgOIe1TvlQnZUqYP0d9HA92vnH+mYWdDCOVb+ruOut5KiqE6sZ42c0HMzVZIoSgWr8mW0J2KvxVrpn2c/7QrzosdGGHZXOrfsksMFSMUL1/dZoW9YX7zoBjrl47MdyzIKiX8pTY5g7kxCjZoODoyQiudZn9utWt7K9j9JwkUup1v/whFU7qhpBPoOHrT9ZUzLvNxpINEpZkYjdmk/Qj3afv+fifqmn5SDqA1CJy4VbBCCgTBp8jQLVY9TMcoTQoSpOeewIOV/BbI3QjybgfcOHpboOpiIyWifn30aoJGOh++oW9SEkgOeuTMStI1Feg8bgnfQ5tj/kw/bhO/TMciYUGGcM3ixVoZl7f0iq0o5mzEqeN3yskJbD7ehEXIA1YGuH0oSfMnK8pU/viuyMY+e52NxPB9fZX2KeHHZJNEKc5Ud/BDI0xVnBkhS9br81UItr6BW+lIBQ41xfYAEDjMrHZfd+qTwqbzEnzhMAkw4IGOxhVpKvWgeubvUcq8/A32YIDDFGW0J+CqHRF2wFHocAS8zvL4FdoM1xPxNs33ea1+smHLU7BlqVQSjyIhQMdGEsF5YQXoNWdys+a1Cp9CNmyxa/ZvKCNVgYq5Z8Lc2AccCA+dLLh8Cmo2W3nBi85wIETCul4A6TvvkB9AF8RId/elLLindacrqSgeAUE78U/LXHT+t4=
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-722bc.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e47721b-e9a0-40d2-dae5-08dcffc57f96
X-MS-Exchange-CrossTenant-AuthSource: ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2024 07:18:09.7196 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYYP282MB1197
Message-ID-Hash: QFZ776P26COYSBBYOWL2NFVKPH2FTDD7
X-Message-ID-Hash: QFZ776P26COYSBBYOWL2NFVKPH2FTDD7
X-MailFrom: poiasdpoiasd@live.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Bytes server -> client
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J-rYlvasUENkRHQ6kRHHU9mLOlc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Dear Bas,

Thanks for sharing. I'm quite curious about this bit in particular:

On 11/7/24 10:06 PM, Bas Westerbaan wrote:
>
>     On average, around 15 million TLS connections are established with
>     Cloudflare per second. Upgrading each to ML-DSA, would take
>     1.8Tbps, which is 0.6% of our current total network capacity. No
>     problem so far. The question is how these extra bytes affect
>     performance.
>     Back in 2021, we ran a large-scale experiment to measure the
>     impact of big post-quantum certificate chains on connections to
>     Cloudflare’s network over the open Internet. There were two
>     important results. First, we saw a steep increase in the rate of
>     client and middlebox failures when we added more than 10kB to
>     existing certificate chains.
>
Would you be willing to share some numbers around the increase in 
failures? What do you think might've been the cause for increased 
failures at clients and middleboxes? One hypothesis I have is 
TLS-related DPI might allocate a certain buffer to capture the 
handshake, which was now being crossed.

Regards,

Raghu Saxena

v2.30.2 | Report a Bug | By Email | System Status