Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic-tls-34.txt> NOW AVAILABLE
Sean Turner <sean@sn3rd.com> Fri, 21 May 2021 04:33 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: c430@rfc-editor.org
Delivered-To: c430@rfc-editor.org
Received: from localhost (localhost [127.0.0.1]) by rfc-editor.org (Postfix) with ESMTP id 9F659F4071E for <c430@rfc-editor.org>; Thu, 20 May 2021 21:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at rfc-editor.org
X-Spam-Flag: NO
X-Spam-Score: -97.98
X-Spam-Level:
X-Spam-Status: No, score=-97.98 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=0.01, RCVD_IN_DNSWL_NONE=0.01, SPF_HELO_NONE=2, SPF_PASS=-0.001, SUBJECT_IN_WHITELIST=-100, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: rfcpa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from rfc-editor.org ([127.0.0.1]) by localhost (rfcpa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWiLHQRz7brO for <c430@rfc-editor.org>; Thu, 20 May 2021 21:33:08 -0700 (PDT)
Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) by rfc-editor.org (Postfix) with ESMTPS id DFA99F40719 for <c430@rfc-editor.org>; Thu, 20 May 2021 21:33:07 -0700 (PDT)
Received: by mail-qv1-xf29.google.com with SMTP id w9so9772211qvi.13 for <c430@rfc-editor.org>; Thu, 20 May 2021 21:33:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rL9bEe/VtionV9ttck0cU6CJgItoYBe9kohw0RWEPpA=; b=nJBOlszM0k+dItgj3yGiUzAPHd1VcGGZNVMZ+sXzETARoZ7qtu3r+jTpyITf2tlb+R MCh0DP0sV254m+G2g/+i8vUjMWTn/dtGyh6eSAQKN4O0nv82qJ9ngq9JnqtFpY3Tw33D HK0qnV+wpVlMnzbSumodsw17rFWVaURJ5Atuc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rL9bEe/VtionV9ttck0cU6CJgItoYBe9kohw0RWEPpA=; b=X8ZnmK4ZTHyuiPvdVvUpUuhRtcBPaRfd7shhlWsQ9XGCjj/TEAPegJanVSVlbFiTws rOa+/OF4x2/uC/yrTEmD0yhxHncVq/cz+IQlWxGDC2IqqQJ76sdCNzARpe48E4PInTTQ H+fhpNhBW/W/AmAnzeuhCdLsaRdtBcMW/5bF7XfAJIS8/QKZMmHNvumJPPTSdoqJnF1/ f8200tgrOLCoNQRE5qIndISiME2HZEBER97aTlJD7gtJXfuqdbAY/kEeOnEkmD8SiyQ0 b7AiDd9lpPmv0c8TbqU33ACyW/ElHhceSQ1NhxQWFnqK/n5bvamIrnUyWotMaMjRLTSY TBhg==
X-Gm-Message-State: AOAM532tMBe+0zTP2frgys+0d1L03PITfGnW7otTb9EiiezPjZOmy4ed NUZ5zpRiNJp7QX9QlXK6PyjlzA==
X-Google-Smtp-Source: ABdhPJzTqsVJWdg/gzOxXM4xsbQGCnbDG/ErKOBexNhBTWXJQH/1Y35qqdL8lXXdNX4Ow8FwdXoWcw==
X-Received: by 2002:a05:6214:142d:: with SMTP id o13mr10403172qvx.30.1621571590816; Thu, 20 May 2021 21:33:10 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id t191sm3979352qke.100.2021.05.20.21.33.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 May 2021 21:33:10 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <ba8ea4ee-3c7b-92b5-ce21-77f0ba3c7386@amsl.com>
Date: Fri, 21 May 2021 00:33:08 -0400
Cc: Martin Thomson <mt@lowentropy.net>, rfc-editor <rfc-editor@rfc-editor.org>, Zaheduzzaman Sarker <Zaheduzzaman.Sarker@ericsson.com>, Martin Thomson via C430 <c430@rfc-editor.org>, Matt Joras <matt.joras@gmail.com>, Mark Nottingham <mnot@mnot.net>, Lucas Pardue <lucaspardue.24.7@gmail.com>, Lars Eggert <lars@eggert.org>, Martin Duke <martin.h.duke@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FBAD52F3-19DF-4BD9-85E4-B67D877C8FDA@sn3rd.com>
References: <20210427074149.B07ADF40797@rfc-editor.org> <3fac22d9-bbbc-4963-92f8-2a3aa399a390@www.fastmail.com> <1edada0f-0ecd-4d10-4ed6-a7642f83a8db@amsl.com> <a376f198-3d80-4adb-9639-217e2e49847e@www.fastmail.com> <dfc0b917-b631-12b2-9ccf-6b41db8233d4@amsl.com> <a3b87aaa-2d6a-46fb-ad50-fb027d959dec@www.fastmail.com> <ba8ea4ee-3c7b-92b5-ce21-77f0ba3c7386@amsl.com>
To: Jean Mahoney <jmahoney@amsl.com>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Subject: Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic-tls-34.txt> NOW AVAILABLE
X-BeenThere: c430@rfc-editor.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <c430.rfc-editor.org>
List-Unsubscribe: <https://www.rfc-editor.org/mailman/options/c430>, <mailto:c430-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <http://www.rfc-editor.org/pipermail/c430/>
List-Post: <mailto:c430@rfc-editor.org>
List-Help: <mailto:c430-request@rfc-editor.org?subject=help>
List-Subscribe: <https://www.rfc-editor.org/mailman/listinfo/c430>, <mailto:c430-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 21 May 2021 04:33:12 -0000
I only have nits and then I approve: 0) s4.1.4: swap out the only contraction s/aren’t/are not 1) some early data to 0-RTT swaps for consistency: 1.0) s4.1 s/early data/0-RTT data 1.1) s4.6.1: OLD: QUIC does not use TLS 0-RTT data. QUIC uses 0-RTT packets to carry early data. NEW: QUIC does not use TLS early data. QUIC uses 0-RTT packets to carry early data. 1.2) s4.6.3: 6 instance of s/early data/0-RTT data 2) s5.1 OLD: In TLS 1.3, the HKDF-Expand-Label function described in Section 7.1 of [TLS13] is used, using the hash function from the negotiated cipher suite. NEW: In TLS 1.3, the HKDF-Expand-Label function described in Section 7.1 of [TLS13] is used with the hash function from the negotiated cipher suite. Cheers, spt > On May 19, 2021, at 18:35, Jean Mahoney <jmahoney@amsl.com> wrote: > > Martin, > > We've noted your approval on the AUTH48 status page: > > https://www.rfc-editor.org/auth48/rfc9001 > > We will await word from Sean regarding other AUTH48 changes and/or approval. > > Thank you! > > RFC Editor/jm > > > On 5/19/21 5:15 PM, Martin Thomson wrote: >> Thanks Jean, >> >> I've reviewed the changes and approve this document. >> >> On Wed, May 19, 2021, at 03:02, Jean Mahoney wrote: >>> Martin, >>> >>> Thank you for the updated file. The discrepancy with the URLs in the RFC >>> references is indeed an xml2rfc issue. I have opened a ticket: >>> >>> https://trac.ietf.org/trac/xml2rfc/ticket/640 >>> >>> And I have explicitly set the URLs in the XML file: >>> >>> https://www.rfc-editor.org/authors/rfc9001-xmllastrfcdiff.html >>> (these changes in the XML) >>> https://www.rfc-editor.org/authors/rfc9001-lastrfcdiff.html (these >>> changes in the text) >>> >>> https://www.rfc-editor.org/authors/rfc9001.txt >>> https://www.rfc-editor.org/authors/rfc9001.pdf >>> https://www.rfc-editor.org/authors/rfc9001.html >>> https://www.rfc-editor.org/authors/rfc9001.xml >>> >>> We will await further word from you and your coauthor regarding other >>> AUTH48 changes and/or approval. >>> >>> Best regards, >>> >>> RFC Editor/jm >>> >>> >>> On 5/17/21 5:41 PM, Martin Thomson wrote: >>>> When it comes to references, I think that it is best that you make those changes. The changes you see are the result of automation. I can fix the AEBounds one, but I'll need to coordinate with Carsten on the smart quote, and the rfc-editor.org one is down to either the XML files on rfc-editor.org (this is where we pull those references from) or xml2rfc. >>>> >>>> I'll try to track these all down, but in the interests of progress, if you can make those changes, I'd be happy to approve the document. >>>> >>>> On Tue, May 18, 2021, at 05:53, Jean Mahoney wrote: >>>>> Martin, >>>>> >>>>> Thank you for updating the document! We found a few small issues in the >>>>> References section: >>>>> >>>>>> The URLs for RFCs should point to the RFC landing page ("/info/" instead of "/rfc/"): >>>>>> Current: <https://www.rfc-editor.org/rfc/rfcNNNN> >>>>>> Should be: <https://www.rfc-editor.org/info/rfcNNNN> >>>>>> The URL for [AEBounds] works but it's only http: >>>>>> Current: <http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf> >>>>>> Perhaps: <https://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf> >>>>>> A smart quote was introduced into the [GCM-MU] reference: >>>>>> Current: CCS ‘18: Proceedings of ... >>>>>> Should be: CCS '18: Proceedings of >>>>> >>>>> Would you like us to make these updates or would you like to update the file? >>>>> >>>>> Regarding the issue with line breaks within <sup>, the following ticket >>>>> has been opened: >>>>> >>>>> https://trac.ietf.org/trac/xml2rfc/ticket/631 >>>>> >>>>> Best regards, >>>>> >>>>> RFC Editor/jm >>>>> >>>>> On 4/28/21 9:24 PM, Martin Thomson via C430 wrote: >>>>>> Thanks for the work on this document. >>>>> I've staged a bunch of changes in our source repository for review. I >>>>> will provide updated XML once that process is complete. For now, I >>>>> will try to note differences so that there are no surprises. >>>>> >>>>> The complete set of outstanding changes to this document are in >>>>> progress, so they are either in our working copy: >>>>> https://github.com/quicwg/base-drafts/blob/master/draft-ietf-quic-tls.md >>>>> or they are in open pull requests that affect that document: >>>>> https://github.com/quicwg/base-drafts/pulls?q=is%3Apr+is%3Aopen+label%3A-tls >>>>> >>>>> I have only made very minor changes in this document on top of what has >>>>> been suggested. >>>>> >>>>> One annoying little nit comes from unrelated edits in one paragraph >>>>> that caused the string 2<sup>-57</sup> to render badly in text. In >>>>> text, this now renders with "2^-" on one line and "57" on the next. Do >>>>> we have any strategy for dealing with this? I don't think that moving >>>>> to a non-breaking hyphen is a good answer for this case. Changes to >>>>> xml2rfc so that it avoids line breaks before and inside <sup> (and >>>>> <sub>) might be worth considering though. >>>>> >>>>> I have not yet worked out how to generate <th> elements instead of <td> >>>>> for the left column of tables as proposed. While the rendering from >>>>> xml2rfc in text of a table like this is terrible enough that I was >>>>> initially inclined to reject this change, that is a problem with >>>>> xml2rfc, not the change. The semantic change is good. I just wanted >>>>> to note that I've an open issue to work out how to manage this: >>>>> https://github.com/quicwg/base-drafts/issues/4872 >>>>> >>>>> I note that many <artwork> elements have been converted to >>>>> <sourcecode>. This is mostly good, but I don't think that it is >>>>> appropriate to label the notation we've invented here as "pseudocode". >>>>> I've not applied that change. I note that RFC-to-be 8999 didn't >>>>> include that change, which in this case is appropriate. This is >>>>> deliberately not a formal grammar, it's an illustration aid. >>>>> >>>>>> https://www.rfc-editor.org/authors/rfc9001-xmldiff2.html exists, but is broken. The other XML diff currently shows numbered anchors. The XML diff completely mangled the appendix, so I've applied changes based on the text diff only. >>>>> Though I did say I wouldn't update references, I have done so for the >>>>> two that had changes here. We have another tooling issue to work >>>>> through; <refcontent> is being stripped out for the moment, but I'm >>>>> working on that. >>>>> >>>>> On Tue, Apr 27, 2021, at 17:41, rfc-editor@rfc-editor.org wrote: >>>>>>> 2) <!-- [rfced] Please review the items marked "Note:" and let us know >>>>> if any should be marked as <aside>. Some are not clear to us, >>>>> especially those that contain RFC 2119 keywords. >>>>> >>>>> For example: >>>>> Note: An endpoint MUST NOT reject a ClientHello that offers a cipher >>>>> suite that it does not support, or it would be impossible to >>>>> deploy a new cipher suite. This also applies to >>>>> TLS_AES_128_CCM_8_SHA256. >>>>> >>>>> --> >>>>>> I found two such cases and have proposed changes that remove the "note: " lead-in. The others are all appropriate uses of <aside/> and I've also proposed a matching change. Now, if the rendering of <aside> in text weren't so terrible I'd be happy about this outcome. >>>>> I would say that better support in the grammar for notes would be worth >>>>> exploring. <aside prologue="Note"> would be a very useful feature. >>>>> >>>>>>> 3) <!-- [rfced] We are having difficulty parsing the following sentence. >>>>> Current: >>>>> The same number of bytes are always sampled, but an allowance needs >>>>> to be made for the endpoint removing protection, which will not know >>>>> the length of the Packet Number field. >>>>> >>>>> Perhaps: >>>>> The same number of bytes are always sampled, but an allowance needs >>>>> to be made for the removal of protection by the endpoint, which >>>>> will not know the length of the Packet Number field. >>>>> --> >>>>>> That is better, though endpoint role here probably needs clarification. I've used "receiving endpoint" instead. >>>>>>> 4) <!-- [rfced] FYI We have updated the following cross reference to point >>>>> to Section 9.5 (Header Protection Timing Side Channels) rather than >>>>> 9.4 (Header Protection Analysis). Please let us know if changes are >>>>> necessary: >>>>>> Yes, this is a good change. Thanks. >>>>>>> 5) <!-- [rfced] We are having difficulty parsing the following: >>>>> Current: >>>>> Using dummy keys will generate no variation in the >>>>> timing signal produced by attempting to remove packet protection, and >>>>> results in all packets with an invalid Key Phase bit being rejected. >>>>> >>>>> Perhaps: >>>>> The use of dummy keys introduces no variation in the >>>>> timing signal, which could be altered by attempting to remove packet >>>>> protection, and results in all packets with an invalid Key Phase bit >>>>> being rejected. >>>>> --> >>>>>> That would subtly change the meaning. >>>>> I'm going to suggest: >>>>> >>>>>>> Using randomized keys ensures that attempting to remove packet protection does not result in timing variations, and results in packets with an invalid Key Phase bit being rejected. >>>>>> An aside: someone noted that "dummy" was problematic and so I've separately changed this to "randomized" in the preceding sentence also. >>>>>>> 6) <!-- [rfced] FYI We have made the following edit to improve readability. >>>>> QUIC extensions MUST either describe how replay attacks affect their >>>>> operation or prohibit the use of the extension in 0-RTT. >>>>>> This is good. >>>>>>> 7) <!-- [rfced] Note that we have updated the date and URL listed for >>>>> [AEBounds] >>>>>> Thanks. >>>>>>> 8) <!-- [rfced] FYI We have made the following update to improve >>>>> readability. >>>>> * The number of ciphertext blocks an attacker uses in forgery >>>>> attempts is bounded by v * l, which is the number of forgery >>>>> attempts multiplied by the size of each packet (in blocks). >>>>>> Also good, thanks. >>>>>>> 9) <!-- [rfced] Throughout the text, the following term appears to be used >>>>> inconsistently. Please review these occurrences and let us know if/how they >>>>> may be made consistent. >>>>> >>>>> application data / Application Data / Application data >>>>> >>>>> Note that RFC-to-be 9000 <draft-ietf-quic-transport> uses the lowercase >>>>> form consistently. >>>>>> Yes. I have reviewed this and I think that I've made it more consistent. The outcome is that figures will use title case for consistency (as appropriate) and text will use the lowercase form. There is one reference to TLS Application Data, where I have kept the title case to match the usage in RFC 8446.
- [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic-tls… rfc-editor
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… rfc-editor
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Martin Thomson
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Sandy Ginoza
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Martin Thomson
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Sandy Ginoza
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Jean Mahoney
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Martin Thomson
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Jean Mahoney
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Martin Thomson
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Jean Mahoney
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Sean Turner
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Martin Thomson
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Jean Mahoney
- Re: [C430] AUTH48 [JM]: RFC 9001 <draft-ietf-quic… Sean Turner