Re: [TLS] Negotiating with known_configuration
Dave Garrett <davemgarrett@gmail.com> Tue, 21 July 2015 16:05 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE911A8BBF for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 09:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRGRuOWUDSlK for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 09:05:38 -0700 (PDT)
Received: from mail-yk0-x233.google.com (mail-yk0-x233.google.com [IPv6:2607:f8b0:4002:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC531A88BC for <tls@ietf.org>; Tue, 21 Jul 2015 09:05:38 -0700 (PDT)
Received: by ykay190 with SMTP id y190so169465430yka.3 for <tls@ietf.org>; Tue, 21 Jul 2015 09:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; bh=DRcWoAaIwzD8F8P03c2ryzXkvrh/stFstieWJjjnF5A=; b=y1vJQ7IZ/q4RywuvPYVM2rmH2eVFT0Gy7j1tzpqd8RF74wl9uTZ7imRrauws4No3PV 5okMzqOga46q1Ea6fslbNq4EJHY92JlmPom61O0kD+zitR2VmjpfbSmGBFXi+zP8RF+D vyFcRxs1Yglmy97t2Krzx8fnt8eY/JLRvk7Ea4kHRKW4Yp/dSFZBpF5/W/Hns2P4Ti8H 56Vo/S2UFjSQM1/ejOLhRe1HBojLv9Ymkl04d94tMNn7+fS2XEZlb9AorFSWPVc8UFAj 4FtHQLlRziHj9Nzuy7ZG1q6wgtmq++C/YTA3SGHhMbh6sJsvt/Yzm/Mp3RSthgvfOiqW Jv2w==
X-Received: by 10.170.150.7 with SMTP id r7mr34467311ykc.48.1437494738118; Tue, 21 Jul 2015 09:05:38 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by smtp.gmail.com with ESMTPSA id i130sm23589324ywe.28.2015.07.21.09.05.37 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 21 Jul 2015 09:05:37 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Eric Rescorla <ekr@rtfm.com>
Date: Tue, 21 Jul 2015 12:05:36 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBOEUuVKHYRs5+DY6h8vcQ9uLWW9SXzN=VH=ovHbnEK0AA@mail.gmail.com>
In-Reply-To: <CABcZeBOEUuVKHYRs5+DY6h8vcQ9uLWW9SXzN=VH=ovHbnEK0AA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201507211205.36675.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xZT_QIOlsI2GOWXwIJsXOPb8QeI>
Subject: Re: [TLS] Negotiating with known_configuration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 16:05:40 -0000
On Tuesday, July 21, 2015 07:04:14 am Eric Rescorla wrote:
> struct {
> select (Role) {
> case client:
> opaque identifier<0..2^16-1>;
> CipherSuite cipher_suite; // NEW
> Extension extensions<0..2^16-1>; // NEW
>
> case server:
> struct {};
> }
> } KnownConfigurationExtension
>
> The server would just need one configuration for each public key and
> woudldn't need to have any client-specific state. It also has the
> benefit that it makes PSK work with 0-RTT.
>
> Thoughts? Improvements?
A simple suggested improvement: name the fields clearly to indicate what they are.
e.g.
opaque server_configuration_identifier<0..2^16-1>;
CipherSuite early_data_cipher_suite;
Extension cached_server_extensions<0..2^16-1>;
Use this same ID field name in ServerConfiguration.
Also, why is this ID allowed to be so big? It's extreme overkill now that it's down to one config per pub key, with nothing client specific. It doesn't need a string with a 16-bit length; it barely needs a single 16-bit integer.
Dave
- [TLS] Negotiating with known_configuration Eric Rescorla
- Re: [TLS] Negotiating with known_configuration Martin Thomson
- Re: [TLS] Negotiating with known_configuration Eric Rescorla
- Re: [TLS] Negotiating with known_configuration Martin Thomson
- Re: [TLS] Negotiating with known_configuration Eric Rescorla
- Re: [TLS] Negotiating with known_configuration Ilari Liusvaara
- Re: [TLS] Negotiating with known_configuration Eric Rescorla
- Re: [TLS] Negotiating with known_configuration Ilari Liusvaara
- Re: [TLS] Negotiating with known_configuration Martin Thomson
- Re: [TLS] Negotiating with known_configuration Ilari Liusvaara
- Re: [TLS] Negotiating with known_configuration Eric Rescorla
- Re: [TLS] Negotiating with known_configuration Ilari Liusvaara
- Re: [TLS] Negotiating with known_configuration Martin Thomson
- Re: [TLS] Negotiating with known_configuration Dave Garrett
- Re: [TLS] Negotiating with known_configuration Eric Rescorla