Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt
Martin Thomson <martin.thomson@gmail.com> Tue, 26 January 2016 22:08 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71D581B3219 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 26 Jan 2016 14:08:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.003
X-Spam-Level:
X-Spam-Status: No, score=-7.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zoGmNvSLO9G3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 26 Jan 2016 14:08:06 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 258221B3211 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 26 Jan 2016 14:08:06 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aOBj5-00059z-UZ for ietf-http-wg-dist@listhub.w3.org; Tue, 26 Jan 2016 22:04:39 +0000
Resent-Date: Tue, 26 Jan 2016 22:04:39 +0000
Resent-Message-Id: <E1aOBj5-00059z-UZ@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1aOBj2-00059I-Gh for ietf-http-wg@listhub.w3.org; Tue, 26 Jan 2016 22:04:36 +0000
Received: from mail-io0-f182.google.com ([209.85.223.182]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1aOBj1-0005xp-5Y for ietf-http-wg@w3.org; Tue, 26 Jan 2016 22:04:35 +0000
Received: by mail-io0-f182.google.com with SMTP id 1so201564438ion.1 for <ietf-http-wg@w3.org>; Tue, 26 Jan 2016 14:04:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=57md9EaVSqZ0mRvSrPF6jgNEyKY6/6nR/895eG6EmNs=; b=Bo/q8NO0bU8Y+Xhb+bhHSiSeXu8sYZnvUF/+DrYS4oRBFT/miLT1ZJz8PIVuL0K7fb ZrfilAD5lOaCbnRayE/Q5SiDJ5SwQcoIDrT6OfWDi2KARK4RL1mwT+/6lxJpl2DJM25/ Sn/VqyOkbr3MWh7zpjQGLJ1EDrn1gl/fNQmFGbhT1fcb3XkdFFcU3nSRvVY9peRN4AgM LZabzHZM7E/psmTjHRuF4537fIY/qkaK1QUJKWFXilIW8Bu+60MnC00UxMk6Ucy9gJA6 DWiYMpmP5nFmKk2J5PaAQ6ykmADv6u0MQgSHVSNHldRggglV8+qq04XbC7t54Swcl+go 9qYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=57md9EaVSqZ0mRvSrPF6jgNEyKY6/6nR/895eG6EmNs=; b=WO7VQuKJFBDvQrza7aRk2JahpxonxZchYbKyyRrtLeVy6fGkdFXssWxvCp3yeMMV20 /r1e/pt5pcc275BeoFV6iuz2DuIZm9rbxS+DvYEmwvrFy7Pngw8AWYfPjFg+QLzFLj12 ibJHvpOlgDl+ubeuWW7HDjWu4Ks7t/jlhB3rCOqaoXgLcF0+uHEoZzrs0P7OTblIbJvk hRuL+xLiozIaDXtZZzGAR3T9fQZ/a6fJXDzEpbiIA9bbr5M+L50L2KfN7Jtqj9GELGf/ ZWspccf8rTB3r1a8IqwK07iuE9KR+KOKdD0e7V5QZyEOfCEdh+yDXoFLvacXd2/VAElf D8BA==
X-Gm-Message-State: AG10YOTr3J0jN0xuPLbXMbY+sQiu5zgbnKt2xV5DZ4mqSTTAzcmLcGFieUWLYs4Oy72KY9sImQhdHeg4XVFnXA==
MIME-Version: 1.0
X-Received: by 10.107.33.14 with SMTP id h14mr9619628ioh.108.1453845849383; Tue, 26 Jan 2016 14:04:09 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Tue, 26 Jan 2016 14:04:09 -0800 (PST)
In-Reply-To: <20160126213813.GA5528@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20160122222315.28781.93913.idtracker@ietfa.amsl.com> <CY1PR03MB1374890E32B6F6CA2AB78D8D87D80@CY1PR03MB1374.namprd03.prod.outlook.com> <20160126213813.GA5528@LK-Perkele-V2.elisa-laajakaista.fi>
Date: Wed, 27 Jan 2016 09:04:09 +1100
Message-ID: <CABkgnnVXvdLr7fh=Dc2HswE=hAmq30k2aXMvdi7u18=jj2iv9w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.223.182; envelope-from=martin.thomson@gmail.com; helo=mail-io0-f182.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.836, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aOBj1-0005xp-5Y 637c12d8c3257221ac650e0e11e5c60b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: FW: New Version Notification for draft-thomson-http2-client-certs-01.txt
Archived-At: <http://www.w3.org/mid/CABkgnnVXvdLr7fh=Dc2HswE=hAmq30k2aXMvdi7u18=jj2iv9w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31001
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Thanks for the prompt feedback Ilari, On 27 January 2016 at 08:38, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > - Needs to require EMS or TLS 1.3. Any use of TLS-EXPORTER for auth on > connections vulernable to THS is no-no. Yes, absolutely. > - What does "future streams associated with this request" mean exactly. > Covering a stream client did not intend to is no-no. Context? > - How does client revoke AUTOMATIC_USE on some certificate (or all > certificates) in sequentially consistent way? For the same reasons > as previous. GOAWAY & close. Note that you might be better off asking for the removal of AUTOMATIC_USE if this is a concern you have. Also note that you are asking for a level of control that the server doesn't get. > - Why 1024 byte exporter output? That seems excessively large. 64 > bytes is already 512 bits, which is high even if actual security > is cut in half somehow. Hmm, yes, 64 bytes is plenty. > - There are all sorts of crappy TLS HashAndSignatureAlgorithm values > that need forbidding, like DSA or ones using MD5 or SHA1. Good point. We should limit this to DSA with SHA1.
- FW: New Version Notification for draft-thomson-ht… Mike Bishop
- Re: FW: New Version Notification for draft-thomso… Ilari Liusvaara
- Re: FW: New Version Notification for draft-thomso… Martin Thomson
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- Re: FW: New Version Notification for draft-thomso… Ilari Liusvaara
- Re: FW: New Version Notification for draft-thomso… Martin Thomson
- Re: FW: New Version Notification for draft-thomso… Kazuho Oku
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- Re: FW: New Version Notification for draft-thomso… Martin Thomson
- Re: FW: New Version Notification for draft-thomso… Kazuho Oku
- Re: FW: New Version Notification for draft-thomso… Martin Thomson
- Re: FW: New Version Notification for draft-thomso… Ilari Liusvaara
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- Re: FW: New Version Notification for draft-thomso… Martin Thomson
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- RE: FW: New Version Notification for draft-thomso… Mike Bishop
- Re: FW: New Version Notification for draft-thomso… Amos Jeffries