Re: [TLS] Triple Handshake Fix.
Bodo Moeller <bmoeller@acm.org> Tue, 06 May 2014 09:49 UTC
Return-Path: <SRS0=LkZq=2E=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0B8991A028C
for <tls@ietfa.amsl.com>; Tue, 6 May 2014 02:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.579
X-Spam-Level:
X-Spam-Status: No, score=-1.579 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id mqee0Q4paCDE for <tls@ietfa.amsl.com>;
Tue, 6 May 2014 02:49:15 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131])
by ietfa.amsl.com (Postfix) with ESMTP id 7ED1F1A0173
for <tls@ietf.org>; Tue, 6 May 2014 02:49:15 -0700 (PDT)
Received: from mail-yh0-f46.google.com (mail-yh0-f46.google.com
[209.85.213.46])
by mrelayeu.kundenserver.de (node=mreue005) with ESMTP (Nemesis)
id 0M9L3K-1WYF910YVa-00CfJZ; Tue, 06 May 2014 11:49:09 +0200
Received: by mail-yh0-f46.google.com with SMTP id 29so411010yhl.33
for <tls@ietf.org>; Tue, 06 May 2014 02:49:08 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.164.198 with SMTP id c46mr56532484yhl.103.1399369748143;
Tue, 06 May 2014 02:49:08 -0700 (PDT)
Received: by 10.170.65.3 with HTTP; Tue, 6 May 2014 02:49:08 -0700 (PDT)
In-Reply-To: <CAK3OfOgzjchcyThCi+51xfq1qAN_Pvi7WetEurhSoFJFBq_Vdw@mail.gmail.com>
References: <CAL9PXLyGjM0R-NRdqzbfKWOvbLjT+mwE9uT0BQTpiFt5p27ATQ@mail.gmail.com>
<CALR0ui+RfdFiQ4-1Odb8DKa3Kc_Ont__eBnpMNa9Obm1FeCi2A@mail.gmail.com>
<CADMpkc+JeDDebHs0G3G3f17AGw9EjOe=EcK1dh_mikKjyF1DbQ@mail.gmail.com>
<CA+_8ft7fwatXJjDmcsHvXG5W+CRPAx8N1+cT9Mh86pntQ7=_vQ@mail.gmail.com>
<CAK3OfOgrXFeBEx8EWHaxvp7ZtQJ2YAap1myn5BHWKesTMCYEXA@mail.gmail.com>
<CADMpkcKTYhNAdNVypGiGu-axNWitLGRKzE3R6Rc81qJ2Jq6_bA@mail.gmail.com>
<CAK3OfOiD3RcO2u0v+u1nxtGo31iNY_NorLtMcaCqOr3BxazPXA@mail.gmail.com>
<CADMpkcLKaAMGcHmjOQzPqT=6fywgq8fhD9h7gxpvGzM6Esrb7g@mail.gmail.com>
<CAK3OfOjk714z8NaMm6EuKkrVPkhHoGGwvytjA9zL1x_3=AMJ3g@mail.gmail.com>
<CADMpkc+1iwE1Sy2R+ZGeZ-uiF4SHVx30HGeMU6ixVyGzrRt3=A@mail.gmail.com>
<CACsn0c=fnQpwhO7FTO1zjoJT5eix9LczOuihT=Yvjbj7PzjxaA@mail.gmail.com>
<CAK3OfOgzjchcyThCi+51xfq1qAN_Pvi7WetEurhSoFJFBq_Vdw@mail.gmail.com>
Date: Tue, 6 May 2014 11:49:08 +0200
Message-ID: <CADMpkc+Q1DVoYGS3mSUr0G1ds=iHOrV_B9LYJzUP+iKf0hh3Dg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary=20cf303f642cbf659004f8b8283b
X-Provags-ID: V02:K0:ozcrFDUOmEkE0DaLzXqXJ50tnMg7AI357OjiSXAorRT
sRV4tv57rM7DPG0GEM4xptvcELYrl3/DywUSb+HBWmWuTIY/gW
aurdO0UYPOZnzCrPcBFbzfN13zrmCUoNVVYAEz0arMl3xVY+V2
2+f88ki63pKLqCzSKHB8tbK/UY0sYI6UmTrar8Ym5ksibnFpgM
mnXnAP6MaT9LAkPQDEJAWX0piwfDruxtOGbXqgtkMT/XyJYehY
lB4zRYrvORz0xouiPI+pnlWX061JQxUkHwOSOSe1NZ7HbP/wCU
F5DXZrLQ7EKN0WmmEnqjgM6cFzuojvy6plLHxsdQMy4e1yJpI8
hxirK+MamQzdVbxT6SZhR/sCEXpI9sd0ij3k+LTmUyvtDn6rCt
anZ0BMy98elFSh/3KPLYKmoeB1WciTLDXY5dIIu9dnpj4AP2lV kuDMR
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/pNBDDosXWu_eOcQ1R_WGpT5lDDs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Triple Handshake Fix.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 10:01:01 -0000
Nico Williams <nico@cryptonector.com>om>: > On Mon, May 5, 2014 at 4:59 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > > > I vote for (1). Hardly anyone uses renegotation. Resumption is > > commonly used on the web today. Let's hurt the uncommon usecase > > instead of having a widespread performance regression. > > Even if we have consensus to remove renego in 1.3, for everyone else > there's a difference between "oops, it fails" and "hmm, it's not as > fast as usual". This isn't hurting the uncommon use-case, but > breaking a rare but not that rare usage. I don't want to break renegotiation entirely, hence my suggestion to allow servers to pick either (1) [disallow renegotiation with legacy clients] or (2) [disallow session resumption for legacy clients] at first. My concern regarding (2) is that "It's not as fast as usual" may actually manifest as "My servers are suddenly overloaded and I'll have to revert the software update". (1) is meant for early adopters, so that they won't have to regret being early adopters. Past a certain stage of adoption, everyone should just go to (2) directly. Bodo
- [TLS] Triple Handshake Fix. Adam Langley
- Re: [TLS] Triple Handshake Fix. Alfredo Pironti
- Re: [TLS] Triple Handshake Fix. Yngve N. Pettersen
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Martin Rex
- Re: [TLS] Triple Handshake Fix. Martin Thomson
- Re: [TLS] Triple Handshake Fix. Geoffrey Keating
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Watson Ladd
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Karthik Bhargavan
- Re: [TLS] Triple Handshake Fix. Karthik Bhargavan
- Re: [TLS] Triple Handshake Fix. Geoffrey Keating
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Martin Thomson
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Bodo Moeller
- Re: [TLS] Triple Handshake Fix. Watson Ladd
- Re: [TLS] Triple Handshake Fix. Nico Williams
- Re: [TLS] Triple Handshake Fix. Bodo Moeller