Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 02 February 2020 11:52 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68EDB1200C1 for <tls@ietfa.amsl.com>; Sun, 2 Feb 2020 03:52:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBUm-n1tVDnb for <tls@ietfa.amsl.com>; Sun, 2 Feb 2020 03:52:05 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2928120045 for <tls@ietf.org>; Sun, 2 Feb 2020 03:52:03 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 2FD973883E; Sun, 2 Feb 2020 06:52:03 -0500 (EST)
Date: Sun, 2 Feb 2020 06:52:03 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20200202115203.GK49778@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <9e4ada20-680e-6fa7-f8bb-e94c26440d82@cs.tcd.ie> <9A5EE7C8-360D-49C0-92F8-274FE1A94249@apple.com> <20200202013016.GH49778@straasha.imrryr.org> <CACsn0cnaUZHqo8L_qjvqE2bt-JU28QqG7S8m4xMwdK5CXyDHzw@mail.gmail.com> <20200202035848.GJ49778@straasha.imrryr.org> <CACsn0cn9pfUCuMeTASFkasogPPGU63jSmi=3BDdiMS=zgUY14Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACsn0cn9pfUCuMeTASFkasogPPGU63jSmi=3BDdiMS=zgUY14Q@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XKadcFvl89il2Nz70miMVfvnYKk>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 11:52:06 -0000

On Sat, Feb 01, 2020 at 08:05:28PM -0800, Watson Ladd wrote:

> > Sorry, no idea what that above means.  And is it simpler than the
> > proposal under discussion (which got some fine-tuning in early
> > feedback)?
> 
> So one proposal in above is we treat 0 tickets as "ensure I have a valid
> ticket, either this one or a new one" and all other numbers are straight
> asks for that many tickets.

This is indeed simpler, but it removes the ability to ask for zero
tickets, which I think was one of the intended use-cases (that's what
the 255 is for).

> The other proposal is N means "ensure I have N valid tickets, including the
> one I used on this connection". I find both cleaner then the 0 and 255 swap.

The problem here is now reuse is implicit, and the only way for a client
to ensure that it gets a fresh ticket, is by asking for 2.

So I now see where you're coming from, and it was worth a try at
simplification, but I don't think it works out.  The reasons for
two sentinels is that in fact are three separate cases.

    1.  Client wants no tickets
    2.  Client wants to try to reuse an existing ticket
    3.  Client wants n > 0 fresh tickets.

I don't see how to handle 1 and 2 cleanly without two sentinels.

-- 
    Viktor.