💾 Archived View for rawtext.club › ~sloum › geminilist › 001903.gmi captured on 2020-09-24 at 01:34:05. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Thu Jun 25 16:49:20 BST 2020
- - - - - - - - - - - - - - - - - - -
On Wed, Jun 24, 2020 at 05:36:24PM -0700, Matt Brubeck wrote:
Has anyone implemented a Gemini client and/or server with support for
0-RTT data?
To the best of my knowledge, no. I don't think anybody has writtenanything supporting session resumption, either.
It's very true that the combination of TLS andone-request-per-connection is a bad combination for latency (although,for what it's worth, I still think the user experience is prettyacceptable even now, and much better than the web). As for "how bad"this is, and whether or not it's a good motivation (as alluded to inother threads) for dropping TLS, it should be noted that, today, we aresurely seeing almost the worst possible cases for this. Nobody is usingstuff like 0-RTT data, nobody is using session resumption, and mostpeople are using Let's Encrypt certificate chains which are three certslong, and each one uses big RSA keys. We can and should try to dobetter in this regard.
Any thoughts on which requests can safely use it? (For
example, would it be reasonable to allow early data for all requests
that don't use a client certificate?)
In combination with the idea I've proposed previously that any requestwith non-reversible non-trivial consequences should require a clientcertificate, that would seem, at first glance, a pretty sensibleresponse to the threat of replay attacks.
Regarding TLS session resumption, there is the issue to consider ofso-called "prolongation attacks":
https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf
whereby TLS session information which roundtrips from the server toclient and back can be used (as can *any* information which roundtripsin this way) for tracking. This could be mitigated easily withclient-side policies on maximum session duration, but would be somethingfor implementers to be wary of.
Cheers,Solderpunk