Re: [TLS] More compatibility measurement results
Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 23 December 2017 14:07 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB6712D77C for <tls@ietfa.amsl.com>; Sat, 23 Dec 2017 06:07:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hX-ejQUxj4az for <tls@ietfa.amsl.com>; Sat, 23 Dec 2017 06:07:20 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5281312D779 for <tls@ietf.org>; Sat, 23 Dec 2017 06:07:19 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id AB0295DE6D; Sat, 23 Dec 2017 16:07:17 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id KwFxQWWthOPa; Sat, 23 Dec 2017 16:07:17 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 6B0112308; Sat, 23 Dec 2017 16:07:15 +0200 (EET)
Date: Sat, 23 Dec 2017 16:07:15 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: tls@ietf.org
Message-ID: <20171223140714.GA29043@LK-Perkele-VII>
References: <CABcZeBMKAYFzA+a87GW_z=oJCqNqCsbhffHswa9dyCRJz5u5+A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABcZeBMKAYFzA+a87GW_z=oJCqNqCsbhffHswa9dyCRJz5u5+A@mail.gmail.com>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ebFKQP_4TBrjRq2bBPFsowL4e8s>
Subject: Re: [TLS] More compatibility measurement results
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Dec 2017 14:07:23 -0000
On Fri, Dec 22, 2017 at 12:00:12PM -0800, Eric Rescorla wrote: > Hi folks, > > Here are the results of our experiment with Firefox Nightly (draft-22) > against Facebook. > > > RESULTS > > 37716 clients started the experiment and 37430 completed it (99.2%). > > The results are: > > Success Fail Rate > fb-tls12 35034 1176 0.032477 > fb-tls13-draft-22 34960 1250 0.034521 > fb-tls13-draft22-compat 35037 1173 0.032394 > > None of these differences are statistically significant (in the second > data set, the p value for 1.2 versus -22 is .13), but this all seems > consistent with saying that that -22 compat mode isn't significantly > worse than TLS 1.2 and that normal -22 may be somewhat worse > (unfortunately, we don't have -18 in this experiment). > > Taken together with the results David has reported and our previously > reported Beta results, this seems fairly encouraging. We'll probably > let the Nightly experiment run a little longer to see if we hit > significance, > but after that will start looking at a rollout of -22 to Release. ~3.25% baseline failure rate? That sounds quite high. ~0.2% above- baseline failure rate for non-compat? That sound fairly low, but there have been improvements here that could have caused substantial decrease. I wonder if the high baseline failure rate is due to high amount of blocking of the test server. And unfortunately, the places that blocked the test server are some of the most interesting when it comes to the compatibility. However, the results do establish that the incremential failure rates in open environments (anything that blocks the testserver very probably is not open environment) are low enough to proceed with. -Ilari
- [TLS] More compatibility measurement results Eric Rescorla
- Re: [TLS] More compatibility measurement results Ilari Liusvaara
- Re: [TLS] More compatibility measurement results Sean Turner