On Sat, Oct 7, 2017 at 2:57 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Fri, Oct 06, 2017 at 01:16:37PM -0700, Eric Rescorla wrote: > > Hi folks, > > > > In Prague I mentioned that we were seeing evidence of increased > > failures with TLS 1.3 which we believed were due to middleboxes. In > > the meantime, several of us have done experiments on this, and I > > wanted to provide an update. > > > > The high-order bit is that *negotiating* TLS 1.3 seems to cause > > increased failures with a variety of middleboxes (it’s generally safe > > to offer TLS 1.3 to servers which don’t support it). The measured > > incremental error rates vary quite a bit, ranging from minimal > > (Facebook) to ~1.5% (Firefox) and ~3.4% (Chrome). Each of us is using > > a slightly different methodology (organic versus forced traffic) and > > different populations (mobile, desktop, enterprise, etc), but it does > > seem like there is a nontrivial failure rate. At this point, we have > > two options: > > > > - Fall back to TLS 1.2 (as we have unfortunately done for previous > releases) > > - Try to make small adaptations to TLS 1.3 to make it work better with > > middleboxes. > > What you think is acceptable failure rate? That is, if we can't get > the rate below that, don't bother with adaptation? > I'm not precisely sure. I think it would depend on the client profile, but at this existing rate, Firefox, at least, would have to do fallback. That's what Firefox Beta currently does. > > The Chrome team has been working on angle #2 and has been having > > success with an approach of trying to make TLS 1.3 connections look > > more like TLS 1.2. Their current experiments get them down to about 1% > > incremental failures and they are currently measuring some changes > > they hope will shave that down more. These changes are a bit annoying > > but basically superficial; they do not affect the cryptography. > > > > Separately, Firefox and Facebook have been experimenting with the new > > content type described in PR#1051 (Google’s and Facebook’s results > > conflict, so this is a bit of a mystery). We hope to have results from > > both sets of experiments by end of October, at which point we should > > be able to discuss the best way forward as a group. > > Has there been attempts at figuring out what exactly the middleboxes > are intolerant to? Yes, there has been some of that, but mostly by the Google team and I don't want to speak for them. Best, -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls