Re: Report on preliminary decision on TLS 1.3 and client auth
Martin Thomson <martin.thomson@gmail.com> Fri, 25 September 2015 17:36 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 832F21A86EE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 10:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Level:
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyuJqCtn7ptd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 10:36:22 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F40D1A8035 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 25 Sep 2015 10:36:22 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ZfWs6-00034s-IX for ietf-http-wg-dist@listhub.w3.org; Fri, 25 Sep 2015 17:33:22 +0000
Resent-Date: Fri, 25 Sep 2015 17:33:22 +0000
Resent-Message-Id: <E1ZfWs6-00034s-IX@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1ZfWs1-000342-B3 for ietf-http-wg@listhub.w3.org; Fri, 25 Sep 2015 17:33:17 +0000
Received: from mail-yk0-f169.google.com ([209.85.160.169]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1ZfWrz-00047K-PJ for ietf-http-wg@w3.org; Fri, 25 Sep 2015 17:33:16 +0000
Received: by ykdt18 with SMTP id t18so121587975ykd.3 for <ietf-http-wg@w3.org>; Fri, 25 Sep 2015 10:32:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UTzU6VE9A5fdK7ngu3mfbNk82w7J5chdgr5YinkAqL0=; b=0wTbQGTu38YKCrmNfGdRdg+fWpYl+Dx+qULYHc0gkOlKG0rQqLxT3zsXK1YuKreeZT I8zLgFPpUnxdsYutnA95BPEByV3pSjEDGw2Av9zVRW1myUcB6GwizOIjWeGMN7KRbstg WS1GYmTqMwdl5ZRjDka/TFAkAtSGRUkvH7obeSpCOIb1Y7fFeboWCdvh8FXHNBsacodF /COs077GdxcWQd6NRgboRYHTdlOVGAbbv4hD+F1n50TYh13PNXqXE6elMblkPO048Nj0 EnEnvBmHzB93f+mB68PHGLu3gWcl+QAEpc91XsBR5/a1XTCuCU+vY5EcgtmL2oFLFz+f SjBQ==
MIME-Version: 1.0
X-Received: by 10.170.173.1 with SMTP id p1mr5703898ykd.101.1443202369798; Fri, 25 Sep 2015 10:32:49 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Fri, 25 Sep 2015 10:32:49 -0700 (PDT)
In-Reply-To: <9743.1443201623@critter.freebsd.dk>
References: <CABkgnnWREq6X+chcvookChGAZGxkJ6Zs_7FGwz7Mbn12XMxewQ@mail.gmail.com> <5603599F.8090303@treenet.co.nz> <CABkgnnVq9FDeGf_=JF0m0AkgfO1G3DVV2QN_aPrbYnFtfRLFrw@mail.gmail.com> <5603745A.7020509@treenet.co.nz> <6818.1443172702@critter.freebsd.dk> <8F0BC939-B0BD-43F6-AB41-7676B5B94054@gmail.com> <7301.1443176081@critter.freebsd.dk> <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com> <9743.1443201623@critter.freebsd.dk>
Date: Fri, 25 Sep 2015 10:32:49 -0700
Message-ID: <CABkgnnW9FDLudxkEjbG+qgxHBe2TGJscNVoVFFXc=b8Q5xzY8A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Yoav Nir <ynir.ietf@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.160.169; envelope-from=martin.thomson@gmail.com; helo=mail-yk0-f169.google.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.841, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1ZfWrz-00047K-PJ 525f68332b2bbcadf2126a6f039b27e5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Report on preliminary decision on TLS 1.3 and client auth
Archived-At: <http://www.w3.org/mid/CABkgnnW9FDLudxkEjbG+qgxHBe2TGJscNVoVFFXc=b8Q5xzY8A@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30278
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 25 September 2015 at 10:20, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > I think in the current climate, we have a lot of lattitude for > doing things right, and telling people why they should migrate > to something safer, so we should seriously consider skipping > the workarounds and aim for something that will hold up well > under pressure. I want to do that to, but if that generates too much incentive to remain on old protocols, I don't think that is the only thing we can do. Note that there are a lot of alternatives out there already. For instance, the widely deployed OAuth-based systems. There are some small differences in their security properties, which might be critical. However, I confess that I don't know whether that is a consideration as much as pure inertia. Maybe application developers that use client certificates really like the fact that they have terrible privacy characteristics. Either way, I don't believe that we get to play the dictator here. People will do what they feel that they need to. If we don't help, they will implement options that are even worse than those that I described.
- Report on preliminary decision on TLS 1.3 and cli… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Amos Jeffries
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Amos Jeffries
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Re: Report on preliminary decision on TLS 1.3 and… Poul-Henning Kamp
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Re: Report on preliminary decision on TLS 1.3 and… Willy Tarreau
- Difffent ways to authenticate (Was: Re: Report on… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Ilari Liusvaara
- Re: Report on preliminary decision on TLS 1.3 and… Jason T. Greene
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Martin Thomson
- Re: Report on preliminary decision on TLS 1.3 and… Kyle Rose
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir
- RE: Report on preliminary decision on TLS 1.3 and… Mike Bishop
- Re: Report on preliminary decision on TLS 1.3 and… Yoav Nir