> This demonstrates a very common misconception about TCP. I know that some > implementation choke if the TLS ClientHello spans multiple TCP segments such > that it requires multiple reads. David Benjamin has written about this > several times. It's rare though and a bad basis to make decisions on.
TCP fast open data cannot span multiple TCP segments. -----Original Message----- From: Martin Thomson <m...@lowentropy.net> Sent: Tuesday, August 13, 2024 8:37 AM To: tls@ietf.org Subject: [TLS]Re: Meta deploying -hybrid-design On Mon, Aug 12, 2024, at 17:49, Deirdre Connolly wrote: >> In the future, an increase in MTU, or utilizing QUIC, which allows for >> multiple initial packets, may allow for larger ClientHellos without an >> additional round trip. This demonstrates a very common misconception about TCP. I know that some implementation choke if the TLS ClientHello spans multiple TCP segments such that it requires multiple reads. David Benjamin has written about this several times. It's rare though and a bad basis to make decisions on. >> To address this, we had the client split each service into different TLS >> session scopes – one using classical key exchange, and one using hybrid key >> exchange. Each session scope thus uses only one named group each, avoiding >> the keyshare thrashing behavior described above. The tradeoff is space >> consumption due to having to store more session tickets, but this has been >> acceptable given the small size of each session ticket (a few hundred bytes). This smells proprietary. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
