IETF Logo Mail Archive

Re: [TLS] 0.5 RTT

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 24 February 2016 01:49 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D8D41AD062 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 17:49:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.307
X-Spam-Level:
X-Spam-Status: No, score=-4.307 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fisRd3_JCW7D for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 17:49:21 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC86C1ACC85 for <tls@ietf.org>; Tue, 23 Feb 2016 17:49:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6EE14BE56; Wed, 24 Feb 2016 01:49:20 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5W7fTSzYV4I; Wed, 24 Feb 2016 01:49:19 +0000 (GMT)
Received: from [10.1.1.75] (unknown [216.9.109.44]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F3A49BE50; Wed, 24 Feb 2016 01:49:17 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1456278559; bh=4FW5WC7XfZK8/qlpxt1pNzYa0VN0zIL6fXiOe/xenMc=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=df6TlbulmAJ6L3gFTCw/dZfv0fYbL81FpsGI6oAl7UCc80mbEHO9IvwuVcUmEVNCO hbHIP10F1GyzbTYDSmzB4EO2bstosxIYTOgTznH+BmaTq2zM78qEp2wsnuP9r3BE0V XIJkVhaaLJ20Prh7S68M0skDmlRaZc70lJBntU9M=
To: Hugo Krawczyk <hugo@ee.technion.ac.il>, Martin Thomson <martin.thomson@gmail.com>
References: <CABkgnnW1LRhSA_i0nL=rDYnUwBZWg5dSys7yk6aDefYWptnpZQ@mail.gmail.com> <8FA1A0FD-B911-474F-AC08-6208A80EB980@gmail.com> <CADi0yUPOEL++R+_Nhy4NTfhzsA6UjbVbMAEiPx1Qg9+vPPHt7g@mail.gmail.com> <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com> <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com> <CABkgnnVxrpkMqdmV_JkMaEY39BZ=O07xeWcpod2fwRb3W4_sQA@mail.gmail.com> <CADi0yUN5b+CfzM-jH5xNL0dgU2u09OzmcUzV3uOwdEmP3wBr5A@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56CD0C1C.9010501@cs.tcd.ie>
Date: Wed, 24 Feb 2016 01:49:16 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CADi0yUN5b+CfzM-jH5xNL0dgU2u09OzmcUzV3uOwdEmP3wBr5A@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030503000405000609090204"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/T1QRzH7Hak9qBFPPpgUj3uMmaLg>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0.5 RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 01:49:23 -0000


On 23/02/16 22:37, Hugo Krawczyk wrote:
> 
> (In particular, if these semantics may be based on stuff that happens
> outside TLS, as Karthik and Watson were pointing out, then maybe we really
> put a "Surgeon General" warning on 0.5 data of equal size to that of 0-RTT.)

That, and/or also do a significant amount of work to consider other
application uses of TLS that aren't well represented by folks who
participate in the development of TLS1.3. And also oddities like
EAP-TLS about which I at least am mostly ignorant but where I'd bet
there's "fun" to be had with 0rtt.

And we have to do that recognising that regardless of what the RFC
says, if developers can improve performance by calling tls_send0()
and not tls_send(), they will do the former. IOW, if we are going
to define dangerous implements, (e.g., with replayable data) then
I think the onus is mostly on us to know what bad effects those
might have before we've done a good job. (We can try do that at
IETF LC, but doing so isn't common and is often messy if we end up
surprising folks.)

Cheers,
S.

v2.23.0 | Report a Bug | By Email