Re: [TLS] Cached Info extension - Draft 01

To: stefan at aaa-sec.com (Stefan Santesson)
Subject: Re: [TLS] Cached Info extension - Draft 01
From: Martin Rex <Martin.Rex at sap.com>
Date: Thu, 2 Jul 2009 00:01:05 +0200 (MEST)
Cc: simon at josefsson.org, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <C670849E.2E64%stefan at aaa-sec.com> from "Stefan Santesson" at Jul 1, 9 03:12:30 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Stefan Santesson wrote:
> 
> I might be missing something, but I'm not sure I get the problem.

I'll try to elaborate on my idea, inspired by Simons "mild problem".

The scheme of the current proposal, when and how does a client learn
that a server supports caching (and for which handshake data), and
what hash algorithm the server supports looks mildly awkward and
requires guessing, i.e. trial-and-error.

We could improve the entire proposal in the following fashion:

ClientHelloExtension:  allow&recommend the client to send the extension
without actual hash values on first connect to a server.

ServerHelloExtension:  have the server indicate for which handshake
data it supports caching in principle, and with which hash algorithm

With this scheme, the client can learn even before creating cache
entries whether the server supports caching of that handshake data
at all--or wether it will be entirely pointless to cache such data
and announce hashes for it in future requests to the same server.

And the client can also learn which hash algorithm the server supports
before creating actually receiving the data for the first time and
creating the cache entry, so it will be unnecessary for the client
to ever use more than one hash algorithm to compute a hash value
for cached data.

A client may decide to create negative cache entries for a server,
so that it will not bother asking the server (through ClientHelloExtension)
for caching support for a certain amount of time (like an hour)
during successive requests.  Such an approach will cut down on
client side cache size and handshake network bandwidth.

The current optimistic/probabilistic approach of the client trying to
cache first and then propose to use it can and should be avoided.
There can be situations where making assumptions and trial-and-error
about server features might be OK or even necessary, but IMHO, this
tls caching extension does not seem to be a situation where such
an approach is adequate.

Btw. we are defining a caching mechanism here, so there should be
a small amount of guidance on cache management.  The above idea
should facilitate cache management somewhat.

-Martin

References:
- Re: [TLS] Cached Info extension - Draft 01
  - From: Stefan Santesson

Prev by Date: Re: [TLS] Cached Info extension - Draft 01
Next by Date: Re: [TLS] Cached Info extension - Draft 01
Previous by thread: Re: [TLS] Cached Info extension - Draft 01
Next by thread: [TLS] clarifications on TLS extension "Certificate Status Request"
Index(es):
- Date
- Thread

Re: [TLS] Cached Info extension - Draft 01

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.