Re: [TLS] Fate of resumption
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 19 October 2014 04:13 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B211A014C for <tls@ietfa.amsl.com>; Sat, 18 Oct 2014 21:13:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrqO8vEzudDH for <tls@ietfa.amsl.com>; Sat, 18 Oct 2014 21:12:58 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38EB31A0126 for <tls@ietf.org>; Sat, 18 Oct 2014 21:12:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1413691980; x=1445227980; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=A5tmO1XCMwbMxEu/UlO22RD90FykHWOjnbzN2WHLOBc=; b=By+7+KBHTaBRK8RXDo2phABKdv7l8KlJQCC1k4+N3VVPe7vu2K095oOc Ju0S/u3AuIyKgQfieZr8ldDqiDQb3+Mw1kDcJfHVBDe+cZYC3v8Ux5nuu XC2hZfv9PrZOXzXxR/TmdvVdBz2lsU8/ZOwccjyFOi/M3MEl4nv1SWgrX s=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="284093803"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 19 Oct 2014 17:12:56 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.15]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0174.001; Sun, 19 Oct 2014 17:12:54 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Fate of resumption
Thread-Index: Ac/rUvS9phLFSr5DQF6lXJQJycl6Xw==
Date: Sun, 19 Oct 2014 04:12:54 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9D2984@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/plQqth91Tin9NzBgagsUTt3W_2Y
Subject: Re: [TLS] Fate of resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Oct 2014 04:13:04 -0000
Yoav Nir <ynir.ietf@gmail.com> writes: >This trend started with HTTP/1.1, but it’s now common for TLS sessions to >last for many minutes as long as the browser window remains open.Since the >original session lasts and lasts, there is less use for resumption. And the important point here is "browser window remains open". Vast numbers of TLS uses aren't browsers (it's the universal substrate for secure connections over the net), they close and reopen the connection as needed. Dropping resume would be a catastrophic performance hit for them. I've worked with devices that have cache expiry times of 24 hours or more, the planning for them is that the high-overhead initial full handshake is something they have to put up with in order to bootstrap an entry in the session cache, at which point they can operate normally. >With HTTP/2 poised to get deployed on much of the Internet, Given its embedded-device-hostile nature (and the http-ng WG's response of "let them eat HTTP 1.1"), it may get widely deployed for the browser-based web, but I don't know about everything else. Peter.
- [TLS] Fate of resumption Eric Rescorla
- Re: [TLS] Fate of resumption Yoav Nir
- Re: [TLS] Fate of resumption Peter Gutmann
- Re: [TLS] Fate of resumption Erik Nygren
- Re: [TLS] Fate of resumption Martin Thomson
- Re: [TLS] Fate of resumption Joseph Salowey
- Re: [TLS] Fate of resumption Peter Gutmann
- Re: [TLS] Fate of resumption Martin Thomson
- Re: [TLS] Fate of resumption Peter Gutmann
- Re: [TLS] Fate of resumption Tom Ritter
- Re: [TLS] Fate of resumption Martin Thomson
- Re: [TLS] Fate of resumption Peter Gutmann
- Re: [TLS] Fate of resumption Alex Elsayed
- Re: [TLS] Fate of resumption Viktor Dukhovni
- Re: [TLS] Fate of resumption Eric Rescorla
- Re: [TLS] Fate of resumption Watson Ladd
- Re: [TLS] Fate of resumption Eric Rescorla