Re: [TLS] TLS 1.3 Problem?

Martin Thomson <mt@lowentropy.net> Tue, 29 September 2020 23:51 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4128F3A131B for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 16:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=HL4IaF5a; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=BqHaZ7Jv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RhJbMCytgVZe for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 16:51:47 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B7CC3A1317 for <tls@ietf.org>; Tue, 29 Sep 2020 16:51:47 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 6BED95C0129 for <tls@ietf.org>; Tue, 29 Sep 2020 19:51:46 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Tue, 29 Sep 2020 19:51:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=h81n5 lzhcilWC/81YitZGSJvN4+KtZjwIBWfq8IZqik=; b=HL4IaF5aAxhbQFEw0x9ff XuVfvj7Urhk8tI7fFogXl8V2sY/YvnAxO2e5H5TATx1xFD/tJfioC/VyzJFg2tq5 sTjPUirRHOp+5JxSFxO5bL72A+J3MaKQjp3YFataTCHWIlGkAHO87ren4JbXyMC5 synzTKZiZjP0uPr7seS5dno+iUzzqXQDaarkyPh4aWeHsALhOjgjbGMzNvH10o+I FONScQ7dqmSSS9MytTWQ3L8wv0ugA4e4KY4tt/mDqZzNPWdKlFPo/fbfBMs+BnVS Te0s0XLMDHU6T+TeBOguQrUMFx+NuewcPz1O10sXEhYnQLwIi2xUBiG1k3nXcmI1 w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=h81n5lzhcilWC/81YitZGSJvN4+KtZjwIBWfq8IZq ik=; b=BqHaZ7JvhsmNrFfmd8SxeXiA4LRrTDY3klPjXb/clN5L5oV5ruXMtGV7p tFNjgiGZIwACgk2q0+n9Ydx1DSZ5R2etYvesv2Gm+X1FJv0rM8/JdyY6VTRYr2+A RSlViStwJ51gyVFR/9yG75DGgeefdfV+AVyeLOs0/QW3s4ugJdhWhgvgn2883QUe sGEqITfDmFQ+PhP7XDbXx/Pm5yCHCJrfWEurXW5XBb6nNUdfTjE6hPciJl1LdbnY rt3RUuksSpKqyFofwkMBKzRQHySC3bMR/oirAxZizNcdVTTaQPvp5V6CXez4DTWE TjpCz+OOVC0o9BB8khDTK0MeRdqEg==
X-ME-Sender: <xms:kshzX-LqCpLYgnPfM-g80D4yU1wwlneNlB9gZd9iUJMH3MaOSR0uzA> <xme:kshzX2Iq-8mpWiZZWUApzjd0hoWgeQlmhOuWK7M-6Q9Hat-2dev4Dc3fJjsHH0X1P 4qaEP6ogmnwSt5VC-c>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrfedtgddvgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefgjeeuudeiffeltdegle ehjedvtedtjeduudehgfegfefgkefgueeiteegffdttdenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:kshzX-tvva3wGeBjdMCPY9JpDultkk0t2c2O_gLZmryPDB6KHQooQw> <xmx:kshzXzY1vWfFnvfNFVK0nTTRKedTzCvoaRiudejNGEcnP0e-mc5noQ> <xmx:kshzX1bwaUdfW_4Sgs6LQBbLDkU2eawwX3bGbo6Uchen9TLDeGZncg> <xmx:kshzX-kPRXgqIFECkOrNp8EOprhwXCzXPO3GZV-i4aVPOTrECuRp_w>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 15F222006A; Tue, 29 Sep 2020 19:51:46 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-382-ge235179-fm-20200928.002-ge2351794
Mime-Version: 1.0
Message-Id: <eaace566-4fe2-4e86-8382-e0583ce43435@www.fastmail.com>
In-Reply-To: <9b2bb784-5895-bc8a-fae5-1c2056972f97@pobox.com>
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com> <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com> <CACsn0cmbDz3ML8o5moAacqfXqYQo-Hqi53XQL6UoGYcZBwy-Mg@mail.gmail.com> <96777977-7707-4311-9876-ca3d53f57f3e@www.fastmail.com> <9b2bb784-5895-bc8a-fae5-1c2056972f97@pobox.com>
Date: Wed, 30 Sep 2020 09:51:27 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r7TSYhxF0aZhEghmpSybmlRUw3w>
Subject: Re: [TLS] TLS 1.3 Problem?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 23:51:48 -0000

On Wed, Sep 30, 2020, at 01:14, Michael D'Errico wrote:
> Also, are you sure you want to do this?  The design of
> TLS 1.3 was supposed to make it fast, but creating a
> pseudo session ticket for every connection requiring a
> HRR and then validating and decoding it is going to be
> really slow.  And your data center is going to get hotter
> because your servers will be compute bound instead of
> memory bound (if they even were).

It's symmetric crypto[1].  Hardly worth noting.

[1] Mostly.  NSS wraps the symmetric key with an asymmetric key so that server clusters can share session ticket encryption keys without needing interconnects.  But encryption or decryption only happens once per instance.