[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Comments on TLS identity protection

To: badra <badra@xxxxxxxx>
Subject: Re: [TLS] Comments on TLS identity protection
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Dec 2006 08:08:08 -0800
Cc: tls@xxxxxxxx
In-reply-to: <458959A2.8020309@xxxxxxxx> (badra@xxxxxxxx's message of "Wed, 20 Dec 2006 16:41:22 +0100")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F24038FD72F@xxxxxxxxxxxxxxxxxxxxxx> <458959A2.8020309@xxxxxxxx>
Reply-to: EKR <ekr@xxxxxxxxxxxxxxxxxxxx>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

badra <badra@xxxxxxxx> writes:
> Pasi.Eronen@xxxxxxxxx a écrit :
>> The fact that anybody can
>> connect at any time does not automatically imply that lots of people
>> are connecting all the time! (And in particular, lots of people
>> without client certificates connecting all the time to servers that
>> always require client
>> authentication, and without malicious intent to DoS the server.)
>>
> But the "anybody" that can connect at any time will be able to
> establish several "double handshake" in parallel; especially when TLS
> is used over EAP or UDP (I don't have data but maybe Eric).
>
> My point is that double handshake will increase complexity and will
> not help in reducing TLS server overload factor, especially when
> legitimate clients that don't have certificates are trying to
> connect. Their number is not actually important.

Wait, there are two issues here:

1. General server load in the absence of malicious behavior.
   As Pasi points out, there's no evidence that the double
   handshake technique is widely enough used to cause this
   to be a problem.

2. Enabling DoS attacks. There are lots of ways to DoS a
   TLS server, and since this only doubles server load, 
   I don't think it's much of an amplifier.

>>>> (at least sufficiently to spend the $$$ for designing,
>>>> implementing,  testing, deploying, etc. a new mechanism).
>>>>
>>> How much :). The proposed changes are minimal.
>>>
>>
>> To get widespread deployment, several TLS implementations would have
>> to be updated, e.g. Microsoft Schannel, OpenSSL, Mozilla NSS, JSSE,
>> GnuTLS, etc. Getting any change, no matter how "minimal", to them is
>> not easy.
>>
>
> I don't see the point here. Any TLS feature will require updating TLS
> implementations.

Right, which is why it's a good idea to avoid making changes unless
we have to.

-Ekr

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Comments on TLS identity protection
  - From: badra

References:
- RE: [TLS] Comments on TLS identity protection
  - From: Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection
  - From: badra

Prev by Date: Re: [TLS] Comments on TLS identity protection
Next by Date: Re: [TLS] Comments on TLS identity protection
Previous by thread: Re: [TLS] Comments on TLS identity protection
Next by thread: Re: [TLS] Comments on TLS identity protection
Index(es):
- Date
- Thread