Re: [TLS] 0RTT?
Watson Ladd <watsonbladd@gmail.com> Tue, 05 August 2014 01:52 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECB61A0AE2 for <tls@ietfa.amsl.com>; Mon, 4 Aug 2014 18:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DgD-P_rMW-o for <tls@ietfa.amsl.com>; Mon, 4 Aug 2014 18:52:31 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E72D21A0AD9 for <tls@ietf.org>; Mon, 4 Aug 2014 18:52:30 -0700 (PDT)
Received: by mail-yk0-f176.google.com with SMTP id 19so190937ykq.35 for <tls@ietf.org>; Mon, 04 Aug 2014 18:52:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=I+nPrODDyjUPmBkWaHJHePb/bAP3EN0pc0EhXogQeXg=; b=IkhyVmhMKxHNF/vbt3BWP/9Qqs8AW0oU7w51JRghXFbvHPKJtf7ozROFPSypqwey6A Jpm83hIrBXB8BE77ArCpk1AuYz0ZDiCh7UW/4wA/wKQKJbpPVnXw+jYXRo/h+Efyc35G dYRWwn3jpuGuaYrfgT2Tci3LhXwvcGKol1V9rMzUPhXbHm4jQV1M1oAr2l7M67vVs9pP DcmrXBUYfN2e4O+bWi8VndTV249hEA0az/e++ze8/3B0qpp6kpTgX5ZKqP80EDrDvgBJ TYyCHUcAYGHKWP5fenvK1Tr2XkHwd9ctRgp4hgiAvvXFiITY/dCVAQc8rR2EKW1R4Z2M D76Q==
MIME-Version: 1.0
X-Received: by 10.236.35.198 with SMTP id u46mr954836yha.54.1407203550292; Mon, 04 Aug 2014 18:52:30 -0700 (PDT)
Received: by 10.170.202.8 with HTTP; Mon, 4 Aug 2014 18:52:30 -0700 (PDT)
In-Reply-To: <20140804210102.706EA1ADEE@ld9781.wdf.sap.corp>
References: <CACsn0c=wUvV1M0kZ2y6OcC_UPoRtBRz1Nh_zb_sLYamozoPrpw@mail.gmail.com> <20140804210102.706EA1ADEE@ld9781.wdf.sap.corp>
Date: Mon, 04 Aug 2014 18:52:30 -0700
Message-ID: <CACsn0c==j7j+e8MPXvrOz816y=SQjxSDoDhWjoaY3V8bLofQHA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "mrex@sap.com" <mrex@sap.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/WQOasVbPOJmirBiunlTitzyWk88
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0RTT?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 01:52:32 -0000
On Mon, Aug 4, 2014 at 2:01 PM, Martin Rex <mrex@sap.com> wrote: > Watson Ladd wrote: >> >> I think I came up with a decent idea for handling 0RTT handshakes, >> namely making resumption 0RTT, and doing a side rekeying. > > > These idea(s) seem to based on a number of extremely optimistic > assumptions that have zero chance to get airborne in many usage > scenarios. > > The "regular" TLS session resumption means that client announces > a TLS session ID in ClientHello and server looks up that session ID > in its own cache for a match. If there is no match, a regular > TLS full handshake proceeds. > > 0RTT is a no-go for a huge number of existing apps which do not > perform any fancy reconnect fallbacks at the application level > (closing the previous connection, opening a new connection and > starting a new handshake from scratch while requesting different > handshake characteristics this time). For the general case > a 1RTT resumption is required, which can successfully perform > a full handshake in case that resumption is not possible, > without having to go through a connection/handshake failure. I think we can handle this by thinking about fallback options more carefully. Certainly a resend can be done at the implementation level with the new handshake: this will cost latency, but it can be done. Sincerely, Watson Ladd
- [TLS] 0RTT? Watson Ladd
- Re: [TLS] 0RTT? Karthikeyan Bhargavan
- Re: [TLS] 0RTT? Watson Ladd
- Re: [TLS] 0RTT? Martin Thomson
- Re: [TLS] 0RTT? Watson Ladd
- Re: [TLS] 0RTT? Eric Rescorla
- Re: [TLS] 0RTT? Eric Rescorla
- Re: [TLS] 0RTT? Martin Thomson
- Re: [TLS] 0RTT? Martin Rex
- Re: [TLS] 0RTT? Watson Ladd
- Re: [TLS] 0RTT? Martin Rex