GnuTLS was using an all-zero key for encrypting TLS session tickets. Whoops.
Conversation
Replying to
FFS can we just deprecate session resumption already? It's not worth the risks.
1
2
26
Thankfully either side (client or server) can unilaterally refuse to use it, so there are lots of paths to push for deprecation.
1
1
2
TLS 1.3 already goes a long way towards that and most people aren't trying to use 0-RTT. There will be even less reason to care about it with QUIC since it puts the TLS handshake into the equivalent of the TCP handshake as long as the certificates aren't too bloated.
2
1
With QUIC, if you don't use bloated certificates, you don't need any extra round trip for TLS anyway without needing the scary 0-RTT feature. 0-RTT is pretty fucking sketchy by the way. It would be safe to use with HTTP GET with how I implement services but not the way most do...
1
1
I'm really not interested in hearing about Google's goofy attempt to replace standard protocols for the sake of making hideously bloated websites less disincentivized by bad ux.
1
1
QUIC refers to the IETF protocol. Google's proof of concept protocol is referred to as gQUIC now. HTTP/3 is essentially HTTP/2 over QUIC with minor changes to deal with running on top of a multiplexed protocol. It won't be any less standard than other protocols.
Real-time applications like voice / video calls, gaming, etc. use custom protocols implemented on top of UDP. WebRTC uses SCTP-over-DTLS-over-UDP. QUIC is similar concept. WebRTC will move to using QUIC and most custom protocols implemented via UDP will be able to move to it.
1
IETF wanted QUIC to be separate from HTTP/3 because it's useful for other things. That's why they're standardizing it separately. It's not Google's protocol anymore. It has been heavily changed including dropping their much more minimal replacement for TLS and just using TLS 1.3.
1
Show replies