IETF Logo Mail Archive

Re: [TLS] Fate of resumption

Yoav Nir <ynir.ietf@gmail.com> Sat, 18 October 2014 16:54 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 963301A1B86 for <tls@ietfa.amsl.com>; Sat, 18 Oct 2014 09:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8Sb7ZX8RcC6 for <tls@ietfa.amsl.com>; Sat, 18 Oct 2014 09:54:52 -0700 (PDT)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F3591A1BA3 for <tls@ietf.org>; Sat, 18 Oct 2014 09:54:51 -0700 (PDT)
Received: by mail-wg0-f43.google.com with SMTP id m15so2750723wgh.26 for <tls@ietf.org>; Sat, 18 Oct 2014 09:54:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=C+LOH1QlUb1ktRgE7lDXsFphz1iTEDE3r2qSC0eSfa8=; b=TG+NWhE9MdqSeVOq3G+tvCtG/lxKpLnpul8wvJAfAUVAogxlOVjrw6+Uwt98P40eKK qWVzSxMcZfB6GvUo+j7Jt0/09RlVS+xKMyWiNqKz9NWiq7z1dx/Li+358AMe7k6ZY5Uo 7bAyXSHSms2q/nk6ObvoFHSuopjOuuNKPR9TyWWUlDLkoT8NLhE2a9fexokZ5sx9MH8W XFU15EXs3fn5Ky+qIzZOp9E2/5duXArK2dxAyCLBcy5s32pPT0ucd++MKyxDKmzsUc1f Drx0WEJOWIDzMnyZ9sll3hXguAzuvu5MIu1ACWE1LSpC2CRyNFtI5HIn42HlWp9TjjmU D0bQ==
X-Received: by 10.194.52.3 with SMTP id p3mr19315054wjo.93.1413651290645; Sat, 18 Oct 2014 09:54:50 -0700 (PDT)
Received: from [192.168.1.104] (IGLD-84-228-54-205.inter.net.il. [84.228.54.205]) by mx.google.com with ESMTPSA id gg18sm3449032wic.21.2014.10.18.09.54.49 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 18 Oct 2014 09:54:50 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CABcZeBP4=aXbQSFAhh4EenwRiTrv2LP=r50VeULm4f_0RR4swA@mail.gmail.com>
Date: Sat, 18 Oct 2014 19:54:48 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <BB80A1C1-DC0C-43C3-A671-E183311DFDF2@gmail.com>
References: <CABcZeBP4=aXbQSFAhh4EenwRiTrv2LP=r50VeULm4f_0RR4swA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/prtbQj-4DCyWWF71cbyBCznb4Qo
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fate of resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Oct 2014 16:54:54 -0000

On Oct 18, 2014, at 7:16 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> 
> The argument for resumption seems pretty straightforward: it requires
> significantly less computation (in the form of asymmetric operations)
> than a full handshake. I suspect that this argument is less powerful
> than it used to be for two reasons:
> 
> - Increased computational power.
> - Faster algorithms in the form of ECC.
> 

There’s one other thing, that is relevant for HTTPS, which is the biggest use case for TLS. The trend in recent years is that the TCP connections (and thus, TLS sessions) last for far longer than they used to.

This trend started with HTTP/1.1, but it’s now common for TLS sessions to last for many minutes as long as the browser window remains open.Since the original session lasts and lasts, there is less use for resumption. 

The latest figures I’ve heard were of 50% of sessions being resumed, which is still a lot, but far less than it used to be 10 years ago, when both browsers and servers typically closed TCP connections after several seconds of inactivity. Still, assuming PK operations account for a large chunk of a server’s CPU cycles (and it is so in some common benchmark tests), eliminating resumption can reduce a server’s session rate by up to 50%.

With HTTP/2 poised to get deployed on much of the Internet, that 50% figure (that I suspect is driven by browsers opening several simultaneous connections before a session cache entry is available) is likely to be reduced further.

Yoav

v2.23.0 | Report a Bug | By Email