Re: [TLS] One stream to rule them all (was Re: Security review of TLS1.3 0-RTT)
Martin Thomson <martin.thomson@gmail.com> Thu, 04 May 2017 01:52 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6EF012785F for <tls@ietfa.amsl.com>; Wed, 3 May 2017 18:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwoARu_z2Xso for <tls@ietfa.amsl.com>; Wed, 3 May 2017 18:52:03 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B11BF129486 for <tls@ietf.org>; Wed, 3 May 2017 18:51:59 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id m36so309657qtb.0 for <tls@ietf.org>; Wed, 03 May 2017 18:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KOPyhFu7GtR/hBlHCZHyQnR0TfMupE7wz4pO5RuBZ/o=; b=PXCj4kV7muLkHz61EDR9kcWzrHRiVt1jE32LNM5BdEO7qUrRwKxTlBvoQRVfc4J3Tn kedW4jLl8yd/HZ6MYUAJ4+iu+53hvONtLVkfff0u2EGxxecG0yqSo/8c3TdpDX6teX35 bSvf3QKMQ/d7obcn0Ga84vlrRtj37gNtzi6+UL+CK7bx6rwxgjbyAxv3BxC9oREpsx8c 6sI3CljnTN1/soWsqDW9txtyAmj8q2uoTAF2EU7LNsKrHnqJ5BlipZfTpmU3YoHdRtks Lse2RwCfYMJx8HJk4b3BUEebWcnC+GqWd1c7rxYDsk5khPpyw/Et/+fUuduNBPwn4Yh5 cgWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KOPyhFu7GtR/hBlHCZHyQnR0TfMupE7wz4pO5RuBZ/o=; b=cLjgTB6rKyyZTp1bB5EcwXIkpilsPdJ9Xysl12Jg2eDzy3/05e6DWpeM0GWp79YOfE uM+lvRk2cCBxNAQASgmxo1G7RwMA2A1IsS5/+YUxZPYW/mF+4mkBYmmFfFoC4cGbp9jg m3v3P9X9gX0cQLWNN+ToImJ4GoWV/RuNwB2V51pt1FZXXkWGnYRWQ7E+AGFCwGpZ17EC 9+JAWf1LtMk2im1p8/gr4M1xin3b2Oo4iMy/e7Yw7N1YeME3eeoHuKRT6WkbsXBvsXOj 2GhPT60rVRswUovha8kwHxFlGlnWGTV4lahU7h8tO12PePL4ZMiSspv+R1M2YlABAzk7 eTbg==
X-Gm-Message-State: AN3rC/5fGWUeyBK8/IthGN4yhxs2CmnuPvX6qm/UciQjh0GW1I/+4Dyg J4BLWUza28MDMYM4qV2ypdt/aO2vlw==
X-Received: by 10.200.54.2 with SMTP id m2mr32817898qtb.176.1493862718937; Wed, 03 May 2017 18:51:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.168.137 with HTTP; Wed, 3 May 2017 18:51:58 -0700 (PDT)
In-Reply-To: <19b9d223-14b1-87d4-1790-891cc9166e12@akamai.com>
References: <CABkgnnWseFHVLu_Qmn7AkdJVYHGdOAZfPP=Trz_3MbQV5H5Wcw@mail.gmail.com> <19b9d223-14b1-87d4-1790-891cc9166e12@akamai.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 04 May 2017 11:51:58 +1000
Message-ID: <CABkgnnUGTueTUomzjsh5=uVmA_g3h1VO_D3x52JBE7EU_2tn=A@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/i_KiOtvsxmcbRj22MpslhV9utRI>
Subject: Re: [TLS] One stream to rule them all (was Re: Security review of TLS1.3 0-RTT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 01:52:05 -0000
On 4 May 2017 at 11:41, Benjamin Kaduk <bkaduk@akamai.com> wrote: > A related question is whether NSS wants to be a general-purpose TLS library, > or an HTTP-specific TLS library. I have mostly come to terms with the HTTP > application profile for 0-RTT saying "combine the streams" (but still want > to see it written down with a proper security analysis before it gets > widespread), but other application profiles might do different things! Are > you painting yourself into a corner? Sure, in a multi-dimensional space, corners can appear in the strangest places. But given that TLS is streams on both sides, I can't think of a way that an alternative model would make sense. It's definitely the case that an application protocol could be designed to deal with 0-RTT as a separate stream, but when all they wanted was a stream abstraction, the idea that there might be an antechamber stream they have to deal with separately is hard to reason about. It's harder still when you consider data limits on 0-RTT and the need to complete the handshake in a timely fashion. A separate thing could mean that sending 0-RTT would block handshake completion because the sender might want to ensure that a complete "thing" was sent in 0-RTT. Either that or you have to deal with truncation. If we need another API, it's not impossible to build one, with options to cause 0-RTT to be routed to it. I just don't see us needing one any time soon.
- [TLS] One stream to rule them all (was Re: Securi… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Benjamin Kaduk
- Re: [TLS] One stream to rule them all (was Re: Se… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Salz, Rich
- Re: [TLS] One stream to rule them all (was Re: Se… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Colm MacCárthaigh