Re: [TLS] draft-ietf-tls-tls13-16

Martin Thomson <martin.thomson@gmail.com> Wed, 28 September 2016 16:08 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E6312B0FA for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 09:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYdbUOqab72k for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 09:08:16 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68AED12B1F5 for <tls@ietf.org>; Wed, 28 Sep 2016 09:08:13 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id j129so43828852qkd.1 for <tls@ietf.org>; Wed, 28 Sep 2016 09:08:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=z+fpORDfpaMUjXijxlQFrC+GUn/dtLoK975OwCF+ntU=; b=fKe/ZC7Yro/PaQXU2FAi+rddX6pV06fR4Vuctl6dDwC2RmaN3CI0akAcgzA3EfchKt nWRH4Woovs4LSKUP/t+lqyQP1nVocloNaUwqRhGwPyIZ5kIWc1U83JLCvRXvHHCK68La x6JX4NqLSV99qDxJMDbwny9VT5JJMe5G0idoVlHyH62uMu52+BHzhlBlsLfNQR1lQE0L jZOeBn3C13ae/Ivk6Gh+d7VE8G/a0O2eo9czd4cr5JsweL2m8d1L0zl5i2DB1MBnOazc HH1UKoEobvBXUoeR0MvHHvjntYTT/wGkj2fYpkKtNzDcHJFTy4Pp8TV1+e5IDlCy+2QK hJ/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=z+fpORDfpaMUjXijxlQFrC+GUn/dtLoK975OwCF+ntU=; b=etFR67Hac4+d2bHA44l/gaKpjDvnygyE6/tMVVkfsknwUQT0JYLcoPvRVf3E04eWHK 1a9PaBGB7GcBLnNWlhvBXHnw6cQNj5SpA6pQ9JskcMAGuYXzzsE124mmiV9XwoTVeEFC p1wsVFS8AOM6QZvQM8MfbhYdJ1kM+VTgS9O+Wfm/f3maRxCBFXiSGMG4UiZ2CR6Q125r VEFOZQsGz2vKCoJ/7S7W3txek6WE4ZrTNRfFV9H+RqKi9saRu8WUBIPmHlcgSl42Qm5L 875UNu3XL1PLzNjyHPWvyF5CjSUTMgg/npsndxM5FBukW2TRbEt9sW4Pgi098uibUeUy IwmQ==
X-Gm-Message-State: AA6/9RnpsboGzwCoE8P6tx8OdgbaxF4FWGN256HguCRrrxHHIxZ3N8+Gt4hBTeULSa68vHuGHny9Xu8foSkyvg==
X-Received: by 10.55.64.21 with SMTP id n21mr30717673qka.137.1475078892609; Wed, 28 Sep 2016 09:08:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.146 with HTTP; Wed, 28 Sep 2016 09:08:12 -0700 (PDT)
In-Reply-To: <660F59E7-5B9C-4E4D-B12F-EE03BAB333E4@pahtak.org>
References: <CABcZeBOJBNt90XmWAcnpUSnXF1mLx4gdqWnvBRws-o5iO3njXA@mail.gmail.com> <660F59E7-5B9C-4E4D-B12F-EE03BAB333E4@pahtak.org>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 29 Sep 2016 02:08:12 +1000
Message-ID: <CABkgnnWLJhDVSwZMS9edVijvLLJEJJDEPymX0Mk41b3=Ww4esQ@mail.gmail.com>
To: Stephen Checkoway <s@pahtak.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NGaByVI_I3rKyEX-KxifM7n2PjE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls13-16
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 16:08:19 -0000

On 29 September 2016 at 02:02, Stephen Checkoway <s@pahtak.org> wrote:
> * The only time to take the client's preference into account is if the server really has no opinion on an option--e.g., two equivalent-strength cipher suites--but the client can specify a preference for an option that requires less computation/power for it. But I'm not entirely convinced that's worth the implementation cost.

I generally agree, though we just added one small exception to NSS,
and have been discussing another for a while now:  Respecting client
preference for ChaCha over GCM makes a real difference for clients
that don't have AES-NI.