Re: [TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)
Martin Thomson <martin.thomson@gmail.com> Sat, 20 February 2016 00:47 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68F11B2A78 for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 16:47:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mNz_o9X5zkEw for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 16:47:32 -0800 (PST)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21B431B2CE6 for <tls@ietf.org>; Fri, 19 Feb 2016 16:47:31 -0800 (PST)
Received: by mail-ig0-x232.google.com with SMTP id xg9so46053682igb.1 for <tls@ietf.org>; Fri, 19 Feb 2016 16:47:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-transfer-encoding; bh=6OqfS6CY73jWrFexMkXP3CpVCNue6vsgz8WVURkUI4w=; b=mZbx4bopL0fl12YwtVw3B+/7IleUoVnn3IZhe+xlH55Mzv/jqJYyiwdg6eIhbyHRXB vL9BZpffkue+OPiMsTetGnVZ/mFVqCZ2/lO144hgKEwCRIl8ud+TkULE6dOdIjQDZwzs 7Nk5A+XbAPGidnG+KLhhyZ46MsE7Y8WEB8a7gKj8n4gUTHvVwL0PEG2QxaUGLdm8f6S0 D0kl+1S9yEjFpqFpcUarnQh9+usvgGtD6FnhPCcJNZvz+tu+Kyb8Ay4FrwjGTIQvElW/ CxZ6uvczg5qkO8Sqzl+g6I7LJTfVHD2/ioURNHIXE3TaX+1qAsLjXoO2s5qSOZ0YZXpM ocAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=6OqfS6CY73jWrFexMkXP3CpVCNue6vsgz8WVURkUI4w=; b=gFtj00zMoOSuLK9acelrbejxzf+6FJHllWUUnViT6Uxa+k9xlmCpmL3FemjYDWUysO TomRLIfXIm/0iRcyKIMOdBgAA+q7xJnr4k36PBMOBaRg+Tj1rzo/O032NbzDlXyF24ct LAqEzkH6pfNciDSW4pSHSF9sR82J1WDE1B1n35j11ZRDAiWVygAU7wS+HQjgxAiGdit/ kf9+3hd5Gtwfsc31Yuk8VGWeb4RQ2xSFhjBLFRCCCTcU4gXYse+szPyqrx93UUPCeNds K+35UfQvo6JKbOqD7PJb+VZXX5yIH3Uxlfn2hkOJMw+G4R1ykQbOXLSGcyU+esjiZ07N dZOg==
X-Gm-Message-State: AG10YOTb0vCg9H80621WpSZQhwM/lr7TkCVGTQa1lRDsT/H4Y4m5wLGBb5PMxBBjNczuJHDE4AxoODxHQ6Phgg==
MIME-Version: 1.0
X-Received: by 10.50.6.104 with SMTP id z8mr656580igz.58.1455929251415; Fri, 19 Feb 2016 16:47:31 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Fri, 19 Feb 2016 16:47:31 -0800 (PST)
In-Reply-To: <201602191938.31574.davemgarrett@gmail.com>
References: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com> <201602191815.10375.davemgarrett@gmail.com> <CABcZeBOrLnSrQXEYZGdNLFD+KyoCHj=NT=RWfcP26hK6XyMbzQ@mail.gmail.com> <201602191938.31574.davemgarrett@gmail.com>
Date: Fri, 19 Feb 2016 16:47:31 -0800
Message-ID: <CABkgnnVd2iRGAJh9fshTP5B6BGeaXynF3xGUO7zA95AmmUwxGQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/NmJg_ZrRfiD7q8oih4ycCU09m2U>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2016 00:47:34 -0000
This really only helps on the first connection attempt. Browsers already pre-warm connections to subresource hosts. On 19 February 2016 at 16:38, Dave Garrett <davemgarrett@gmail.com> wrote: > I just had an idea. There is significant doubt of how useful semi-static DHE 0RTT would be due to the difficulty of distributing the configs out-of-bound. I don't dispute this; I merely dispute that no capability is better than minimal, in this realm. There is another way that they could be helpful, however. > > Take a typical HTTP page and a client with no prior knowledge. (could be applicable to other applications, but the TLS WG does have a charter to take special note of HTTP latency; subresources' lack of HTTPS often is a stated reason for a site's lack of HTTPS overall) There will be a 1RTT cost without having a pre-cached way to do 0RTT, and then after that there will be a 1RTT cost for *every* subresource on a different server. To do HTTPS for the servers of 3rd party scripts, ads, user-posted images/video embeds, etc., each of those servers will need to be connected to by the client with TLS and no prior knowledge, meaning a 1RTT cost. This could be significantly optimized by creating a new HTTP extension that allows servers to enumerate the domains on a page, cache all those domains' semi-static DHE config, and push them to each client in their first flight returning the primary resource. This would allow all subresources to be fetched by the client with a 0RTT cost, and just a sin > gle 1RTT cost for the primary resource. Servers could simply refresh their cache of their subresources' semi-static DHE configs on a daily basis. A stale config can be sent to a client and it can still fallback to 1RTT, though. Clients would not need to have any prior knowledge in order to significantly benefit from 0RTT in this scenario. TLS 1.3 would need to have some way of facilitating this scenario in order to devise a way to do this sort of thing in HTTP (or another general protocol with subresources). > > The general point I'm trying to convey here is that we can come up with ways to use this to improve latency noticeably, if given the underlying capability. We don't know how effectively it can be used until we try. > > > Dave > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Do we actually need semi-static DHE-based 0… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Bill Cox
- Re: [TLS] Do we actually need semi-static DHE-bas… Salz, Rich
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- Re: [TLS] Do we actually need semi-static DHE-bas… Dave Garrett
- Re: [TLS] Do we actually need semi-static DHE-bas… Scott Fluhrer (sfluhrer)
- Re: [TLS] Do we actually need semi-static DHE-bas… Eric Rescorla
- [TLS] Mass 0RTT of subresources with no prior kno… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Martin Thomson
- Re: [TLS] Mass 0RTT of subresources with no prior… Dave Garrett
- Re: [TLS] Mass 0RTT of subresources with no prior… Eric Rescorla
- Re: [TLS] Mass 0RTT of subresources with no prior… Ilari Liusvaara
- Re: [TLS] Do we actually need semi-static DHE-bas… Nick Sullivan