Re: [TLS] Proposed text for removing renegotiation
Martin Thomson <martin.thomson@gmail.com> Wed, 11 June 2014 20:01 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C09B1A0273 for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 13:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UwDB5WaoWCGE for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 13:01:43 -0700 (PDT)
Received: from mail-we0-x22f.google.com (mail-we0-x22f.google.com [IPv6:2a00:1450:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B1A91A026D for <tls@ietf.org>; Wed, 11 Jun 2014 13:01:43 -0700 (PDT)
Received: by mail-we0-f175.google.com with SMTP id p10so254104wes.20 for <tls@ietf.org>; Wed, 11 Jun 2014 13:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Axbg98c9q6+cSOS5msl3wohVIpSdTm1gaBTn82b9C4Q=; b=dbXDQDuQxychF9YslWHHUDJz/tZYAPYEeLwQfSrTJjPEYZSrQ90wRkfIGtWKxWLMrU nUoR6xl2Co2RNjrVnKsh1s1elTtDeS1rrilrNQFsJdMQUXf2HkOGAxmMO1Z8r+ilUxKK 3NUapTg0SLL98QOVQTDXxwY2cVVBo6u3DsnDb7V8PpdaGDYZ8e5FHFOdn0PU+CfBcEUC F+mhuGuialKVImIkYLGc/K4SmZ5zH089o2m7vqG6NDX01kEnG2bLX/Z5yN7l6lFunQlt 057NV3h5LAog5bnam3xfFA33dkuMrVC7cHDCYPvEs/nlAyfbYxcVkHsjCTtbwgqtZy6V +8mQ==
MIME-Version: 1.0
X-Received: by 10.180.19.233 with SMTP id i9mr144652wie.38.1402516901772; Wed, 11 Jun 2014 13:01:41 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Wed, 11 Jun 2014 13:01:41 -0700 (PDT)
In-Reply-To: <319344a622ba450aa60d454fd9f97135@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <fab4976db86243c5a02039866e3be457@BL2PR03MB419.namprd03.prod.outlook.com> <CABkgnnWn8YTZvh3=caLmpQtT+tUWJmx20J3cPrQJEObRQK4UiA@mail.gmail.com> <319344a622ba450aa60d454fd9f97135@BL2PR03MB419.namprd03.prod.outlook.com>
Date: Wed, 11 Jun 2014 13:01:41 -0700
Message-ID: <CABkgnnXOa7cyTK2pHSoPjGhjHaWTdZQ_PnwM3F=2vPEXCdFpyw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PNA1GxH6Sa1Q7W1-FbGLqMIJQCI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 20:01:45 -0000
To establish a bit more context here: the consensus in HTTPbis is to provide a mechanism whereby servers are able to downgrade to HTTP/1.1 for the purposes of corner cases that are only properly supported by HTTP/1.1. Aside from some interesting legacy scenarios, client authentication was considered a major reason for this feature. We decided not to adopt something like the -cant draft at the current time, since the more generic capability was also needed. On 11 June 2014 12:37, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > 1. An existing HTTP/1.1 server cannot take advantage of TLS 1.3 if TLS client auth is required. This is because an existing HTTP/1.1 server is not aware of httpbis-cant. Correct. That makes something like -cant a prerequisite of an upgrade to TLS 1.3 for those servers. > 2. An HTTP/2 server requires an updated TLS stack with tls-care support in order to perform TLS client auth. This is because HTTP/2 prohibits renegotiation. This can be worked around. In fact, the proposed text permits renegotiation in TLS 1.2 (there is no "earlier" here because we prohibit the use of earlier versions) prior to starting HTTP/2: https://github.com/http2/http2-spec/pull/514/files#diff-8894168382f6487e5e38c4306e613a88R3430 (This isn't in the main spec due to a dependency issue, that text captures the established consensus from the most recent interim meeting.) > 3. Even with the updated TLS stack in place, an HTTP/2 server cannot negotiate TLS 1.2 and earlier if TLS client auth is required. This is because TLS 1.2 and earlier would send the client cert in the clear, which is bad for client privacy. See above workaround. The cost there is an additional round trip (if you do false start, that is, it's a lot more without). > 4. Without renegotiation, TLS client auth requires additional round-trips to establish a new TCP connection. Correct.
- [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Geoffrey Keating
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation Brian Sniffen
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Paul Hoffman
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Steve Checkoway
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net