Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated handshake (session resumption)
Simon Bernard <contact@simonbernard.eu> Fri, 19 October 2018 14:20 UTC
Return-Path: <contact@simonbernard.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA5FE130F03 for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 07:20:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPie2Zv_NwR7 for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 07:20:46 -0700 (PDT)
Received: from 4.mo173.mail-out.ovh.net (4.mo173.mail-out.ovh.net [46.105.34.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDACE130EFB for <tls@ietf.org>; Fri, 19 Oct 2018 07:20:45 -0700 (PDT)
Received: from player159.ha.ovh.net (unknown [10.109.146.86]) by mo173.mail-out.ovh.net (Postfix) with ESMTP id AEF5BDCAEF for <tls@ietf.org>; Fri, 19 Oct 2018 16:20:43 +0200 (CEST)
Received: from [192.168.0.11] (rng31-1-88-168-248-146.fbx.proxad.net [88.168.248.146]) (Authenticated sender: contact@simonbernard.eu) by player159.ha.ovh.net (Postfix) with ESMTPSA id E99844800AC; Fri, 19 Oct 2018 16:20:41 +0200 (CEST)
To: Eric Rescorla <ekr@rtfm.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
References: <6bab54cd-e903-ac3e-a186-077458a2d652@simonbernard.eu> <CABcZeBP3U43xy8z7GryVLsioJ4Du+32ajSUQrOxAjqySHTQP3Q@mail.gmail.com>
From: Simon Bernard <contact@simonbernard.eu>
Message-ID: <f89bf2b4-147d-eed1-603e-fce4dd616092@simonbernard.eu>
Date: Fri, 19 Oct 2018 16:20:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBP3U43xy8z7GryVLsioJ4Du+32ajSUQrOxAjqySHTQP3Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------97AE8088B8CBF4796EAED926"
Content-Language: en-US
X-Ovh-Tracer-Id: 16733968840664168689
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrfeeigdejlecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZW_FY_Vncumv3WwZLd7jD5lPhJE>
Subject: Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated handshake (session resumption)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 14:20:49 -0000
Thx Ekr. Here is a discussion about our concerns : https://github.com/eclipse/californium/pull/751 Le 16/10/2018 à 22:18, Eric Rescorla a écrit : > Hi Simon, > > I don't think we specified a concrete recommendation, but I think the > answer is probably no. The reason is that: > > (a) a resumed handshake is very cheap, so it's not really saving CPU > (b) the server's first flight is small in resumption, so amplification > isn't much of an issue. > > Maybe I'm missing something though. > > -Ekr > > > > > On Wed, Oct 3, 2018 at 7:05 AM Simon Bernard <contact@simonbernard.eu > <mailto:contact@simonbernard.eu>> wrote: > > Hi, > > In DTLS 1.2 over UDP, I would like to know what is the > recommendation about using HELLO_VERIFY_REQUEST during an abbreviated > handshake. > > Should we send it all the time ? or could we avoid to send it if > SESSION ID is known ? > > Thx, > > > Simon > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] HELLO_VERIFY_REQUEST during abbreviated han… Simon Bernard
- Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated… Eric Rescorla
- Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated… Simon Bernard