IETF Logo Mail Archive

Re: [TLS] The case for a single stream of data

Benjamin Kaduk <bkaduk@akamai.com> Tue, 09 May 2017 02:33 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A178128D16 for <tls@ietfa.amsl.com>; Mon, 8 May 2017 19:33:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCCSuxPQnBEC for <tls@ietfa.amsl.com>; Mon, 8 May 2017 19:33:29 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id F120A128BB6 for <tls@ietf.org>; Mon, 8 May 2017 19:33:28 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 3DC0E200029; Tue, 9 May 2017 02:33:28 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 2779A200003; Tue, 9 May 2017 02:33:28 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1494297208; bh=unmgrX/IlCvcxeM6qlFSF1YWuI8UpUTyPaLZuxSqSks=; l=6072; h=To:References:Cc:From:Date:In-Reply-To:From; b=jTUcgzYQYkR0WVBQQMFzW+ghferbkDQH6pgGSdLpvYxlGDpf3xPvE7r/V4mieWxnM i/95UCPIQja+j/MzPnaCbEybdTu5cpGff0jclrC7L0SEQwfqkPoRvXv8M55CU7zB3r UHbU2AGLHMi+lwGjAd5Qob1QZgt2xgzYkEretLfQ=
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id B0C611E0F6; Tue, 9 May 2017 02:33:27 +0000 (GMT)
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Colm MacCárthaigh <colm@allcosts.net>
References: <CAAF6GDfm=voTt_=JrdGtiaYby1JG8ySU2s6myjjpHKeGvi0bMg@mail.gmail.com> <20170506095834.GA4355@LK-Perkele-V2.elisa-laajakaista.fi>
Cc: "tls@ietf.org" <tls@ietf.org>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <8487b6ec-70e9-ef91-1aa8-5d9f9554499e@akamai.com>
Date: Mon, 08 May 2017 21:33:27 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170506095834.GA4355@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/alternative; boundary="------------B9A237F7B482C650D8B2A5D2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xTT8qh91vxWNWLK6DNxRefVCwkk>
Subject: Re: [TLS] The case for a single stream of data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 02:33:30 -0000

On 05/06/2017 04:58 AM, Ilari Liusvaara wrote:
> On Fri, May 05, 2017 at 09:28:07AM -0700, Colm MacCárthaigh wrote:
>> I wanted to start a separate thread on this, just to make some small
>> aspects of replay mitigating clear, because I'd like to make a case for TLS
>> providing a single-stream, which is what people seem to be doing anyway.
> <Snip a long mail>
>
> Couple points:
>
> - AFAIK, the 10 second or so figure in existing spec is a slop margin,
>   which means the replay window would be 20 seconds, not 10.

As the author of that text, I mostly intended it to be the total window,
not the slop margin.  But the main idea was to give an order of
magnitude, i.e., "shorter than minutes".

> - The size of the window depends on clock error margin and transport
>   delay margin. At 1s/day clock error margin, you need 14 second
>   window just from clock error.

Or you can accept full handshakes every couple hours.  Amortized that
may not be bad, if you have lots of connections.  Or you may only have
one connection every day ever, in which case it is noticeable.  It's
pretty situation-dependent.

> - It is not just low-power devices with really bad clocks. I have seen
>   20s per day(!) clock drift on high-power device that doesn't sleep.

Is there a problem with saying that devices with bad clocks talking to
beefy web servers don't get to do 0-RTT?  I don't see a problem with it.

> - So basically, the size of window is tradeoff with number of devices.

Yes.

> - That automatic wait on 0-RTT failure seems just the kind of feature
>   that gets disabled. Furthermore, 10 second idle on connection is
>   going to trigger quite a bit of connection timeouts.

I could believe that people would accept buffering data until the 1-RTT
handshake finishes (combined with rate limiting on the number of
connections with accepted 0-RTT data); I don't think people would accept
"wait the full clock skew allowance", though.

> - There seems to be no consideration how this interacts with 0-RTT
>   exporters (probably applications that accept 0-RTT will then use
>   0-RTT exporters for the entiere connection, and those exporters have
>   seriously weaker properties).
>

Yeah, the 0-RTT exporter feels like a footgun waiting to be used.

-Ben

v2.23.0 | Report a Bug | By Email