Re: [TLS] Draft 18 review : Hello Retry Request and supported groups cache
Olivier Levillain <olivier.levillain@ssi.gouv.fr> Wed, 23 November 2016 08:19 UTC
Return-Path: <olivier.levillain@ssi.gouv.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D14F129617 for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:19:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.398
X-Spam-Level:
X-Spam-Status: No, score=-3.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpKPO0XPgkMv for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:19:47 -0800 (PST)
Received: from smtp.ssi.gouv.fr (smtp.ssi.gouv.fr [86.65.182.16]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3DF3129629 for <tls@ietf.org>; Wed, 23 Nov 2016 00:19:47 -0800 (PST)
Received: from smtp-switch.internet.local (smtp-switch [192.168.3.9]) by smtp.ssi.gouv.fr (Postfix) with ESMTP id 69BB790B8D4; Wed, 23 Nov 2016 09:19:46 +0100 (CET)
To: Eric Rescorla <ekr@rtfm.com>, Steven Valdez <svaldez@chromium.org>
References: <20161122190344.GC19978@neoplankton.picty.org> <CANduzxB1+Vw8-uWfbmGauCiK6OMZxO5VogV7e-oB0Ms5uHst8A@mail.gmail.com> <CABcZeBMqBCo9Bc7LXaRTTN0bOhXqku0txLFor+zQ3Zg-7C=E3g@mail.gmail.com>
From: Olivier Levillain <olivier.levillain@ssi.gouv.fr>
Message-ID: <58355120.5030800@ssi.gouv.fr>
Date: Wed, 23 Nov 2016 09:19:44 +0100
User-Agent:
MIME-Version: 1.0
In-Reply-To: <CABcZeBMqBCo9Bc7LXaRTTN0bOhXqku0txLFor+zQ3Zg-7C=E3g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MGFwq1MI4iU7NdN0EG18FsFsoG4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Draft 18 review : Hello Retry Request and supported groups cache
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 08:19:49 -0000
Hi, >> Being able to send supported_groups does allow a server to choose to make >> a tradeoff between an extra round trip on the current connection and its >> own group preferences. One example where a server might want to do this is >> where it believes that X25519 is likely a more future-proof group and would >> prefer that, but still believes the client's choice of P256 is suitable for >> this connection. Always requiring an extra round trip might end up being >> expensive depending on the situation so some servers might prefer to avoid >> sending an HRR for a slightly more preferred group. >> >> I think that requiring the client to maintain state from the >> supported_groups puts undue requirements on the client, since not all >> clients keep state between connections, and those that do usually only keep >> session state for resumption. >> > This matches my view as well. > > I agree that the client should not be require to keep state. I do not > believe that the draft requires this, but if someone thinks otherwise, > please send a PR to fix. > There were actually two points in my message: - I was not convinced by this way of signalling a preference without enforcing it, but I understand that, if we keep supported_groups, it does not cost much and the client can safely ignore the server sent extension; - however, I found strange that the specification stated that the client could update its view when seeing this extension, but that it was not stated in the case of an HRR where updating its views of the servers' preference would clearly be useful for the future. I only proposed to add the same text "The client MAY update its view of the server's preference when receiving an HRR, to avoid the extra round trip in future encounters". olivier
- [TLS] Draft 18 review : Hello Retry Request and s… Olivier Levillain
- Re: [TLS] Draft 18 review : Hello Retry Request a… Steven Valdez
- Re: [TLS] Draft 18 review : Hello Retry Request a… Eric Rescorla
- Re: [TLS] Draft 18 review : Hello Retry Request a… Olivier Levillain
- Re: [TLS] Draft 18 review : Hello Retry Request a… Eric Rescorla
- Re: [TLS] Draft 18 review : Hello Retry Request a… Olivier Levillain
- Re: [TLS] Draft 18 review : Hello Retry Request a… Eric Rescorla