IETF Logo Mail Archive

Re: [TLS] First TLS cached information draft posted

Martin Rex <Martin.Rex@sap.com> Tue, 09 June 2009 10:02 UTC

Return-Path: <Martin.Rex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 806C53A6A28 for <tls@core3.amsl.com>; Tue, 9 Jun 2009 03:02:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.249
X-Spam-Level:
X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7S5x7iYQyZa for <tls@core3.amsl.com>; Tue, 9 Jun 2009 03:02:36 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 727223A67F2 for <TLS@ietf.org>; Tue, 9 Jun 2009 03:02:35 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id n59A2dOQ007040 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Jun 2009 12:02:39 +0200 (MEST)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200906091002.n59A2b5M019183@fs4113.wdf.sap.corp>
To: simon@josefsson.org
Date: Tue, 09 Jun 2009 12:02:37 +0200
In-Reply-To: <87k53lkizg.fsf@mocca.josefsson.org> from "Simon Josefsson" at Jun 9, 9 08:40:35 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: TLS@ietf.org
Subject: Re: [TLS] First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2009 10:02:37 -0000

Simon Josefsson wrote:
> Martin Rex wrote: 
> > The impact on implementations of TLS should be as small as possible.
> > To me, a requirement for a TLS server to precompute hashes over
> > parts of future handshake messages during ServerHello looks like
> > a significant additional burden, and personally, I do not yet see
> > any benefit this might provide.
> 
> Good point, but how would a client know whether a server replaced the
> cached information with a hash or not if there is no signaling whether
> this happened or not?

The client knows which Hash it would find, if the server would sent
the hash, so it could check for that.  Even a collision of the
hash and the original handshake data would not cause a problem
with this "heuristical" determination.

I'm wondering about the following: we should give a strong recommendation
about the minimum size of an object in order for caching to make any
sense at all, like >= 2x the size of the hash.

At least 2x, because the hash appears (at least) twice in a full SSL
handshake (ClientHello and the actual handshake message with the
cached information).

For a SSL session resume, the extension will create an unconditional
burden, because the ClientHello extension would need to be present
in every ClientHello, in order to actually save on the full handshake
in case the server decides to require one (e.g. session expired on
server side).

Maybe the minimum size should be rather 3x hash size, considering
the rest of the protocol overhead.


-Martin

v2.23.0 | Report a Bug | By Email