Re: [DNSOP] Benjamin Kaduk's Discuss on draft-ietf-dnsop-session-signal-15: (with DISCUSS and COMMENT)
Ted Lemon <mellon@fugue.com> Thu, 27 September 2018 05:03 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBAFC12F18C for <dnsop@ietfa.amsl.com>; Wed, 26 Sep 2018 22:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uo33ocIrB7dz for <dnsop@ietfa.amsl.com>; Wed, 26 Sep 2018 22:03:27 -0700 (PDT)
Received: from mail-yb1-xb42.google.com (mail-yb1-xb42.google.com [IPv6:2607:f8b0:4864:20::b42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 848A6130DF0 for <dnsop@ietf.org>; Wed, 26 Sep 2018 22:03:24 -0700 (PDT)
Received: by mail-yb1-xb42.google.com with SMTP id w7-v6so577537ybm.7 for <dnsop@ietf.org>; Wed, 26 Sep 2018 22:03:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=NYI3vGfhLZaLq95ol8fEcUWI9Tc6ZJm7q8F9rKqWSXo=; b=WUb2dzUSIJDFM96JIF7PTuP0x0b6jXEFVIsE6efinDjS982DmFe5aiCucwFrElVfJL SMu0xi09RRu47HcgpXSbtrAtUHwwPnrCpIdK+5Eb0rUyb/DGSg5Hh5n2I5O/y8BzusiO /IfJCS525gGn8F+wAlpx//TRCfdsDXH1R8Er0mC/n7nswW3fQz3GKCytAe/tebyQwBAQ /Ovn6s6HYNCXJqjSf6Q0PTVNGlPtXcuCVlWverV3zG0D1BHfsHcsrsS9tggu1N44a7j2 gsliX5pRNNqjtHbtdYaW94pXR5o9ukd2megtZa5RXul36zbS1v30jXH3ILNuF1j5M5xw kjVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=NYI3vGfhLZaLq95ol8fEcUWI9Tc6ZJm7q8F9rKqWSXo=; b=Z8HynYeBt0O2H1BNzS0tgbkGUH/1oPsuHcLww2rLgYJILm6dn9ayT8S3nIF0X78C/Y hgGrmRCEJ948t8/fA2KDh7ngtS+JmpiTXdw15vD+Z+F/f4HFQpspEJpSTH4owBKG57Y2 RR3btIdNAoqk37DEf6kArNPO/gSfBk4BDtksZxhEhggFOoDmfNe81J1uuN1WUgISRr3L ry6pNBtRZJjThBdBwoPXhQIUpvcLxf8SeAzk+X7iaKwyaiZNhh7cF1C9kl7nbbJMDasu F3+io9ONF9ED8WtUpN2NKlfgM3cm1j1ZfGJC8gJW/rb5ZQnMcJNkatZx1VgwFdZAp4kT SUNw==
X-Gm-Message-State: ABuFfog5k4eBWk3cjZv65NlQNjc4KlZsv36TmeUYFXBzUW/ULStB8z6j bueqUPyMHH7HPPHULhIqloT4pw==
X-Google-Smtp-Source: ACcGV61DCZg1e0B5Ty6cIHKbiXzCZ46pwNYNLvF+Qi+qWfzVthhcSygIPMqAX9fGajcrqQ9zxoLc1w==
X-Received: by 2002:a25:ac68:: with SMTP id r40-v6mr4809968ybd.34.1538024603638; Wed, 26 Sep 2018 22:03:23 -0700 (PDT)
Received: from [10.0.30.16] (c-73-167-89-221.hsd1.nh.comcast.net. [73.167.89.221]) by smtp.gmail.com with ESMTPSA id g126-v6sm434804ywd.41.2018.09.26.22.03.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Sep 2018 22:03:23 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <D11FA275-9CC3-470D-B8EC-3EE5ED38C20E@fugue.com>
Date: Thu, 27 Sep 2018 01:03:21 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-session-signal@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs@ietf.org, dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <82F4E1E2-2672-4C3A-B51F-67BFB2E4EEFC@fugue.com>
References: <153722313579.24693.3934580046706676407.idtracker@ietfa.amsl.com> <D11FA275-9CC3-470D-B8EC-3EE5ED38C20E@fugue.com>
To: Benjamin Kaduk <kaduk@MIT.EDU>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EPyPr8dTFrPUEPkTGya-xozC0zM>
Subject: Re: [DNSOP] Benjamin Kaduk's Discuss on draft-ietf-dnsop-session-signal-15: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 05:03:28 -0000
On Sep 27, 2018, at 12:55 AM, Ted Lemon <mellon@fugue.com> wrote: > Yup. Sorry about that. I just submitted a new version that I hope addresses this request. There's a mistake in the update—while I was working on the new text, I added a caveat about implicit sessions, but didn't notice that that had weakened the requirements on the client. I've addressed this with the following change, but will wait on your and Mirja's responses before resubmitting: - If a server receives a Fast Open message containing a DSO message - whose primary TLV is not permitted to appear in a Fast Open message, - the server MUST forcible abort the connection. If a client receives - a Fast Open message containing any DSO message, and there is no - implicit DSO session, the client MUST forcibly abort the connection. - If a server or client receives a Fast Open message that is not a TLS - 1.3 message, it MUST forcibly abort the connection. + If a client or server receives a Fast Open message containing a DSO + message whose primary TLV is not permitted to appear in a Fast Open + message, the server MUST forcible abort the connection. If a client + receives a Fast Open message containing any DSO message, and there is + no implicit DSO session, the client MUST forcibly abort the + connection. If a server or client receives a Fast Open message that + is not a TLS 1.3 message, it MUST forcibly abort the connection.
- [DNSOP] Benjamin Kaduk's Discuss on draft-ietf-dn… Benjamin Kaduk
- Re: [DNSOP] Benjamin Kaduk's Discuss on draft-iet… Ted Lemon
- Re: [DNSOP] Benjamin Kaduk's Discuss on draft-iet… Ted Lemon
- Re: [DNSOP] Benjamin Kaduk's Discuss on draft-iet… Benjamin Kaduk
- Re: [DNSOP] Benjamin Kaduk's Discuss on draft-iet… Ted Lemon