Hacker News new | past | comments | ask | show | jobs | submit login
Deploying TLS 1.3: the great, the good and the bad [video] (ccc.de)
78 points by jgrahamc on Jan 4, 2017 | hide | past | favorite | 6 comments

Hi, co-speaker here.

Please feel free to ask any questions you have here, or by emailing tls13 at cloudflare.

The slide deck is at https://speakerdeck.com/filosottile/tls-1-dot-3-at-33c3 (but it's not really made for standalone consumption).

Do you know of 0-RTT implementation efforts on reverse proxies, say, nginx?

Let's say I run a static website and I'm 100% sure unauthenticated GET won't break anything, is there anything special I need to do or is it going to be "enable this flag"?

Another question: Can I set 0-RTT per vhost (sni) or do I need dedicated 0-RTT IPs?

There is no 0-RTT implementation in servers that I know of, except our internal one at Cloudflare, which currently waits for the Finished confirmation until we decide on a policy.

The following two questions are of course implementation-specific, but there is nothing in the protocol blocking a "just do 0-RTT" flag or vhost configs.

I have one question.

What prevents a Sufficiently Incompetent Implementer from manually ignoring all known GREASE values, while still doing something crazy otherwise?

Ultimately we can't do anything about a server that is near-maliciously determined to be wrong. The hope is we can at least defend against some of the common genuine mistakes at fairly low cost.

The implementer that tries to special-case GREASE values must have first hit an interop problem and thus had a second or third opportunity to think about it. I would hope, at that point, they realize they're meant to ignore unknown ones!

I'm a bit late, but it was a great talk and TLS 1.3 is looking nice.

I'm not sure who was the first to propose 0-RTT like this, but it appears that both MinimaLT and QUIC did at about the same time.

TLS 1.3 does nothing to improve TCP deficiencies, but there are alternatives that does, including QUIC. What I can't quite tell is how the the two combine, if at all. Does a QUIC connection mean that TLS 1.3 doesn't apply/is redundant?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact