Re: crypto/tls and TLS 1.3

[Brad Fitzpatrick]

If the plan is to merge TLS 1.3 support into Go 1.9, I think a branch is probably a good option.

I'd rather see things incrementally reviewed than see a massive dump in one CL in February.

Adam?

On Mon, Oct 31, 2016 at 1:40 PM, Filippo Valsorda <m...@filippo.io> wrote:

Hello,

At Cloudflare we recently rolled out an experimental server
implementation of TLS 1.3. I’m happy to report that it’s powered by Go
and crypto/tls!

The current state of the code is messy because it is meant to support
multiple version of the TLS 1.3 draft, but the draft has now pretty much
stabilized. Over the next month I plan to work full-time to get it to
upstream-able quality, rebasing on the latest changes and looking at the
BoringSSL test stack where appropriate.

At the end of November, Cloudflare will contract a well known security
consultancy to audit that codebase. (Sorry about the marketing-speak,
haven’t checked if I’m allowed to name them yet.)

I’m writing this because clearly the schedule is not compatible with the
Go 1.8 merge window (nor arguably should it be, since the spec is
technically not final). However I’d rather not see the effort and audit
benefit only Cloudflare due to substantial changes to the codebase in
the upstreaming process.

I’m not sure what the optimal solution might be here. Options include
packing the changes into a couple CL to get early feedback, merging
incrementally in a branch, or just accepting that the audit will fall
short of covering the standard library implementation.

Looking forward to your thoughts.

Thank you,
Filippo
Cloudflare

[Filippo Valsorda]

[Adam Langley]

The Go 1.9 freeze is expected in May 2017. Since Go has such strong compatibility rules, it generally trails deployment by a little way and May next year seems like an aggressive timetable for supporting 1.3 (which may not even have an RFC by then). Go 1.10 seems more likely.

Since the changes to crypto/tls are likely to be substantial, working incrementally on a branch does seem like the best idea. (I hope that we can create a branch on go.googlesource.com so that we can use Gerrit.)

Cheers

AGL  

[Filippo Valsorda]

2016-11-02 09:51 GMT-0700 Adam Langley <a...@golang.org>:

Since the changes to crypto/tls are likely to be substantial, working incrementally on a branch does seem like the best idea. (I hope that we can create a branch on go.googlesource.com so that we can use Gerrit.)

Excellent. Who should I work with to get the branch opened?

[Russ Cox]

We can create the branch whenever it's time to start working. Who will be the main reviewer? Adam I assume? When do you want it? Now, or wait until Go 1.8 is cut? (I don't anticipate significant changes to the tree between those two, so it may not matter much.)

Thanks.

Russ

[Filippo Valsorda]

2016-11-10 12:07 GMT-0500 Russ Cox <r...@golang.org>:

Who will be the main reviewer? Adam I assume?

Yeah, I'd assume Adam.

When do you want it? Now, or wait until Go 1.8 is cut?

I have at least a couple incremental CLs that I'm ready to get out there, so I'd rather open it now than later.

Thank you!

[Russ Cox]

OK, dev.tls exists.

Russ

[kr...@cloudflare.com]

Hi,

I would like to ask what's the status of TLS 1.3 development as well as volunteer and help in pushing TLS v1.3 upstream, if there is an intrest. It definitelly is intresting for us here at Cloudflare.

I've found the dev.tls branch with pull requests created. After reading this thread I presume this implementation is based on tls-tris. Can you let me know if there is still a plan to merge those pull requests?

I was actually planning to start rebasing those PRs as I can see there are some merge conflicts. Can you let me know if it makes sense doing it at the moment?

Also I've added client authentication to tls-tris. My current plan is to add PR on top of dev.tls branch, which should be done somewhere this week.

I'm aware that there are missing pieces in tls-tris, which implements currently draft-22. I was hopping to add them gradually.

Please let me know what are your thoughts.

Kind regards,
-- Kris

[Filippo Valsorda]

Hi Kris!

Happy to hear there's resources on the Cloudflare side to help us merge this upstream.

The key scheduling fact is that the Go 1.11 feature freeze is just a week away, so we decided that it would be too rushed to merge the 1.3 patches for it. I definitely aim to have TLS 1.3 in Go 1.12. https://github.com/golang/go/wiki/Go-Release-Cycle

However, I planned to merge the RSA-PSS patches from Peter Wu this cycle in preparation. If you have any ideas for other CLs that can go into 1.11 and that would help reduce the diff in 1.12, I'd be happy to hear about them. (We'll need to have them mailed this week, but the review can extend into the freeze.)

You will probably want to wait for the dust to settle from those, then I'll update the dev.tls branch and we can start merging there during the freeze. (If we end up using my patches, I would also appreciate some review, as of course I can't do that myself.)

Please feel free to email me or the list if there's anything you need for this.

--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.