FAQ answer on TLS RTT is a little stale

Question

FAQ answer on TLS RTT is a little stale

LPardue opened this issue 5 years ago · 2 comments

While preparing the WIP #204, I noticed that the answer to the question "TLS still adds an extra RTT; can we fix that?" was written in a pre-RFC8446 world and is now a little stale.

Answer 1 · 2020-08-18T09:12:52.000Z

Can you clarify that? Neither the FAQ or you referencing the RFC does.

TLS 1.3 is 1-RTT(without 0-RTT) and TLS 1.2 is 2-RTT, with both versions having a follow-up 1-RTT for the actual request as far as I understand? (I'm referencing the following, which has a nice graphic for it as well)

I assume the Cloudflare article is out of date too?

Answer 2 · 2020-08-18T09:25:00.000Z

Fair question

One possible route is to leverage TCP Fast Open, which would allow us to send the ClientHello within the TCP SYN packet — that would cut another RTT. In the meantime, both TLS 1.3 and QUIC are experimenting with "zero-RTT" handshake mechanisms. See QUIC crypto doc and this GDL episode for a general introduction to QUIC.

So ignore the TFO thing, two points of staleness come to mind:

TLS 1.3 has shipped, so it is not experimental.
There are now two main flavours of QUIC, the original "gQUIC" that uses QUIC crypto, and IETF QUIC which uses the TLS 1.3 handshake.

IMO a suitable fixup would be to focus on TLS 1.3 0-RTT and then mention its applicability to IETF QUIC, with links to both. We might relegate mention of QUIC crypto to a legacy follow up sentence, or for clarity just omit it.