IETF Logo Mail Archive

Re: [TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)

Dave Garrett <davemgarrett@gmail.com> Sat, 20 February 2016 01:00 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ABBF1B37BE for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 17:00:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1b20vyII3v0J for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 17:00:33 -0800 (PST)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 056021B37B7 for <tls@ietf.org>; Fri, 19 Feb 2016 17:00:33 -0800 (PST)
Received: by mail-yw0-x234.google.com with SMTP id u200so80858951ywf.0 for <tls@ietf.org>; Fri, 19 Feb 2016 17:00:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=6CrGRzCl3Aqv6T2QEKj24gQn5qTHx6G73uo0Bo2pSDM=; b=XW0vUlQARUeorzLV3YtimvVnj9pW5QygxKmA6bU8vh2Jg6PSesFVZRG61rKgGnzjUm nvnJNMrVZQlbOZTKqDmXWb+1m2vszc808bx3pc/xgs042SmgFd0VhMrULaWPq8sKoxyU ZKo5vifVZd/tvAUjlmCV//BPpiaPOc4CxZhJ/rc8VDdiIH/JoXcvfUwnfOm+FX1IhjBG ECWvS5eiUdUwpRuc6BMk0KqyR0/rJPimgFUkzY45CSJp+V0rVQTAgRP3GmfKYcsz9igm rQjJxK9HpMoOFqBbEe0MFP8XsnV6VwbzWksQhyXalHWU3fjFnemEDcMLcSOLf1EM9Fj7 tLZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=6CrGRzCl3Aqv6T2QEKj24gQn5qTHx6G73uo0Bo2pSDM=; b=i7YzkI0Ixa4amA881Nx8PIAzf3e7cxDkW2sk4f/JoSimcMDxn/uLrlC4ooBM9pXSpo Ms0Y1REIERO/Hpa76ZKIh7JNiDlNZ3psnkmxZgMblnmQPdpsQjFjFQea/bVI49i4SFVK PwRKCI+9U3F8uzDmO4z8GKE/dpt0A8EcoWyEW+5DNsjZrNZGSSzaFfJfMwwI2NrmdSrM SflcyY/Oc3/TwqnkkOHXeJNeEe8IDNhjyznt008GGPlunSkhjHOF2+O2jhDekab434PZ 16Pdx7W+EBJdoUJK0st+rUgIqtIi5355xN6FI43Be2x8d6Jev1tZ6qUY/Yu7FeHnOwOR 3eAw==
X-Gm-Message-State: AG10YOQTiHj4lFrcwjD4Mpl4ogPnMKc8j4/tJVp6s1oBiQKjrX4mvZ95Q9O595iB3u0Cvw==
X-Received: by 10.13.246.5 with SMTP id g5mr8616401ywf.118.1455930032428; Fri, 19 Feb 2016 17:00:32 -0800 (PST)
Received: from dave-laptop.localnet (pool-71-175-20-227.phlapa.fios.verizon.net. [71.175.20.227]) by smtp.gmail.com with ESMTPSA id z7sm10704533ywf.7.2016.02.19.17.00.23 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 19 Feb 2016 17:00:24 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 19 Feb 2016 20:00:22 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com> <201602191938.31574.davemgarrett@gmail.com> <CABkgnnVd2iRGAJh9fshTP5B6BGeaXynF3xGUO7zA95AmmUwxGQ@mail.gmail.com>
In-Reply-To: <CABkgnnVd2iRGAJh9fshTP5B6BGeaXynF3xGUO7zA95AmmUwxGQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201602192000.23101.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ymr4HXqUeItU1yc9N4HfiGvgkO8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Mass 0RTT of subresources with no prior knowledge (was Re: Do we actually need semi-static DHE-based 0-RTT?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2016 01:00:34 -0000

On Friday, February 19, 2016 07:47:31 pm Martin Thomson wrote:
> This really only helps on the first connection attempt.  Browsers
> already pre-warm connections to subresource hosts.

The first connect is important, as are new connections after a cache clear (think also, private browsing modes).

Providing this capability to TLS 1.3 clients (likely also requiring HTTP/2) would allow for browsers to explicitly have a way to do this, rather than speculatively "pre-warm" connections.

Additionally, servers could push a cached config for links on pages if they wanted to. Servers supporting this could effectively chain together to give 0RTT for virtually all normal user connections. Clients would not have to open connections to arbitrary link destinations in order to optimize away this 1RTT. (yes, there's the TCP 1RTT too, but that's a separate issue)


Dave

v2.23.0 | Report a Bug | By Email