Re: [TLS] (draft) WG adoption call: draft-bmoeller-tls-falsestart
Brian Smith <brian@briansmith.org> Wed, 01 April 2015 02:33 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE701A066C for <tls@ietfa.amsl.com>; Tue, 31 Mar 2015 19:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_2EYJ9fNOtp for <tls@ietfa.amsl.com>; Tue, 31 Mar 2015 19:33:38 -0700 (PDT)
Received: from mail-ob0-f179.google.com (mail-ob0-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16F5A1A00E5 for <tls@ietf.org>; Tue, 31 Mar 2015 19:33:38 -0700 (PDT)
Received: by obvd1 with SMTP id d1so58186842obv.0 for <tls@ietf.org>; Tue, 31 Mar 2015 19:33:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Q4stnLKNQ3ivl4grI+8tv/E7tHBF1aEvKI5gsRTPhgU=; b=IL8jUXS89Z33UBY5NLO80ORNDciW+d+YL/UJfPITvb51wZqw/EJ9dDjGFoiU/j3M1H 2d5n5EfQrhW1ApxwRtIOvTpIB49PYDqlSlcTROUZkiWSUTyGBnYinGoGQbbKCyZqd+oC Aik/lriGcw2BkNcQjI9iNWLzOfZjhjA7EyrgOSDnCZGwBtozNyBbW3U5M1Pa/rNw3UIV qBWuvRQeiHu/aNY7a7ymTTECoL3EH1HRr+oDX9w+N5IKQ9CCg8fL6peWbAPBpxyv+Nfg t/OKPHIgzev2KK4PJDxbUNNS61epD3zkrJo0DaLMT690TfXSIVZIm75wCuYO7KPCpyOy JLuQ==
X-Gm-Message-State: ALoCoQlN4N80WNDvog+Uvumoimpwmc7D00JZIGdPtHVOkHFLFUpLXb6zgDUoIxdmrXHPRAMo6ChA
MIME-Version: 1.0
X-Received: by 10.60.35.102 with SMTP id g6mr37562310oej.7.1427855617438; Tue, 31 Mar 2015 19:33:37 -0700 (PDT)
Received: by 10.76.20.146 with HTTP; Tue, 31 Mar 2015 19:33:37 -0700 (PDT)
In-Reply-To: <813475A8-DC71-42BA-A27E-DF11B0155FD1@ieca.com>
References: <813475A8-DC71-42BA-A27E-DF11B0155FD1@ieca.com>
Date: Tue, 31 Mar 2015 16:33:37 -1000
Message-ID: <CAFewVt4fEnNsJSrHWjT-NqPR4x3v-_=gib3a9KWR2YJC6-0v8Q@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wfuPCW4U8eDpAgW4w0PVu1FmEbo>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] (draft) WG adoption call: draft-bmoeller-tls-falsestart
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 02:33:39 -0000
Sean Turner <turners@ieca.com> wrote: > There’s been some interested expressed in having http://datatracker.ietf.org/doc/draft-bmoeller-tls-falsestart/ adopted as a TLS WG item. If you would like for this draft to become a WG document, and you are willing to review drafts as it moves through the process please indicate as much on this thread. If you are opposed to this being a WG document, please say so (and say why). Thanks in advance. I support adopting a new version of this draft that has made the following changes: 1. The server-side False Start section is removed. I don't think it has received enough scrutiny and it isn't worth the working group's time to study and/or fix it. 2. The reference to TLS_FALLBACK_SCSV is removed and replaced with a requirement that False Start is to be done only for TLS 1.2--not earlier versions, and not later versions. As of Firefox 36, Firefox only does false start for TLS 1.2 [1][2][3]. Google Chrome will be doing similar soon [2], AFAICT for similar reasons to Firefox. 3. The text about doing False Start when sending client certificates is removed. Not only is it not worthwhile as a performance optimization, the whole idea of sending the client certificate in the clear at all is a terrible idea that shouldn't be encouraged. (Firefox has never done False Start when it sends a client certificate; I am not sure about other implementations.) 4. The references to (FF-)DHE key exchange being acceptable for False Start are removed. Although it may be possible to safely implement False start for FF-DHE, the current draft isn't a good starting point for specifying how that might be done. It's better to remove the references until an adequate description of doing False Start for FF-DHE key exchange is available, if ever. I believe we would save a lot of time if we adopted a draft that incorporates these changes, instead of adopting the current draft and then attempting to make these changes within the WG process. In particular, these changes usefully reduce the scope to what is generally understood to be safe and useful. Cheers, Brian [1] https://bugzilla.mozilla.org/show_bug.cgi?id=861310 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=952863 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 [4] https://code.google.com/p/chromium/issues/detail?id=427721
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Salz, Rich
- [TLS] (draft) WG adoption call: draft-bmoeller-tl… Sean Turner
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Sean Turner
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Paul Hoffman
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Andrei Popov
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Martin Thomson
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Daniel Kahn Gillmor
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Brian Smith
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Hannes Tschofenig
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Martin Thomson
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Brian Smith
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Bodo Moeller
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Sean Turner
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Bodo Moeller
- Re: [TLS] (draft) WG adoption call: draft-bmoelle… Sean Turner