Re: [TLS] Potential New Handshake Flows for TLS 1.3
Nikos Mavrogiannopoulos <nmav@gnutls.org> Wed, 06 November 2013 09:29 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4BBD11E8194 for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 01:29:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id stwQw51wd4r8 for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 01:29:06 -0800 (PST)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) by ietfa.amsl.com (Postfix) with ESMTP id EE27A11E819A for <tls@ietf.org>; Wed, 6 Nov 2013 01:29:00 -0800 (PST)
Received: by mail-lb0-f180.google.com with SMTP id y6so7592546lbh.11 for <tls@ietf.org>; Wed, 06 Nov 2013 01:28:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=rNkPE8E9SpLOXwOkhcebpgDHjm18VOx/zFsy8iF+YGY=; b=lFOD0ffp4JqahQArfdlkZsqLyT/u8U8zzXi1TBWl47pvBEXbfgkPy1oyRqG7DbHNEk pnGX7lhQ3eA1LsElkeascc4JhTPFqo7YIbfRf7RLY9apzrIF8KtAJeXMqzUDR1VxIIof Xzoz334mCpssY1EYP8G/4BqaFYhvyqBkt9PV+6poYyt2wS0phHQINnTHJrVa3/V4+GKT W93MmAUDlSTOZF6/zB+3tyDuWHTCDSdu1UVtSJNyEKlwmZPjrC+Rp8ZMYv/eW7oT1RAt 26SDMblkq4DL0vWLBz6LAsSb33dTohkD29whyoqSHJdugDyeOJU7P3atv4dkJJPQX6pY eMXA==
MIME-Version: 1.0
X-Received: by 10.112.205.34 with SMTP id ld2mr1880073lbc.27.1383730133962; Wed, 06 Nov 2013 01:28:53 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.112.133.196 with HTTP; Wed, 6 Nov 2013 01:28:53 -0800 (PST)
In-Reply-To: <CABcZeBPcJW7juru-RsYM+_of8xTd8Nk0xRJApztcmoEh3r-EoQ@mail.gmail.com>
References: <CABcZeBPcJW7juru-RsYM+_of8xTd8Nk0xRJApztcmoEh3r-EoQ@mail.gmail.com>
Date: Wed, 06 Nov 2013 10:28:53 +0100
X-Google-Sender-Auth: FKDuRugLd91UvzvoWWP8Sv3CPVo
Message-ID: <CAJU7zaJ+qGbVzANAJpGL0Y1O_ZFH4dgXEP+AJFeuo7+sowTsQQ@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Potential New Handshake Flows for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 09:29:07 -0000
On Tue, Nov 5, 2013 at 10:08 PM, Eric Rescorla <ekr@rtfm.com> wrote: > I've just submitted a document on potentially new reduced RT/more > private protocol flows for TLS 1.3. It's fairly handwavy ATM but I wanted > to err on the side of getting some of the ideas out for discussion > so we could figure out which avenues we want to pursue. This draft > borrows (steals) liberally from a bunch of prior work too numerous > to name here. I don't quite like that all the abbreviated handshakes make use of cached information. Does this really scale? I mean do we expect each client to keep a database of every host it connected? I'm afraid that if cache information are required then these handshakes will be used to connect to popular sites, and everyone else will be using the old non-cached-data depended handshake. This adds complexity as everyone would have to implement the old and the new handshakes. In fact the same effect with cached information is present with session tickets, which is even lighter and available today. Maybe instead of cached information, move the choice of the parameters to the client (and maybe give the server the option to discard them and use others at the cost of an additional RTT and a ClientKeyExchange). The handshakes in Figure 6 and 7 look quite promising (although I don't get the idea of AlmostFinished). What is its purpose? regards, Nikos
- [TLS] Potential New Handshake Flows for TLS 1.3 Eric Rescorla
- Re: [TLS] Potential New Handshake Flows for TLS 1… Michael D'Errico
- Re: [TLS] Potential New Handshake Flows for TLS 1… Watson Ladd
- Re: [TLS] Potential New Handshake Flows for TLS 1… Nico Williams
- Re: [TLS] Potential New Handshake Flows for TLS 1… Watson Ladd
- Re: [TLS] Potential New Handshake Flows for TLS 1… Nikos Mavrogiannopoulos
- Re: [TLS] Potential New Handshake Flows for TLS 1… Bill Frantz
- Re: [TLS] Potential New Handshake Flows for TLS 1… Salz, Rich