Re: [Gen-art] Genart last call review of draft-ietf-kitten-tls-channel-bindings-for-tls13-09
worley@ariadne.com Sat, 16 October 2021 03:25 UTC
Return-Path: <worley@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 96B0B3A0A55
for <gen-art@ietfa.amsl.com>; Fri, 15 Oct 2021 20:25:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001,
SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=comcastmailservice.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rxc-Y6q-ex5a for <gen-art@ietfa.amsl.com>;
Fri, 15 Oct 2021 20:25:11 -0700 (PDT)
Received: from resqmta-ch2-07v.sys.comcast.net
(resqmta-ch2-07v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:39])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 377D33A0A3F
for <gen-art@ietf.org>; Fri, 15 Oct 2021 20:25:10 -0700 (PDT)
Received: from resomta-ch2-05v.sys.comcast.net ([69.252.207.101])
by resqmta-ch2-07v.sys.comcast.net with ESMTP
id baAzmQi3wIdOQbaJomBExO; Sat, 16 Oct 2021 03:25:08 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=comcastmailservice.net; s=20180828_2048; t=1634354708;
bh=oISboxgctMArRmos33fzuioWiSZO/HBsOPaYl3YxsYA=;
h=Received:Received:Received:Received:From:To:Subject:Date:
Message-ID;
b=OfL5VVIsUlJyD8xIOLJKTsvNRyPIXk0q40ImhAtSn16WPqnFBR7sQRJgPvGqdMbDx
GXYL2BJCfr7U82nW5FIHOS5iTDEfdLTGX5VhjaeDQ3A/IkycFA08ZC5JzUdDWy+ysU
K2P5toUSQTQ42AsUuxjO7LzG1qsCt3zzscoiRUSRaWzvjNQXSpMAG4ENx7OXQQhjFD
WgkMJDJ+SRVOFc/wZECNgiMUPZbr5V0umi4CZr06sWxdSlk+5emfNFzXBxSJuwZroL
Sf9RRj8Hbadyvm7hi68xI8pN90QbA6CVSw/B/QtIT8UxLeAHJGQam96pfIPyV7Kur8
oZepNT2CGqBxA==
Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4a00:430::84d9])
by resomta-ch2-05v.sys.comcast.net with ESMTPA
id baJlmMeeT14GpbaJmmHcOP; Sat, 16 Oct 2021 03:25:07 +0000
X-Xfinity-VMeta: sc=0.00;st=legit
Received: from hobgoblin.ariadne.com (localhost [127.0.0.1])
by hobgoblin.ariadne.com (8.16.1/8.16.1) with ESMTPS id 19G3P2uj813176
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
Fri, 15 Oct 2021 23:25:04 -0400
Received: (from worley@localhost)
by hobgoblin.ariadne.com (8.16.1/8.16.1/Submit) id 19G3P1Yh813171;
Fri, 15 Oct 2021 23:25:01 -0400
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to
worley@alum.mit.edu using -f
From: worley@ariadne.com (Dale R. Worley)
To: "Sam Whited" <sam@samwhited.com>
Cc: worley@ariadne.com, gen-art@ietf.org,
draft-ietf-kitten-tls-channel-bindings-for-tls13.all@ietf.org,
kitten@ietf.org, last-call@ietf.org
In-Reply-To: <5791c4e5-8145-416e-85d2-702a7349f327@www.fastmail.com>
(sam@samwhited.com)
Sender: worley@ariadne.com (Dale R. Worley)
Date: Fri, 15 Oct 2021 23:25:01 -0400
Message-ID: <87fst1ejn6.fsf@hobgoblin.ariadne.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/2u_SBgErL_ycj8ztuMW_BOFLaKI>
Subject: Re: [Gen-art] Genart last call review of
draft-ietf-kitten-tls-channel-bindings-for-tls13-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>,
<mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>,
<mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Oct 2021 03:25:16 -0000
"Sam Whited" <sam@samwhited.com> writes: >> The appearance of this paragraph in this section suggests (but does >> not assert) that in TLS 1.3, the cipher negotiation always results in >> unique master secrets. Indeed, it would be extremely convenient if >> (standard-conformant) use of TLS 1.3 always did so, and if so, it >> would be convenient to inform the user by asserting that at the end of >> section 2 (after moving the current last paragraph to a different >> section). > > This one I had a lot of trouble with. I tried to put in some new > language, but it feels out of place to me somehow. I'm not sure that > this document should make assertions about the correctness of TLS 1.3, > as well vetted as it has been, so I tried to phrase it in terms of "this > mechanism is useful so long as this property holds", which seems like it > might belong in security considerations, not the registration section? This is probably the only really significant point in my review ... I can understand your caution here. It seems to me that the ideal solution is for TLS 1.3 to have been explicitly designed so that there are unique master secrets, and then you just reference that. Now it seems that everybody thinks TLS 1.3 has this property, so I'd expect that was an explicit design goal, and it would be documented somewhere. And then this document could just point to that. Dale
- [Gen-art] Genart last call review of draft-ietf-k… Dale Worley via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] Genart last call review of draft-ie… worley
- Re: [Gen-art] Genart last call review of draft-ie… Benjamin Kaduk
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] [Last-Call] Genart last call review… Lars Eggert