[TLS] Fwd: I-D Action:draft-bmoeller-tls-falsestart-00.txt

Bodo Moeller <bmoeller@acm.org> Wed, 02 June 2010 08:16 UTC

Return-Path: <SRS0=DDX5=NK=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 547C628C155 for <tls@core3.amsl.com>; Wed, 2 Jun 2010 01:16:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.648
X-Spam-Status: No, score=-99.648 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id kVV4oNixSWpW for <tls@core3.amsl.com>; Wed, 2 Jun 2010 01:16:12 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de []) by core3.amsl.com (Postfix) with ESMTP id D9E763A6A57 for <tls@ietf.org>; Wed, 2 Jun 2010 01:15:50 -0700 (PDT)
Received: from [] ([]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0LxKk2-1PPbRN2JBK-016Hyf; Wed, 02 Jun 2010 10:15:36 +0200
Message-Id: <2728902C-B235-4AAB-8EAE-19D673A38CB6@acm.org>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org Working Group" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=Apple-Mail-1-806590632
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 2 Jun 2010 10:15:33 +0200
References: <AANLkTik3ZhyzI7-Re8FjNtC5xpH-aDplSyzcmgWoDgNd@mail.gmail.com>
X-Mailer: Apple Mail (2.936)
X-Provags-ID: V01U2FsdGVkX19FLSIVdM+Xpf6pRZzHfH+b+ionEGOWoXh0Nn6 yfQD0yeHqesk0GrfqxDI6GilgfLQZRcVaX8gIRy+EarB5SX1ve SWM5VenqPyxNCKwpkqPXA==
Cc: Nagendra Modadugu <nagendra@cs.stanford.edu>
Subject: [TLS] Fwd: I-D Action:draft-bmoeller-tls-falsestart-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2010 08:16:40 -0000

A downside of deploying TLS is the latency penalty due to the TLS  
handshake: when starting a new session, HTTPS needs two additional  
round-trip times compared with unencrypted HTTP.  This document shows  
that it's easy to do better than that, just by changing the client's  
protocol implementation -- no change to server code is required to  
speed up full handshakes.

(Similarly, a server-only change can speed up abbreviated handshakes  
for application protocols in which, unlike HTTP, the server sends data  

An example implementation for OpenSSL is available as  
handshake_cutthrough.patch at http://bazaar.launchpad.net/~nagendra/openssl-patches/trunk/files 


> A New Internet-Draft is available from the on-line Internet-Drafts  
> directories.
> 	Title           : Transport Layer Security (TLS) False Start
> 	Author(s)       : A. Langley, et al.
> 	Filename        : draft-bmoeller-tls-falsestart-00.txt
> 	Pages           : 11
> 	Date            : 2010-06-02
> This document specifies an optional behavior of TLS implementations,
> dubbed False Start.  It affects only protocol timing, not on-the-wire
> protocol data, and can be implemented unilaterally.  The TLS False
> Start feature leads to a latency reduction of one round trip for
> certain handshakes.
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-bmoeller-tls-falsestart-00.txt
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> <ftp://ftp.ietf.org/internet-drafts/draft-bmoeller-tls-falsestart-00.txt 
> >