Re: [TLS] ALPN concerns
Geoffrey Keating <geoffk@geoffk.org> Wed, 06 November 2013 02:33 UTC
Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAB021F9D94 for <tls@ietfa.amsl.com>; Tue, 5 Nov 2013 18:33:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.359
X-Spam-Level:
X-Spam-Status: No, score=-1.359 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2u3h5SydSBQ for <tls@ietfa.amsl.com>; Tue, 5 Nov 2013 18:32:57 -0800 (PST)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.105.14]) by ietfa.amsl.com (Postfix) with ESMTP id E35A421F9D3E for <tls@ietf.org>; Tue, 5 Nov 2013 18:32:57 -0800 (PST)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 9737433D115; Wed, 6 Nov 2013 02:32:57 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: Martin Thomson <martin.thomson@gmail.com>
References: <CAFewVt7-+e-e82LA3iPWOuoudRqCCk23uyf0w5+aXSFsAv64GA@mail.gmail.com> <CABkgnnXgUo_g-w=kefQUnFWLtcfdTByCWtSaxJHvLx-gtzZP_A@mail.gmail.com>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Tue, 05 Nov 2013 18:32:57 -0800
In-Reply-To: <CABkgnnXgUo_g-w=kefQUnFWLtcfdTByCWtSaxJHvLx-gtzZP_A@mail.gmail.com>
Message-ID: <m27gcm1cpy.fsf@localhost.localdomain>
Lines: 33
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] ALPN concerns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 02:33:03 -0000
Martin Thomson <martin.thomson@gmail.com> writes: > On 5 November 2013 14:21, Brian Smith <brian@briansmith.org> wrote: > > I am > > very concerned about the issues that they've run into where many web > > servers are failing to handshake when the ClientHello message is > > larger than 255 bytes. > > I can understand the need to avoid the ceiling in the short term, no > question. But how much headroom is there? > > Having some specific numbers would definitely help inform the > discussion. Clearly, including SNI with a maximum-length hostname is > going to blow this limit, so the question is where we think the line > needs to be drawn. To give an idea: A TLS 1.2 ClientHello which lists all the authenticated ciphersuites currently defined (no anonymous), EC curves and formats, and signature algorithms, but no SNI, is 528 bytes. So you can already be way over 255 bytes just with things already defined. The TLS 1.2 Safari ClientHello in OS X 10.9 when connecting to ssl.apple.com is 180 bytes, and that has SNI but no NPN or similar, and a limited number of elliptic curves. I think the Safari ClientHello is close to the minimum you would want; that is, if your ClientHello is much shorter, you're probably missing something more important than ALPN. I would suggest allowing 30 bytes for longer domain names. So there's maybe 45 bytes to split between ALPN, TLS 1.4, AEAD ciphers, new elliptic curves, and any other feature that might be implemented in future.
- Re: [TLS] ALPN concerns Nico Williams
- [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Martin Thomson
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Geoffrey Keating
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Peter Gutmann
- Re: [TLS] ALPN concerns John Mattsson
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Xiaoyong Wu
- Re: [TLS] ALPN concerns Adam Langley
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Dr Stephen Henson
- Re: [TLS] ALPN concerns Yutaka OIWA
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Dr Stephen Henson
- Re: [TLS] ALPN concerns Adam Langley
- Re: [TLS] ALPN concerns Mark Nottingham
- Re: [TLS] ALPN concerns Wan-Teh Chang
- Re: [TLS] ALPN concerns Wan-Teh Chang
- Re: [TLS] ALPN concerns Xiaoyong Wu
- Re: [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Nikos Mavrogiannopoulos
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Pascal Urien