IETF Logo Mail Archive

Re: [TLS] Session resumption ticket reuse considered harmful

Watson Ladd <watson@cloudflare.com> Fri, 06 March 2020 00:22 UTC

Return-Path: <watson@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3C23A0F45 for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 16:22:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLk1UknNdkv2 for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 16:22:08 -0800 (PST)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1C4F3A0F3C for <tls@ietf.org>; Thu, 5 Mar 2020 16:22:08 -0800 (PST)
Received: by mail-qk1-x72b.google.com with SMTP id q18so692562qki.10 for <tls@ietf.org>; Thu, 05 Mar 2020 16:22:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CLaSfOCTTJhUn8t1XtMghOwy66cCW8EyeV5054nZZ2A=; b=SPtX2TMRIbF59siE0l7OCnHTXW9kP9GTB5NFZCgTRf+L7eYT+t/cs8oNegFpMpffe8 1g9hkODaDE4JwRy6jV5mjnSJF9yTTyeJPMRUn596A9UFQnSchBcsgRten0peG/E2GSWJ 7GYT/IsbL7xTvrSDzZ1eDf1bR/zfl1Ta0NE8Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CLaSfOCTTJhUn8t1XtMghOwy66cCW8EyeV5054nZZ2A=; b=NsklaTfFlxvF7Fuy0DvZoK9exwBv7r9+yeG4WufIk9dNPJVAk7vQcNI7fon2djz6oc 3JcJoh8p+cOhTbFNdsl4wnRcmrgJF/gsj4lB7qESpJmalE4/ajo+ZHuSfYGf/bfEOCtV ht/qPfV7Tff3pOE2ohgGJ3VlxI32Zzarig8n0Ba+BHgWnGsWkmhvrSzIBSYiQwaCmyHx sRP4NS9YwN5sQPi+RuwTC9lgnCsfouMhxJgAWNCzzIkwt/FieaP5JFMNw/1k7496QvtB OOxh3QhMiP189jVZWSuq1rFOg9h1sJDKy6SaJ5sWlIu1sTcPmKG8Vw+S1GBHCtWeOvMY Oa4w==
X-Gm-Message-State: ANhLgQ0ilDa49osVE6hT0phCOwgmfIDjMJarmaTQr3ZuruSLgtnkEUNc 7BBiwl0g+5RszB97phASARWHZKV8WHItgZmJXEMrNg==
X-Google-Smtp-Source: ADFU+vtRqzq4vjEhOwMExAp93YgFVuEASfDVh6CMlMWNWDCJ6uNiidU1+WGqmAdAQoHQ5UlbrEMdxDfER9OaxfQNxNE=
X-Received: by 2002:a37:9a8b:: with SMTP id c133mr605733qke.132.1583454127571; Thu, 05 Mar 2020 16:22:07 -0800 (PST)
MIME-Version: 1.0
References: <20200305205524.GR18021@localhost> <CAN2QdAGja9JoXsSSnmdkjHk7kNbDpEiMVkPpA6VDCfRjo9DRVw@mail.gmail.com> <20200305230821.GU18021@localhost>
In-Reply-To: <20200305230821.GU18021@localhost>
From: Watson Ladd <watson@cloudflare.com>
Date: Thu, 05 Mar 2020 16:21:56 -0800
Message-ID: <CAN2QdAH6Z=+xt3+JWuJsZtE9sjmAxE1QHt9NqjeYynjmeznJrg@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: IETF TLS <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RgIHrgqK94zbm2vxlZz2NotzykA>
Subject: Re: [TLS] Session resumption ticket reuse considered harmful
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 00:22:10 -0000

On Thu, Mar 5, 2020 at 3:08 PM Nico Williams <nico@cryptonector.com> wrote:
>
> On Thu, Mar 05, 2020 at 02:49:23PM -0800, Watson Ladd wrote:
> > On Thu, Mar 5, 2020 at 12:55 PM Nico Williams <nico@cryptonector.com> wrote:
> > > .... unless both parties agree.  It takes two to agree.
> >
> > As far as I am aware session tickets being single use isn't enforced
> > by any server right now: it's a desirable but theoretical property for
> > 0-RTT.
>
> Is that so?  Will that remain so?
>
> > My skepticism is entirely a function of this being a late breaking
> > [...]
>
> What is late breaking to you?
>
> The change was proposed during WGLC.  If before or during WGLC is too
> late, when is it not too late?  At WG work item adoption call?

It depends on the relative size of the change and the importance of
the issue. An important central issue that went completely unnoticed:
unfortunate, but completely reasonable to require addressing, e.g. "we
did an experiment and it doesn't work". A large extension of scope, or
a seemingly small one that complicates everything? That hopefully gets
brought up early enough to not massively delay everything else. That's
particularly true when it's unclear what is actually needed to serve
the desired goal.

>
> See also my post about feature matrix issues.
>
> > [...]
> > change to a relatively simple proposal, with not very much in the way
> > of quantifiable evidence to back up the concern that shared cache
> > contention is a big overhead. Is it 1%? .5? 10%? of the total time to
> > use a connection. At 10% we definitely need to do something, at .01%
> > we almost certainly don't.
>
> Right, but this is where the "Postfix architecture" issue comes in.  I'm
> having a conversation with him about this.  Viktor might be confused
> about the CoW properties of LMDB, but in any case, the wire bandwidth
> waste and server compute waste issues have nothing to do with Postfix's
> architecture/design/implementation.

Tickets are small and issuance is cheap. Where are the *hard numbers*
to back up the assertions being made that ticket reuse is an important
savings?

Sincerely,
Watson

v2.23.0 | Report a Bug | By Email