IETF Logo Mail Archive

Re: [TLS] TLS client puzzles

David Adrian <davadria@umich.edu> Thu, 30 June 2016 23:25 UTC

Return-Path: <davadria@umich.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A62612B04F for <tls@ietfa.amsl.com>; Thu, 30 Jun 2016 16:25:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WqLr9coBAkGr for <tls@ietfa.amsl.com>; Thu, 30 Jun 2016 16:25:21 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1320D12B043 for <tls@ietf.org>; Thu, 30 Jun 2016 16:25:18 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id s66so88204594oif.1 for <tls@ietf.org>; Thu, 30 Jun 2016 16:25:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZdVtWbpvEqJSR1r4A3V2k4D+XLyUNnytGkG8lVNQTU4=; b=LTDG/TbfhRke8tawf4tXi+V7JfyGbKy+xq3fa2PnL3p1g4+PyEw6xtpNddMw8qx5eS H2xHuDoj/F7XkC0jYh03xIJvWCj3kZ2U6J6BWMIwds6+8YSaVnANtiVZMabjVVHaslaR NCh/j1Rpy4jW9KPNn+jpuOeHh+Z7AqSFT/+A4jM61EjlgglrjBwEiu+fvaU7sCS6H4RT rSChz9bCWjIXjVp8jyH1UFmv7KgZ0eWzorO6ILURKAcf4VbT/MXTpOsuz6i6XrlNQhm8 mP/F0FminRFCBSwNngA43BJghRzmfCErXVpNJwnNdEOLcPhgCDd/tuecpePtN69Aq9i9 SWLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZdVtWbpvEqJSR1r4A3V2k4D+XLyUNnytGkG8lVNQTU4=; b=Ry6OBdiBoSRz0AVIQQFtxcFqeuDMZnd2gTKJtZsd9IdZ5GkXYSGYminmOiVTSoNK8j DOEhW0p3WL8Yc2A9k446EygBMthEfSz1QbKa9kJk+nQ/PSYo3tTkTWeRNWfuPOfCj1ng v7MBj0/oC00HuJhoPXO9nMaabEg/IWrwsMIhFSrZ9ItY8u3L+LbTxqqHMQWEzu7byugh UXItlfqBrJ1exwymtliltDuxyX+8SNio4C3w+av554xSJ3e2wThnLVIaoZNhAUOo13cl ckLBk0u6SgonarDqfaAXw/85uGqQL4qQTCRWAE/2T1asKQkIJdy/vIdq9F1yLHS66nRT xdAg==
X-Gm-Message-State: ALyK8tI0ESHIbNV+BqzWxGBWa6prdff1qi/1HN9s986PLXQBqycXdMRtYbd+HvHwF1i/82X5
X-Received: by 10.157.26.87 with SMTP id u23mr10893118otu.169.1467329118075; Thu, 30 Jun 2016 16:25:18 -0700 (PDT)
Received: from mail-oi0-f48.google.com (mail-oi0-f48.google.com. [209.85.218.48]) by smtp.gmail.com with ESMTPSA id h35sm4206597otb.31.2016.06.30.16.25.16 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Jun 2016 16:25:17 -0700 (PDT)
Received: by mail-oi0-f48.google.com with SMTP id u201so88142604oie.0 for <tls@ietf.org>; Thu, 30 Jun 2016 16:25:16 -0700 (PDT)
X-Received: by 10.157.4.130 with SMTP id 2mr12050376otm.122.1467329116683; Thu, 30 Jun 2016 16:25:16 -0700 (PDT)
MIME-Version: 1.0
References: <CALW8-7Kv01Dw3YBiW20SBEScWqkup53xpCjy8834PpLDkgb4cg@mail.gmail.com> <CAFewVt4uUA-3X3M-ZmREo81p+MZp+72g9CX1d1Z7bK8G8AL9Vg@mail.gmail.com>
In-Reply-To: <CAFewVt4uUA-3X3M-ZmREo81p+MZp+72g9CX1d1Z7bK8G8AL9Vg@mail.gmail.com>
From: David Adrian <davadria@umich.edu>
Date: Thu, 30 Jun 2016 23:25:06 +0000
X-Gmail-Original-Message-ID: <CACf5n7-DbeicsBd-8u_ouDH0NMK4PmM_728-Dpa3dGU+_Rkn7g@mail.gmail.com>
Message-ID: <CACf5n7-DbeicsBd-8u_ouDH0NMK4PmM_728-Dpa3dGU+_Rkn7g@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>, Dmitry Khovratovich <khovratovich@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c09e008c4c6dd0536872e0d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ylGuOFRlTAo09aiW8M6L248mi6g>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS client puzzles
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 23:25:24 -0000

On Wed, Jun 29, 2016 at 12:25 PM Brian Smith <brian@briansmith.org> wrote:

> Dmitry Khovratovich <khovratovich@gmail.com> wrote:
> > It allows cheap and memoryless verification by the server even though the
> > puzzle solving guaranteely requires dozens of MB of RAM from a client
>
> I feel like this is impractical simply because lots of people are
> building HTTPS clients that don't even have dozens of MB of RAM total.
> I think we should avoid doing anything that requires the client to
> have more than ~16KB of memory total to devote to TLS stuff.
> Otherwise, we force the internet to have an architecture where all
> small devices require a smart proxy to solve these puzzles for them
> and do other things.
>
>
I have to second Brian's opinion---it's difficult enough to get embedded
devices to use HTTPS already. Requiring dozens of megabytes of memory will
make HTTPS impossible for these devices in many cases.


> Cheers,
> Brian
> --
> https://briansmith.org/
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email