IETF Logo Mail Archive

Re: [TLS] Session resumption ticket reuse considered harmful

Nico Williams <nico@cryptonector.com> Thu, 05 March 2020 23:08 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91A043A0DF0 for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 15:08:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YSF8rzVrgKUZ for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 15:08:33 -0800 (PST)
Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32CEF3A0DEF for <tls@ietf.org>; Thu, 5 Mar 2020 15:08:33 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id EC6B021787; Thu, 5 Mar 2020 23:08:31 +0000 (UTC)
Received: from pdx1-sub0-mail-a85.g.dreamhost.com (100-96-215-19.trex.outbound.svc.cluster.local [100.96.215.19]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4AB0A21E64; Thu, 5 Mar 2020 23:08:31 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a85.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Thu, 05 Mar 2020 23:08:31 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Shade-Spill: 391b40931b207cd3_1583449711743_2913138958
X-MC-Loop-Signature: 1583449711743:476156255
X-MC-Ingress-Time: 1583449711743
Received: from pdx1-sub0-mail-a85.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a85.g.dreamhost.com (Postfix) with ESMTP id 0479680AC2; Thu, 5 Mar 2020 15:08:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=PwikfJpiqueRrY x7iPZNxHj/iVw=; b=vloJ3YuyixTegR0BD/cO7AKkBhh2gQT/JlUCje9ljoCPTb BvgkRo4Dh5mmR7WU9yHzc7/+og/ymRs6MTX32ooVInPpAWu6Qx279V15WTm3ewVP lV4v/UAwa9ba+MCQfcqooyd/Riui1K9Y9MElL3LUCKbP0TUmqN7e4Di6ppC0k=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a85.g.dreamhost.com (Postfix) with ESMTPSA id 645F280A4F; Thu, 5 Mar 2020 15:08:24 -0800 (PST)
Date: Thu, 05 Mar 2020 17:08:22 -0600
X-DH-BACKEND: pdx1-sub0-mail-a85
From: Nico Williams <nico@cryptonector.com>
To: Watson Ladd <watson@cloudflare.com>
Cc: IETF TLS <tls@ietf.org>
Message-ID: <20200305230821.GU18021@localhost>
References: <20200305205524.GR18021@localhost> <CAN2QdAGja9JoXsSSnmdkjHk7kNbDpEiMVkPpA6VDCfRjo9DRVw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAN2QdAGja9JoXsSSnmdkjHk7kNbDpEiMVkPpA6VDCfRjo9DRVw@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrudduuddgtdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dXnTSYJpVzE2yepGtWbfT8wYsW4>
Subject: Re: [TLS] Session resumption ticket reuse considered harmful
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 23:08:35 -0000

On Thu, Mar 05, 2020 at 02:49:23PM -0800, Watson Ladd wrote:
> On Thu, Mar 5, 2020 at 12:55 PM Nico Williams <nico@cryptonector.com> wrote:
> > .... unless both parties agree.  It takes two to agree.
> 
> As far as I am aware session tickets being single use isn't enforced
> by any server right now: it's a desirable but theoretical property for
> 0-RTT.

Is that so?  Will that remain so?

> My skepticism is entirely a function of this being a late breaking
> [...]

What is late breaking to you?

The change was proposed during WGLC.  If before or during WGLC is too
late, when is it not too late?  At WG work item adoption call?

See also my post about feature matrix issues.

> [...]
> change to a relatively simple proposal, with not very much in the way
> of quantifiable evidence to back up the concern that shared cache
> contention is a big overhead. Is it 1%? .5? 10%? of the total time to
> use a connection. At 10% we definitely need to do something, at .01%
> we almost certainly don't.

Right, but this is where the "Postfix architecture" issue comes in.  I'm
having a conversation with him about this.  Viktor might be confused
about the CoW properties of LMDB, but in any case, the wire bandwidth
waste and server compute waste issues have nothing to do with Postfix's
architecture/design/implementation.

Nico
--

v2.23.0 | Report a Bug | By Email