Re: [TLS] Comments on EndOfEarlyData

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 23 May 2017 20:25 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D95E12EB17 for <tls@ietfa.amsl.com>; Tue, 23 May 2017 13:25:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwJlKAk48Y-E for <tls@ietfa.amsl.com>; Tue, 23 May 2017 13:25:50 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0136.outbound.protection.outlook.com [104.47.37.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A64112EB13 for <tls@ietf.org>; Tue, 23 May 2017 13:25:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fdwbZz1aD6gbr8LI/GKElDYK9oKR4R6vLE+sqdoVwW0=; b=ZCNrLf43koLB4++n43ZXsy32VzJc5tM/Oa1CXrrgrlw2W/4SkectQpHiP21XPCRb6N4DYODYqknont8M0wM6dfYgJgbCgSxTn95iFBdwOtO8kWGO+cHz2RjStcCyMZCc/ia4/vqTBcTvL2hsLXrg4abvlPfyPPYBrKEbJEiggJg=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0027.namprd21.prod.outlook.com (10.161.140.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1124.0; Tue, 23 May 2017 20:25:48 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::2993:3849:f0fd:2a92]) by DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::2993:3849:f0fd:2a92%16]) with mapi id 15.01.1124.009; Tue, 23 May 2017 20:25:47 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "Salz, Rich" <rsalz@akamai.com>, Markulf Kohlweiss <markulf@microsoft.com>, "Kaduk, Ben" <bkaduk@akamai.com>, "tls@ietf.org" <tls@ietf.org>
CC: Antoine Delignat-Lavaud <antdl@microsoft.com>, Samin Ishtiaq <Samin.Ishtiaq@microsoft.com>, Britta Hale <britta.hale@item.ntnu.no>
Thread-Topic: [TLS] Comments on EndOfEarlyData
Thread-Index: AdLTtEU8p75Loa4ER0+xBa7xoDxY0QANphQAAAFEp8AAAU4hgAADMD2g
Date: Tue, 23 May 2017 20:25:46 +0000
Message-ID: <DM2PR21MB00918AF80A30B6A0265B61B78CF90@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <DB6PR8303MB0069F9DF083276C426975D80ABF90@DB6PR8303MB0069.EURPRD83.prod.outlook.com> <9a52562a-d4cd-3344-de4e-8c798887f451@akamai.com> <DB6PR8303MB00697808B11F2DB538106038ABF90@DB6PR8303MB0069.EURPRD83.prod.outlook.com> <a411d906ec284dd3ac1cc79999a3efc8@usma1ex-dag1mb1.msg.corp.akamai.com>
In-Reply-To: <a411d906ec284dd3ac1cc79999a3efc8@usma1ex-dag1mb1.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8:4::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0027; 7:uZfn6CM/bmein4yqFIQVI8im576yXwXhd01RTX/xhrDXCtPEEDoPqc6/P/1yavkrPTsJt9MQ4KIjorwAh6+XbfID2a7onPIJ/fr/Gkb6YpTYL22EmRvzSHfJVhpbmzvcGi+OWjV1NoniOtPsZLrFkWnqiMWaE8CHMpdUpce97JQvxwMsGyCZ/9w78ggiUHgpg+U48ugJ+LX1xJXjYoD5YGo7+fzo4T5e4yRalm8+ulSrO4lmC63UY99RELO0IUPf0oFmeRBaLWcIv9FxKAjKN+CF8MeXlT0MGvY9+649+l/Jxr6lcH6mboUb9WoWXSvlnmdeSNkZKkH80TVbPLMkEryEHCWbSehWKw9VcvlbNBI=
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6029001)(6009001)(39450400003)(39400400002)(39410400002)(39850400002)(39860400002)(39840400002)(13464003)(377454003)(966005)(2900100001)(72206003)(4326008)(33656002)(38730400002)(55016002)(9686003)(5005710100001)(8990500004)(6306002)(1511001)(6246003)(54906002)(6436002)(25786009)(229853002)(10090500001)(53546009)(99286003)(53936002)(7696004)(3660700001)(81166006)(86362001)(575784001)(74316002)(5660300001)(2561002)(6506006)(189998001)(8676002)(86612001)(50986999)(2950100002)(2501003)(76176999)(3280700002)(10290500003)(2906002)(6116002)(305945005)(7736002)(478600001)(8936002)(5250100002)(54356999)(102836003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0027; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-ms-traffictypediagnostic: DM2PR21MB0027:
x-ms-office365-filtering-correlation-id: 57fbea4f-41f1-4cd1-7f20-08d4a219e541
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:DM2PR21MB0027;
x-microsoft-antispam-prvs: <DM2PR21MB002723E5D4DA002FC5A836098CF90@DM2PR21MB0027.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700043)(100105000095)(100000701043)(100105300095)(100000702043)(100105100095)(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703043)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123564025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(100000704043)(100105200095)(100000705043)(100105500095); SRVR:DM2PR21MB0027; BCL:0; PCL:0; RULEID:(100000800043)(100110000095)(100000801043)(100110300095)(100000802043)(100110100095)(100000803043)(100110400095)(100000804043)(100110200095)(100000805039)(100110500095); SRVR:DM2PR21MB0027;
x-forefront-prvs: 0316567485
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2017 20:25:46.7895 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0027
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J0CvUhXhasfP8SAeuExYw_KEGY4>
Subject: Re: [TLS] Comments on EndOfEarlyData
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2017 20:25:52 -0000

Yes, it is my plan to make 0-RTT data opt-in only in the Windows TLS stack, with a clear distinction in the API.
It is possible, however, that certain middleware components above the TLS stack might choose to blur this distinction (which would be bad design, in my opinion).

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Salz, Rich
Sent: Tuesday, May 23, 2017 11:48 AM
To: Markulf Kohlweiss <markulf@microsoft.com>om>; Kaduk, Ben <bkaduk@akamai.com>om>; tls@ietf.org
Cc: Antoine Delignat-Lavaud <antdl@microsoft.com>om>; Samin Ishtiaq <Samin.Ishtiaq@microsoft.com>om>; Britta Hale <britta.hale@item.ntnu.no>
Subject: Re: [TLS] Comments on EndOfEarlyData

> Given that 0-RTT and 1-RTT guarantees are very different, it seem important to distinguish the two streams and model them separately.

Cool; is SChannel going to do that?

OpenSSL does.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cdd3c1a8132a34d29c46908d4a20c5706%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636311621300870812&sdata=MXINz0jr8SWWW9GWOt3Ayrojidu3RdiK%2FkBffEZZ0Eo%3D&reserved=0