Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 10 February 2017 11:26 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71A11295D0 for <cfrg@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d20Idpsj6mr5 for <cfrg@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:23 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 32B051294F6 for <cfrg@irtf.org>; Fri, 10 Feb 2017 03:26:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 575141CEBB; Fri, 10 Feb 2017 13:26:21 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id pK1LaYVhC7ln; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id E4F8921C; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Date: Fri, 10 Feb 2017 13:26:17 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20170210112617.GA21741@LK-Perkele-V2.elisa-laajakaista.fi>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/QZXjb8dxbuQPk_xtfZBRHUEMFDA>
Cc: IRTF CFRG <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>, Sean Turner <sean@sn3rd.com>
Subject: Re: [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 11:26:25 -0000

On Fri, Feb 10, 2017 at 04:44:58PM +1100, Martin Thomson wrote:
> On 10 February 2017 at 16:07, Sean Turner <sean@sn3rd.com> wrote:
> > a) Close these two PRs and go with the existing text [0]
> > b) Adopt PR#765 [1]
> > c) Adopt PR#769 [2]
> 
> 
> a) I'm happy enough with the current text (I've implemented that any
> it's relatively easy).
> 
> I could live with c, but I'm opposed to b. It just doesn't make sense.
> It's not obviously wrong any more, but the way it is written it is
> very confusing and easily open to misinterpretation.

I couldn't make out what b) says, c) is much clearer.

However, even in a), let alone b) or c), the limits are so high that
one should do some greasing, or this feature seems like a prime
candidate for rusting shut.


-Ilari