IETF Logo Mail Archive

Re: [TLS] consensus call: (not precluding ticket request evolution)

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 05 March 2020 00:42 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771833A0D51 for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 16:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UmlnyCEYODug for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 16:42:12 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1C613A0D3E for <tls@ietf.org>; Wed, 4 Mar 2020 16:42:11 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 42A771AFC25; Wed, 4 Mar 2020 19:42:11 -0500 (EST)
Date: Wed, 04 Mar 2020 19:42:11 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20200305004211.GP7977@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <4E07012F-AB53-4727-A309-D8A15222A433@sn3rd.com> <0E7E2E43-CC46-488E-981E-BF8417821D85@sn3rd.com> <499f4c6f-fa95-44ea-8c44-c985e140c4e0@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <499f4c6f-fa95-44ea-8c44-c985e140c4e0@www.fastmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VBRH3HjVp3I8rPRWnPC_yLqi-_Y>
Subject: Re: [TLS] consensus call: (not precluding ticket request evolution)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 00:42:21 -0000

On Thu, Mar 05, 2020 at 10:42:09AM +1100, Martin Thomson wrote:

> I have been somewhat convinced by the arguments about how resumption
> is different and can tolerate the complexity of the additional
> counter.  That is, endpoints can request replacement of consumed
> tickets (1 for when a connection attempt succeeds, N if they race N
> connections and only keep one; 1 + M if they want to replace M wasted
> tickets from M previous failed connection attempts).
> 
> The text about reuse in PR 18 is not good, however.  (PR 18 is also
> very wordy, but that's something I will leave to the editors of the
> draft.)

I'm open to suggested improvements, and would probably reread and
apply some polish in any case.

> I can live with a solution that has two numbers, but only on the
> understanding that 0 means "no tickets".

But not in a way that forecloses interoperability with a client that
tries to negotiate reuse via a to-be specified mechanism in a later
draft.  We can stop short of specifying/supporting/... reuse, but
deliberately precluding adding it later seems a step too far.

Which means:

    - A zero in the new_session_count really does mean no tickets,
      since then the client ends up with no tickets on an initial
      handshake.

    - However, a zero in the resumption_count can only be in scope
      when a resumption is happening, which means that in fact the
      client did present a ticket, and given a non-zero value in
      the new_session_count, a zero here can *only* mean an attempt
      to negotiate reuse.

      Given that servers presumptively do not support reuse (after
      all we're not specifying it at present) such an attempt can
      be *politely* declined by vending one ticket instead.

      Actually vending zero would in fact be what servers do when
      (perhaps some day) they do support reuse, and the client
      would conclude that the presented ticket is reusable.

> That means no text on reuse, except to discourage it.

If that's the consensus, so be it, but a resumption count of
zero does need to be treated as 1 then, otherwise we're not
just deferring a decision on reuse, but unequivocally foreclosing
any posibility of adding it later in a compatible way.

> It means implying that resumption=0 means that the client plans to
> initiate a full handshake in future rather than explicitly endorsing
> reuse.

No, that would be a tragic and deliberate roadblock, which I don't think
is merited.  The client can signal that by setting the both counters to
zero.

> As Russ mentions, we might cite the relevant sections of RFC 8446 when
> it comes to reuse, but for me that would have to be in the context of
> saying not to do that.

That's fine, if that's the consensus, but we should not sabotage the
possibility of defining reuse later in a backwards compatible manner.

-- 
    Viktor.

v2.23.0 | Report a Bug | By Email