Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft

Stefan Santesson <stefan@aaa-sec.com> Tue, 02 March 2010 21:54 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 954523A8CE5 for <tls@core3.amsl.com>; Tue, 2 Mar 2010 13:54:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3C8d+Yn5XETT for <tls@core3.amsl.com>; Tue, 2 Mar 2010 13:54:47 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id 98E993A8CE4 for <tls@ietf.org>; Tue, 2 Mar 2010 13:54:47 -0800 (PST)
Received: from s57.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 4245E2AEA32 for <tls@ietf.org>; Tue, 2 Mar 2010 22:54:11 +0100 (CET)
Received: (qmail 8578 invoked from network); 2 Mar 2010 21:54:01 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s57.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <jsalowey@cisco.com>; 2 Mar 2010 21:54:01 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Tue, 02 Mar 2010 22:53:59 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Brian Smith <brian@briansmith.org>
Message-ID: <C7B34787.8C15%stefan@aaa-sec.com>
Thread-Topic: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
Thread-Index: Acq5S5tynLFDszVpTL69lIbGJgQdRgA4iWUwAAlG+TE=
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE509BD3594@xmb-sjc-225.amer.cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: Simon Josefsson <simon@josefsson.org>, tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 21:54:48 -0000

It seems that we have some decisions to make here. Hopefully we can sort
them out in Anaheim and then move on to closure.

/Stefan

On 10-03-02 6:30 PM, "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>; wrote:

> It looks to me that the client-side hash computation option is simpler if we
> don't try to build in agility and negotiation.  If we feel we need these then
> having the server assign an identity for these values seems simpler.
> 
> Joe
> 
>> -----Original Message-----
>> From: Brian Smith [mailto:brian@briansmith.org]
>> Sent: Monday, March 01, 2010 6:29 AM
>> To: Stefan Santesson
>> Cc: Joseph Salowey (jsalowey); Simon Josefsson; tls@ietf.org
>> Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft
>> 
>> Stefan Santesson wrote:
>>> It seems like an unnecessary complexity.
>>> 
>>> The original approach have two functions
>>> 1) Client informs the server what information it has cached
>>> 2) Server accepts caching and replaces the data with the hash provided
>> by
>>> the client
>>> 
>>> In the alternative approach this is expanded to:
>>> 1) The client tells server that it wants to cache data
>>> 2) The server provides hashes/identifiers of info the client may cache
>>> 3) The client signals that it has cached info with identifiers provided
>> by
>>> the server
>>> 4) The server replaces cached data
>>> 
>>> I see no reason to make the protocol any more complex than it need to
>> be.
>>> 
>> In the alternative approach, there is no need to pass multiple hashes of
>> the same item back/forth, so the syntax becomes simpler. Also, the
>> client and server do not have to agree on a hash algorithm at all, which
>> is a big simplification. The client doesn't have to calculate anything,
>> which is a further simplification.
>> 
>> Many clients won't want to cache this information unless the server says
>> that it supports the extension. That is why Adam Langley and others have
>> asked for a ServerHello extension that indicates the items for which the
>> server supports caching. It is very easy for the server to just stuff
>> the identifiers inside that extension.
>> 
>> Regards,
>> Brian