Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated handshake (session resumption)

Simon Bernard <contact@simonbernard.eu> Fri, 19 October 2018 14:20 UTC

Return-Path: <contact@simonbernard.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA5FE130F03 for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 07:20:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPie2Zv_NwR7 for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 07:20:46 -0700 (PDT)
Received: from 4.mo173.mail-out.ovh.net (4.mo173.mail-out.ovh.net [46.105.34.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDACE130EFB for <tls@ietf.org>; Fri, 19 Oct 2018 07:20:45 -0700 (PDT)
Received: from player159.ha.ovh.net (unknown [10.109.146.86]) by mo173.mail-out.ovh.net (Postfix) with ESMTP id AEF5BDCAEF for <tls@ietf.org>; Fri, 19 Oct 2018 16:20:43 +0200 (CEST)
Received: from [192.168.0.11] (rng31-1-88-168-248-146.fbx.proxad.net [88.168.248.146]) (Authenticated sender: contact@simonbernard.eu) by player159.ha.ovh.net (Postfix) with ESMTPSA id E99844800AC; Fri, 19 Oct 2018 16:20:41 +0200 (CEST)
To: Eric Rescorla <ekr@rtfm.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
References: <6bab54cd-e903-ac3e-a186-077458a2d652@simonbernard.eu> <CABcZeBP3U43xy8z7GryVLsioJ4Du+32ajSUQrOxAjqySHTQP3Q@mail.gmail.com>
From: Simon Bernard <contact@simonbernard.eu>
Message-ID: <f89bf2b4-147d-eed1-603e-fce4dd616092@simonbernard.eu>
Date: Fri, 19 Oct 2018 16:20:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBP3U43xy8z7GryVLsioJ4Du+32ajSUQrOxAjqySHTQP3Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------97AE8088B8CBF4796EAED926"
Content-Language: en-US
X-Ovh-Tracer-Id: 16733968840664168689
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrfeeigdejlecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZW_FY_Vncumv3WwZLd7jD5lPhJE>
Subject: Re: [TLS] HELLO_VERIFY_REQUEST during abbreviated handshake (session resumption)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 14:20:49 -0000

Thx Ekr. Here is a discussion about our concerns : 
https://github.com/eclipse/californium/pull/751

Le 16/10/2018 à 22:18, Eric Rescorla a écrit :
> Hi Simon,
>
> I don't think we specified a concrete recommendation, but I think the 
> answer is probably no. The reason is that:
>
> (a) a resumed handshake is very cheap, so it's not really saving CPU
> (b) the server's first flight is small in resumption, so amplification 
> isn't much of an issue.
>
> Maybe I'm missing something though.
>
> -Ekr
>
>
>
>
> On Wed, Oct 3, 2018 at 7:05 AM Simon Bernard <contact@simonbernard.eu 
> <mailto:contact@simonbernard.eu>> wrote:
>
>     Hi,
>
>         In DTLS 1.2 over UDP, I would like to know what is the
>     recommendation about using HELLO_VERIFY_REQUEST during an abbreviated
>     handshake.
>
>         Should we send it all the time ? or could we avoid to send it if
>     SESSION ID is known ?
>
>     Thx,
>
>
>     Simon
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org <mailto:TLS@ietf.org>
>     https://www.ietf.org/mailman/listinfo/tls
>