[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted

To: tls@xxxxxxxx
Subject: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
From: "Michael D'Errico" <mike-list@xxxxxxxxx>
Date: Tue, 02 Feb 2010 07:52:56 -0800
Delivered-to: tls@xxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=a0K9ssHozB5g gKYu93cVtOt5IDU=; b=vw/cZNih3K+0Fow4abVzZMHnwz59JSRV+4fDHAy/Ptm/ sLbvCLsIHwLCR04z8IwAYwZ09F3aO4rKuMD8LU3wYeZ1H2O+At5RvKDbzRaEiFF3 hdITnbv2QLN6cUenzzsxHLJW2xfl3x71mfRe/tCkefeYTZ+2046SHlz7bqwp5So=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=Mh6wY2 edV+ICS9gOWHHXQKn2PPJqXeiAWK9LilfyPEF3WNFohzRc2QrCkGZgXsiRtXt3LC UL9BGj0ue3I25FMcctCquHimWlVVEqZOHc/YeCwgUXjq9PjLa94EPVTpJqgnmUoo SPk33dWjr1MUiubmEhCtQKkKx8st9dS+jK3Xw=
In-reply-to: <a84d7bc61002020545n4a29f141na182b463d1de7ece@xxxxxxxxxxxxxx>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <> <a84d7bc61002020545n4a29f141na182b463d1de7ece@xxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Adam Langley wrote:

On Tue, Feb 2, 2010 at 3:50 AM, Brian Smith <brian@xxxxxxxxxxxxxx> wrote:

But, if the client already knows the certificate, then it
already knows the server's public key. Consequently, it is wasteful for the
client NOT to send the ClientKeyExchange along with the client hello.


Given a client-speaks-first protocol like HTTP (which I happen to be
mostly concerned with), this could cut the full handshake from two to
one round trips.

However, there's a much easier way of doing this: cut through mode. In
this scheme the client starts sending application data records without
waiting for the server's Finished message so long as the ciphersuite
is sufficiently strong. Android already does this.


I'm not a cryptographer, but it seems to me that sending data over
the connection before it is validated is a very bad idea.  On my
test server, people have established connections in less than 40 ms
using a full handshake.  Most handshakes from around the world
complete in less than half a second.  Don't get too carried away
trying to optimize this, especially if you're not able to maintain
the security guarantees.

Mike
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
  - From: Brian Smith

References:
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
  - From: Brian Smith
- Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
  - From: Adam Langley

Prev by Date: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
Next by Date: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
Previous by thread: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
Next by thread: Re: [TLS] draft-ietf-tls-cached-info-02 / New "Fast-Track" draft posted
Index(es):
- Date
- Thread