IETF Logo Mail Archive

Re: [TLS] AD review of draft-ietf-tls-falsestart-01

Bodo Moeller <bmoeller@acm.org> Thu, 24 March 2016 00:38 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15CAE12D112 for <tls@ietfa.amsl.com>; Wed, 23 Mar 2016 17:38:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ai2Im4DwAMtR for <tls@ietfa.amsl.com>; Wed, 23 Mar 2016 17:38:21 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55F56128874 for <tls@ietf.org>; Wed, 23 Mar 2016 17:38:21 -0700 (PDT)
Received: from mail-lf0-f49.google.com ([209.85.215.49]) by mrelayeu.kundenserver.de (mreue002) with ESMTPSA (Nemesis) id 0M8u6u-1adMRD1dVM-00C9fS for <tls@ietf.org>; Thu, 24 Mar 2016 01:38:19 +0100
Received: by mail-lf0-f49.google.com with SMTP id d82so23296925lfe.3 for <tls@ietf.org>; Wed, 23 Mar 2016 17:38:18 -0700 (PDT)
X-Gm-Message-State: AD7BkJJFxurOnRmdSykMQyC4tUUPVJiQdmHt4DTIpO9Qyl27l3UB+bWLKTQlP64sXUh7J6MrR8gwXELZqjvwxw==
MIME-Version: 1.0
X-Received: by 10.25.207.204 with SMTP id f195mr2301060lfg.41.1458779898598; Wed, 23 Mar 2016 17:38:18 -0700 (PDT)
Received: by 10.112.22.67 with HTTP; Wed, 23 Mar 2016 17:38:18 -0700 (PDT)
Received: by 10.112.22.67 with HTTP; Wed, 23 Mar 2016 17:38:18 -0700 (PDT)
In-Reply-To: <56F2B2E7.1060809@cs.tcd.ie>
References: <56F2B2E7.1060809@cs.tcd.ie>
Date: Thu, 24 Mar 2016 01:38:18 +0100
X-Gmail-Original-Message-ID: <CADMpkcLg4c2Q1Rq8n+HKzOM2Q7-S+VRmWy+W9kDOX5dZ9Z67Hg@mail.gmail.com>
Message-ID: <CADMpkcLg4c2Q1Rq8n+HKzOM2Q7-S+VRmWy+W9kDOX5dZ9Z67Hg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a1140052ea95df1052ec0a954"
X-Provags-ID: V03:K0:Md6NgWg1q5HHjpezx7BfJyoLM2Aadl9yQwaHjAq0BzOXa6mFGWP ugbZqPX8JiNaHus6Op/cLWm0pbzDyAEh9FmrBNwMSnd6PqwjXTS3nWn8x+UWML2bwMMZCzv sZpIVqxBv19PaD67oiWMGjBq5c7KwdtH+2SuGao2YOnFedMmIaUdbZQ1FHtUd+DZ189V8yK iQVi90TLxIyFlrPanRyhg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:94Gomiju8mQ=:vwE1DTFPJKHPV3KVbw/yPK 8vZ47xeRpYMU7xr+GjQnOKK96O66Gut1vwRW08jgB7SxA2vyWdRPsi8yEIuvkyKuln4hvd8xJ 638TANJ8JQ6KwyG8ziGTb7dB9VZN8hBHFsnNQl4uIKjBotan+tZDsV8dJfYtCdqTcwyNcwO+n OJjbReo/gMLLSEbPFXtJDedEHPIgTeJXh6as0C+IRjtLxQ+yzTc1NvP2qhK+Qq0JARsD7C1qb N7mpARjekYiylRRdaTHrAQVyc0JzjMgt034rqwYuqFZLzwclRvy89Uvo80ovSV3LoSI5wIgYb Rw2Ca0y6bTnLtzjTW011sG5JQ2Fe9fxg0RpCTtkKde7V9LDblwRTalLxE2HQDR+gvuhtriIU1 SPNJEmkblMi3RBhsnAQ9lNJ+f1QDqHU/K3UL/oS5B5I14VWJQbGlgm1hWduu2+Gx6GaGdJs4T dlNBUPNwVRtO47jlvWuJywce/QiA7vJxKAr/lcvytCsZlH+o3WHHZXw0NyQnCcBrHX02Me39V 3bmK2Xpq5C53Y1eRQJ+JK1VTy1a8eZTX+vqdrH4AC2IIHBM61EvdVXPxTCEO0aZHa4COdN4vM RykLapdmAq0zxH0DV5xAijMHq/LAlW92rAQvn9CVTA/SQQZljYMn+9URgKFbdFztADTkJG9CM HzpPqW/xSsHk5d52wYiwESNQ/xKZFZb51AU2zBss5ZTHtlOQPHfwO2iwK6AdQtMdDSzyKU+7L oYMHEbx7S/grac5d
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/q_E0iSadvsz889IToQG6IGEpjW4>
Cc: tls@ietf.org
Subject: Re: [TLS] AD review of draft-ietf-tls-falsestart-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 00:38:24 -0000

"Stephen Farrell" <stephen.farrell@cs.tcd.ie>:

> (1) Why experimental? Wouldn't this be better as info
> and documented as "here's a spec for a thing that's
> widely deployed." I fear we may get questions like
> "what's the experiment?", "where's this going in
> future?" if this aims for experimental, and info may
> avoid that esp if we really want people to move to
> TLS1.3. I also didn't see list discussion about what
> kind of RFC to aim for, but maybe it was discussed at
> a meeting or interim? (Apologies if I missed that in
> my scan of the list.)

I'm myself torn between "Experimental" and "Informational" (certainly not
"Historic" because the spec has not been superseded by a more recent one
and is not obsolete for any other reason [
https://tools.ietf.org/html/rfc2026#section-4.2.4], unless we somehow
manage to complete TLS 1.3 standardization before this). Taking into
account how False Start is actually deployed (and taking into account that
we expect it to eventually be replaced by a TLS 1.3 mechanism) and how our
I-D is cited in research papers on TLS, "Experimental" sounds right to me:
the spec really is part of a research and development effort [
https://tools.ietf.org/html/rfc2026#section-4.2.4]. "Informational"
wouldn't be wrong either.

> (2) The write up and some mail list traffic and AGL's
> bloggy thing all refer to NPN, but there's no mention of
> NPN or ALPN in the draft.  What's up with that? (Not
> saying that needs to be explained, but I wondered.)

The NPN dependency was a design decision for one implementation, but it's
not common to clients using False Start. For interoperability, you always
have to consider how to deal with what you expect to be deployed
*currently* (and NPN support certainly is one good indicator for False
Start tolerance, if you don't mind tons of false negatives), but I wouldn't
see much value in compiling the minutae of that in this kind of document:
it'll go stale quickly.

> (3) Why is there no description of the reasons for all
> the MUST only use whitelisted <foo> and for the choices
> that are whitelisted?  Wouldn't omitting that tend to
> lead people to use this more badly?

Well, I tried to capture the general reasoning in the spec -- but not the
detailed reasons for the specific choices suggested, because that again
would just go stale quickly.

In particular, I think this is an important observation in the I-D:

"If heuristically a small list of cipher suites and a single protocol
version is found to be sufficient for the majority of TLS handshakes in
practice, it could make sense to forego False Start for any handshake that
does not match this expected pattern, even if there is no concrete reason
to assume a cryptographic weakness."

So the whitelists should have algorithms that are actually used in practice
and that don't have critical weaknesses, but why exactly those particular
algorithms happen to get used in practice is mostly out of scope here.

Bodo

> That could be done
> with some explanatory text and using some of the
> references below maybe. Or, if we don't really want new
> folks to implement this (do we?) then just saying that
> might mean it's ok to not explain the "why." (And then
> you could also address #1 above then by issuing this
> as an historic RFC too if you wanted.)

v2.23.0 | Report a Bug | By Email