IETF Logo Mail Archive

Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt

Juho Vähä-Herttua <juhovh@iki.fi> Mon, 14 June 2010 08:23 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 402C63A6881 for <tls@core3.amsl.com>; Mon, 14 Jun 2010 01:23:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.699
X-Spam-Level:
X-Spam-Status: No, score=-3.699 tagged_above=-999 required=5 tests=[BAYES_50=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFxp1ZAj7luo for <tls@core3.amsl.com>; Mon, 14 Jun 2010 01:23:52 -0700 (PDT)
Received: from smtp-2.hut.fi (smtp-2.hut.fi [130.233.228.92]) by core3.amsl.com (Postfix) with ESMTP id E6BB23A6887 for <tls@ietf.org>; Mon, 14 Jun 2010 01:23:51 -0700 (PDT)
Received: from localhost (katosiko.hut.fi [130.233.228.115]) by smtp-2.hut.fi (8.13.6/8.12.10) with ESMTP id o5E8NgsQ003265; Mon, 14 Jun 2010 11:23:42 +0300
Received: from smtp-2.hut.fi ([130.233.228.92]) by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024) with LMTP id 16724-1865; Mon, 14 Jun 2010 11:23:42 +0300 (EEST)
Received: from [130.233.194.236] (tko-add-236.cs.hut.fi [130.233.194.236]) by smtp-2.hut.fi (8.13.6/8.12.10) with ESMTP id o5E8NYqe003243; Mon, 14 Jun 2010 11:23:38 +0300
Message-ID: <4C15E704.3050805@iki.fi>
Date: Mon, 14 Jun 2010 11:23:32 +0300
From: Juho Vähä-Herttua <juhovh@iki.fi>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; fi; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
References: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz> <4C149556.7040008@gnutls.org> <03826B11-ABC0-4F5B-A636-A07DECDF428C@iki.fi> <AANLkTimYxYX8KqZ09bC-aglGU6D6W3JGH4gSlpmP4QCG@mail.gmail.com>
In-Reply-To: <AANLkTimYxYX8KqZ09bC-aglGU6D6W3JGH4gSlpmP4QCG@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 08:23:53 -0000

14.6.2010 10:46, Nikos Mavrogiannopoulos kirjoitti:
> I don't understand your point. Implementations that want to support
> could support it (i.e. when implementing for a high bandwidth tunnel),
> and others can use the 16kb limit. Being able not to use it is an
> advantage not a limitation.
>    

Of course, and I also find it strange that 2^13 is left out from the 
specification, since it's less than 2^14. I'm mainly questioning if 
raising it to 2^15 is much help (it's just 16kB vs 32kB there). In 
practice you can't raise it to 2^16 because of the IV, padding and MACs, 
and defining numbers between 2^15 and 2^16 feels a bit ugly as well and 
might require fixing later if there's more additional payload defined 
that wasn't known during the specification. All implementations can work 
around these naturally, but from specification point of view things that 
might have to be removed later shouldn't be added. Maybe adding 32kB and 
48kB would be a nice middle ground, but it would be nice to have some 
proof of the benefits and performance improvement.

> Then it shouldn't negotiate it. Isn't it obvious? The extension is for
> applications that require more bandwidth and are not running on 8 or
> 16 bit cpus. This is an extension you use it when you need it, not
> when you don't.
>    

Well, the extension specification itself says it's for applications that 
have memory and bandwidth limitations. With the modification of 
accepting values larger than 2^14 it could be modified to also work on 
applications that require more bandwidth, which is your point I guess.

> The save is not on data sent but on processing speed. Decryption and
> encryption today is done in hardware (several embedded systems have a
> crypto coprocessor) so the bottleneck is on processing those
> fragments. The larger they are the less they are processed, the higher
> the bandwidth. (check what happens to ATM today with the fixed 53 byte
> payload, everybody tries to do reassembly in hardware otherwise the
> performance is poor. 16kb is not 53 bytes but it's close :)
>    

I don't deny this, larger chunks of data are always easier to process, 
especially if the process can be done in parallel. One of the biggest 
bottlenecks in TLS decryption performance I can see, is the stream and 
CBC block ciphers requiring decryption before the MAC calculation can be 
initiated. Therefore, if the decryption and encryption performance is 
really important, I'd rather concentrate on getting the AES-GCM and 
AES-CCM ciphers into wider use in TLS. After that the benefits of having 
a larger record fragment length can be discussed, since these ciphers 
are probably the ones benefiting from it the most. The authenticating 
ciphers might be hard to get into mainstream use before the stable 
versions of free software implementations catch up and start to support 
them as well, though.


Juho

v2.23.0 | Report a Bug | By Email