Re: [TLS] record layer limits of TLS1.3
Judson Wilson <wilson.judson@gmail.com> Wed, 23 November 2016 08:39 UTC
Return-Path: <wilson.judson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 792AE129635 for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:39:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaHGIPkVFl_D for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 00:39:05 -0800 (PST)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4A0D129634 for <tls@ietf.org>; Wed, 23 Nov 2016 00:39:04 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id g23so66771521wme.1 for <tls@ietf.org>; Wed, 23 Nov 2016 00:39:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JYPuv1ZXRcFeDl6s8w8Z4SW7ueXTw6PxNl3Txo4ZD4E=; b=T2fW5okYSUwEcrDHeQCpJ+29bZ1Md1HgxuOYPSM4kGYQo8G1WXznhHuL3PUp97/pRl dLNJi7vicFkwI9jTfVKXuaAVUYrNL4Lv7ULDmf5MTfBaEHUielT2SLabPYNnSUw3fBs9 8Yrc0bNZp8bb0bnRtlcpXbK7TanJ+LcBAErHohAXEEhbvShKMwz4LFu3bCwdBgDNCrFG BioLLKJ0cy1UkG9I4STQdIrnwfbh2WPAJXXUUWltnz0xjrbLOKo8LcfLS2+AVrseItV+ en8nCLyNKoYaTO/Ew/hefExMSES7EaZNCfqyJwzUngCIK8ZRTpB59fBMIYu8RG91cV9R x3+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JYPuv1ZXRcFeDl6s8w8Z4SW7ueXTw6PxNl3Txo4ZD4E=; b=Frr4q67QsILQ0ark+dXmA15fIbZZBZd3svg3JcR+mhckaFXZP0RwbP9n7tZHgx1LS6 cHUV3543PJUOtf/sQj6ec+YhyhWVcQAYcduH9OPaZB4W+YlKOz9/w0zjlbAe8/87SNRF yqsBlKehDDdPHsEtGh8AVjH4c7Th7gkuylXlnIWg0KmPuUvfUq2KTWBzX7eCybHFY+4/ UQlIpr4W723wu3FBWFDR3ha0cfK5ZG7J3vlrjYlEz+jxrezgXUdl5+AH3w7p1wbw0ujw poFE6i+pKI4QXsmiRNrFAOMJNISn5Yu21EFXNiurNiw/xQ5yZTwOCVvUissfwAILyZit cx3A==
X-Gm-Message-State: AKaTC03t7VzPIH0BopN1LFeseklAW7ZNjjvuPcIFfgUbCvVglPUvR+NQmQvefGuC36nZdcX8JRVCIQDg836uKg==
X-Received: by 10.28.175.204 with SMTP id y195mr2281076wme.106.1479890343061; Wed, 23 Nov 2016 00:39:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.168.133 with HTTP; Wed, 23 Nov 2016 00:39:02 -0800 (PST)
In-Reply-To: <1479889806.2563.15.camel@redhat.com>
References: <1479884799.2563.3.camel@redhat.com> <B9F508E0-76F0-4252-AA24-38E3205F8BA9@gmail.com> <1479889806.2563.15.camel@redhat.com>
From: Judson Wilson <wilson.judson@gmail.com>
Date: Wed, 23 Nov 2016 00:39:02 -0800
Message-ID: <CAB=4g8+-2vZZ5qL6RfiKA73hHWxFV_QBQx_U7KZxZwGW=dO=oQ@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: multipart/alternative; boundary="001a11443834346d8f0541f3d2ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vYRwRsEkj_QFHZ1d99pV0-010JI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] record layer limits of TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 08:39:06 -0000
Can you send multiple records in one data transfer to achieve whatever gains are desired? On Wed, Nov 23, 2016 at 12:30 AM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > On Wed, 2016-11-23 at 10:05 +0200, Yoav Nir wrote: > > Hi, Nikos > > > > On 23 Nov 2016, at 9:06, Nikos Mavrogiannopoulos <nmav@redhat.com> > > wrote: > > > > > > > > Hi, > > > Up to the current draft of TLS1.3 the record layer is restricted > > > to > > > sending 2^14 or less. Is the 2^14 number something we want to > > > preserve? > > > 16kb used to be a lot, but today if one wants to do fast data > > > transfers > > > most likely he would prefer to use larger blocks. Given that the > > > length > > > field allows for sizes up to 2^16, shouldn't the draft allow for > > > 2^16- > > > 1024 as maximum? > > > > I am not opposed to this, but looking at real browsers and servers, > > we see that they tend to set the size of records to fit IP packets. > > IP packets can carry up to 64kb of data. I believe you may be referring > to ethernet MTU sizes. That to my understanding is a way to reduce > latency in contrast to cpu costs. An increase to packet size targets > bandwidth rather than latency (speed). > > > The gains from increasing the size of records from the ~1460 bytes > > that fit in a packet to nearly 64KB are not all that great, and the > > gains from increasing records from 16 KB to 64KB are almost > > negligible. At that size the block encryption dominates the CPU time. > > Do you have measurements to support that? I'm quite surprized by such a > general statement because packetization itself is a non-negligible cost > especially when encryption is fast (i.e., in most modern CPUs with > dedicated instructions). > > regards, > Nikos > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Judson Wilson
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] record layer limits of TLS1.3 Michael Tuexen
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Watson Ladd
- Re: [TLS] record layer limits of TLS1.3 Hubert Kario
- Re: [TLS] record layer limits of TLS1.3 Yoav Nir
- Re: [TLS] record layer limits of TLS1.3 Vlad Krasnov
- Re: [TLS] record layer limits of TLS1.3 Jeremy Harris
- Re: [TLS] record layer limits of TLS1.3 Benjamin Kaduk