Re: [TLS] CPU cost of 1RTT handshake

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Sun, 10 August 2014 21:11 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E3C1A0052 for <tls@ietfa.amsl.com>; Sun, 10 Aug 2014 14:11:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPyRskEZ6lXX for <tls@ietfa.amsl.com>; Sun, 10 Aug 2014 14:11:19 -0700 (PDT)
Received: from emh06.mail.saunalahti.fi (emh06.mail.saunalahti.fi [62.142.5.116]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6061C1A0051 for <tls@ietf.org>; Sun, 10 Aug 2014 14:11:19 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh06.mail.saunalahti.fi (Postfix) with ESMTP id 71DCC699B2; Mon, 11 Aug 2014 00:11:14 +0300 (EEST)
Date: Mon, 11 Aug 2014 00:11:13 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20140810211113.GA32711@LK-Perkele-VII>
References: <CACsn0cmxi5DdJz=XosLe3Kw=NYQnpm7PbzyPtqZAQrinzTsgAQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CACsn0cmxi5DdJz=XosLe3Kw=NYQnpm7PbzyPtqZAQrinzTsgAQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/s6zbaayloAtqJRpzocfSowNh2lA
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] CPU cost of 1RTT handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 21:11:21 -0000

On Sun, Aug 10, 2014 at 01:35:13PM -0700, Watson Ladd wrote:
> Dear all,
> 
> Right now, instead of the server defining the group to be used and
> sending a key in the group, the client computes multiple keys, and the
> server selects one. This is very bad for embedded devices with
> constrained CPU, especially if they are connecting to a server over
> high-latency, low-bandwidth links.

Have the constrained client support just 1 group (most probably the
cheapest one to compute, hopefully it is something secure)?

Constrained clients hopefully don't go connecting to random servers.

Supporting additional groups would mean additional code too, and ROM
space is scarce in constrained devices (50-250kB _total_ might be
typical).


-Ilari