Re: [TLS] GREASE and TLS 1.3

2017-01-26 Thread Sean Turner
> On Jan 18, 2017, at 17:49, David Benjamin wrote: > > Do people agree with this plan? Looks like we got general agreement this is a good approach to follow. spt ___ TLS mailing list TLS@ietf.org

Re: [TLS] GREASE and TLS 1.3

2017-01-25 Thread Hubert Kario
On Thursday, 19 January 2017 13:31:31 CET Benjamin Kaduk wrote: > On 01/18/2017 04:49 PM, David Benjamin wrote: > > Do people agree with this plan? > > Yes :) > > > I've left out psk_key_exchange_modes. It would be nice to GREASE that > > too, but it uses u8 rather than u16 values. The natural

Re: [TLS] GREASE and TLS 1.3

2017-01-19 Thread Eric Rescorla
Grease away. On Thu, Jan 19, 2017 at 11:31 AM, Benjamin Kaduk wrote: > On 01/18/2017 04:49 PM, David Benjamin wrote: > > > Do people agree with this plan? > > > Yes :) > > I've left out psk_key_exchange_modes. It would be nice to GREASE that too, > but it uses u8 rather than

Re: [TLS] GREASE and TLS 1.3

2017-01-19 Thread Benjamin Kaduk
On 01/18/2017 04:49 PM, David Benjamin wrote: > > Do people agree with this plan? > Yes :) > I've left out psk_key_exchange_modes. It would be nice to GREASE that > too, but it uses u8 rather than u16 values. The natural generalization > is to reserve 0x?a instead of 0x?a?a. But then we lose 16

Re: [TLS] GREASE and TLS 1.3

2017-01-18 Thread 山本和彦
> That's what we do in Chrome/BoringSSL. We send one fake NamedGroup at the > front of supported_groups and then put it in key_shares with a one-byte > fake KeyShareEntry. > > It costs five bytes total and, having already caught a bug with it, seems > valuable. It ensures that servers are capable

Re: [TLS] GREASE and TLS 1.3

2017-01-18 Thread David Benjamin
On Wed, Jan 18, 2017 at 8:15 PM Martin Thomson wrote: On 19 January 2017 at 14:04, Kazu Yamamoto wrote: > Should we also add grease values for key_share? supported_groups code points should cover that, but if you are asking if we should spend bytes on

Re: [TLS] GREASE and TLS 1.3

2017-01-18 Thread Martin Thomson
On 19 January 2017 at 14:04, Kazu Yamamoto wrote: > Should we also add grease values for key_share? supported_groups code points should cover that, but if you are asking if we should spend bytes on sending shares for bogus groups, that's a question I don't have an opinion on. I

Re: [TLS] GREASE and TLS 1.3

2017-01-18 Thread 山本和彦
Hi David, > I was thinking of making the following changes: > > - Cite TLS 1.3 instead of TLS 1.2. > > - Add some text to use the same code point pattern for TLS 1.3 > signature_algorithms. > > - Add some text to suggest advertising GREASE values in key_shares if > advertised in

[TLS] GREASE and TLS 1.3

2017-01-18 Thread David Benjamin
So, having uploaded draft-ietf-tls-grease-00, I would now like to rewrite large chunks of it. The draft is currently defined for TLS 1.2, but it probably makes sense to order it after TLS 1.3. TLS 1.3 also adds a many new extension points, and we can expect new TLS 1.3 implementations popping up