Re: [TLS] ALPS and TLS 1.3 half-RTT data
Cory Benfield <cory@lukasa.co.uk> Tue, 08 December 2020 08:47 UTC
Return-Path: <cory@lukasa.co.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41ABE3A0E28 for <tls@ietfa.amsl.com>; Tue, 8 Dec 2020 00:47:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lukasa-co-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tquUdo0-hsfz for <tls@ietfa.amsl.com>; Tue, 8 Dec 2020 00:47:41 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C80473A0E26 for <tls@ietf.org>; Tue, 8 Dec 2020 00:47:40 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id l11so21995464lfg.0 for <tls@ietf.org>; Tue, 08 Dec 2020 00:47:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lukasa-co-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=WErGdEYgxhDsKZX35FjA8KmHJ/8LjiQ03ulsTTyluX4=; b=fTmXNp+V9uZSYvKGjACiaFxxHCqDAzvBFIjXvtpF9fMBnJusQTGX8xX2dDPRTJhRTa gzqiRt/sgaXdhclDVHLjw12OdpimBD6yhp4uNMn+o8E0fYWW+9vbXKCj5TjAxziBbihS zLZsFKZEQfLzuLvYcMAa2ThYIgPNWlY18WWKTO9rtY4SSLzkxlQpOhjP8lyw4yh+DQNW a+tcejKptdECiglgKJRF/3REMAhultkhzOT5k44wpyvP3eMwx+efnaxhwWLGxIAtOQnm hCcIiKNfwBbAGB1ZKv05wyB0hJU7+tEzrzI2a39E5Vo28Z54lsR3VTp9FBYG3w49Qe4h JCWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=WErGdEYgxhDsKZX35FjA8KmHJ/8LjiQ03ulsTTyluX4=; b=D2CRDeBKKch4nvilwzW9l8Y0QEKQC8N6y5uThXqfT1le6zqFzZXJD7f7Dna1cipOe3 c1hgCQK5MyS2aHoiWkf3W3/ieSUZOVRQLFD56kF3p2EAEv4bJjG7MSagottUjkO6gabU +YoRWIUs5dGz7xEdBbcxOgOtcyhfDj/q/SYNIpgK4OpitTOMAUOOxRhRY0XOJ5o3L8y4 L74sKyve8zMH8svT5bY0Yq3yR2OKgX4lsTNssBBX6kSqLUlkWATq9tOafbdm+pMD6415 9JmFGX8HyZlqjVkJ6vOcj4LfdJHRI9JQ/Pj3iU1hPH69/xYA0qFnBWrSfHEQIiV23krj I6gg==
X-Gm-Message-State: AOAM533NNgA+XQl0NW7hyKw4caQdeL4oIaFv9IpNIZGq5GFJQ/45tJ8/ Dv06tzKgWCnPkopUgm+D9ahZ7/3jasGawnjDeEJw0g==
X-Google-Smtp-Source: ABdhPJzNLjmSr27O4sxtg1A0PdFfEPwUtZum0s2eomwTXFruI5KoOdlisWg6RvznxSmYK/HW18xc+S1VD15/ip+cWuU=
X-Received: by 2002:ac2:4307:: with SMTP id l7mr10091240lfh.304.1607417258921; Tue, 08 Dec 2020 00:47:38 -0800 (PST)
MIME-Version: 1.0
References: <160703055132.9234.3055845983488231389@ietfa.amsl.com> <CAF8qwaAUE4H2-JxCyQJSWW680=Xp9pkUOQdOQpbLhd-HjYaVcA@mail.gmail.com>
In-Reply-To: <CAF8qwaAUE4H2-JxCyQJSWW680=Xp9pkUOQdOQpbLhd-HjYaVcA@mail.gmail.com>
From: Cory Benfield <cory@lukasa.co.uk>
Date: Tue, 08 Dec 2020 08:47:28 +0000
Message-ID: <CAH_hAJGfKcDCLA7T_AnXHEK7Y4Qw814mkQcRNq-szF3-83L3Ag@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: "<tls@ietf.org>" <tls@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/n8E3QOMEDkIFM7ZSkDKBeMNzBQc>
Subject: Re: [TLS] ALPS and TLS 1.3 half-RTT data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 08:47:42 -0000
On Thu, 3 Dec 2020 at 21:56, David Benjamin <davidben@chromium.org> wrote: > > Hi TLS and HTTP friends, > > At the last HTTPWG interim, there was a question of why one would want something like ALPS (draft-vvv-tls-alps) for HTTP SETTINGS (draft-vvv-httpbis-alps) over TLS 1.3 half-RTT data. I know we've also had some discussion on this topic in the TLSWG as well. At the HTTP meeting, folks suggested writing up what a half-RTT-based mechanism might look like, so I put together an I-D below. I hope it helps clarify some of our thinking. > > (The I-D is not meant for adoption or publication or anything. I figured an I-D was probably the most familiar format for folks.) > > David Thanks for producing this document David: I think I was one of the folks who pushed for clarification in this area. I think the document does a good job laying out the difficulties with half-RTT data, but it didn't convince me that ALPS is easier for H2. My biggest concerns are around the need to tightly couple the TLS and application layer stacks. ALPN has been reasonably straightforward to handle, being essentially a static byte sequence vended by the application layer protocol. QUIC transport parameters are already harder, but for things like H2 the state machines have to be complicated by the addition of an essentially parallel I/O path. This is because, unlike QUIC, H2 does not (and cannot) spec the requirement for supporting the ALPS extension so the state machines need to tolerate the possibility that they will supply the SETTINGS as ALPS-data but then need to redeliver it in-band, which is fairly unpleasant (doubly so for servers that may want to use multiple TLS stacks, which now have to mitigate timing issues). I think if ALPS were restricted to protocols that could mandate its support then ALPS seems great. For H2 this seems unlikely to be deployed in the long-tail which limits its usefulness, and tbh I think brings more complexity than it's worth.
- [TLS] ALPS and TLS 1.3 half-RTT data David Benjamin
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Martin Thomson
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Victor Vasiliev
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield
- Re: [TLS] ALPS and TLS 1.3 half-RTT data David Benjamin
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Martin Thomson
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield
- Re: [TLS] ALPS and TLS 1.3 half-RTT data David Benjamin
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Victor Vasiliev
- Re: [TLS] ALPS and TLS 1.3 half-RTT data Cory Benfield