Re: [TLS] Revised TLS Charter
Brian Smith <bsmith@mozilla.com> Tue, 24 May 2011 06:32 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE7EE0692 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 23 May 2011 23:32:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=4.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uSF+fCEJBAGh for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 23 May 2011 23:32:14 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id D19BFE0688 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 23 May 2011 23:32:13 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1QOl8z-00044C-GX for ietf-http-wg-dist@listhub.w3.org; Tue, 24 May 2011 06:31:05 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <ylafon@w3.org>) id 1QOl7l-0001d6-Tb for ietf-http-wg@listhub.w3.org; Tue, 24 May 2011 06:29:49 +0000
Received: from jay.w3.org ([128.30.52.169]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <ylafon@w3.org>) id 1QOl7l-0003Oy-Ei for ietf-http-wg@w3.org; Tue, 24 May 2011 06:29:49 +0000
Received: from ylafon by jay.w3.org with local (Exim 4.69) (envelope-from <ylafon@w3.org>) id 1QOl7l-0003Eg-Ph for ietf-http-wg@w3.org; Tue, 24 May 2011 02:29:49 -0400
X-Return-path: <listmaster@w3.org>
X-Received: from maggie.w3.org ([128.30.52.39]) by jay.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <listmaster@w3.org>) id 1QOdqJ-0008Gw-L7 for ylafon@jay.w3.org; Mon, 23 May 2011 18:43:19 -0400
X-Received: from frink.w3.org ([128.30.52.56]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <listmaster@w3.org>) id 1QOdqJ-0006WC-LZ for ylafon@w3.org; Mon, 23 May 2011 22:43:19 +0000
X-Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <listmaster@w3.org>) id 1QOdqJ-0004U0-FC for ylafon@w3.org; Mon, 23 May 2011 22:43:19 +0000
X-From_: bsmith@mozilla.com Mon May 23 22:43:18 2011
X-Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <bsmith@mozilla.com>) id 1QOdqI-0004Ti-Mx for ietf-http-wg-request@listhub.w3.org; Mon, 23 May 2011 22:43:18 +0000
X-Received: from corp01.sj.mozilla.com ([63.245.208.141] helo=mail.mozilla.com) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <bsmith@mozilla.com>) id 1QOdqG-0008LI-8T for ietf-http-wg-request@w3.org; Mon, 23 May 2011 22:43:18 +0000
X-Received: from mail.mozilla.com (zimbra1.shared.sjc1.mozilla.com [10.2.72.238]) by mail.mozilla.com (Postfix) with ESMTP id 99BCBAE6466D; Mon, 23 May 2011 15:42:50 -0700 (PDT)
Old-Date: Mon, 23 May 2011 15:42:50 -0700 (PDT)
From: Brian Smith <bsmith@mozilla.com>
To: ietf-http-wg-request <ietf-http-wg-request@w3.org>
Cc: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Eric Rescorla <ekr@rtfm.com>
Message-ID: <1126122413.5534.1306190570278.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
In-Reply-To: <BANLkTik==6bPmARJRBJwsLo_wegFMjC4BQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [63.245.220.240]
X-Mailer: Zimbra 6.0.8_GA_2661 (ZimbraWebClient - FF3.0 (Win)/6.0.8_GA_2661)
Received-SPF: none client-ip=63.245.208.141; envelope-from=bsmith@mozilla.com; helo=mail.mozilla.com
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1QOdqG-0008LI-8T 650b8bb91513c49e2cc6019121d8e852
Old-X-Envelope-To: ietf-http-wg-request
Date: Mon, 23 May 2011 22:43:19 +0000
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Mon May 23 18:43:20 2011
X-DSPAM-Confidence: 0.9995
X-DSPAM-Improbability: 1 in 181886 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 4ddae308318111669216303
ReSent-Date: Tue, 24 May 2011 02:29:45 -0400
ReSent-From: Yves Lafon <ylafon@w3.org>
ReSent-To: ietf-http-wg@w3.org
ReSent-Subject: Re: [TLS] Revised TLS Charter
ReSent-User-Agent: Alpine 1.10 (DEB 962 2008-03-14)
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [TLS] Revised TLS Charter
Archived-At: <http://www.w3.org/mid/1126122413.5534.1306190570278.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/10561
X-Loop: ietf-http-wg@w3.org
Sender: ietf-http-wg-request@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1QOl8z-00044C-GX@frink.w3.org>
Eric Rescorla wrote: > Can you advise on which drafts you have in mind? 1. draft-pettersen-tls-ext-multiple-ocsp 2. http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00 (NPN) 3. An extension to move the client certificate message to be between its ChangeCipherSuite and Finished messages (next to the NPN message), to protect it. Hopefully we can resurrect one of the previous drafts that proposed to do this. 4. An explicit one-roundtrip False-Start(-like) full handshake. (Needs a new I-D.) We are planning to implement all of these extensions in Firefox. I believe that there are other major implementers that are planning to implement at least the first three. We may also implement the current TLS False Start mechanism, but I think it would be better to have an opt-in one-round-trip handshake mechanism. Such a mechanism would probably involve the client optimistically putting a ClientKeyExchange (probably formatted like a ServerKeyExchange) message in a ClientHello extension, so that the server can send its ChangeCipherSuite and Finished messages immediately after its ServerHelloDone message. Cheers, Brian > > Thanks, > -Ekr > > > On Fri, May 20, 2011 at 10:42 AM, Brian Smith <bsmith@mozilla.com> > wrote: > > Joe Salowey wrote: > >> [Joe] Our security AD has requested that we tighten up the charter > >> such that significant changes to the protocol require a charter > >> update. We can certainly discuss the topics you raise without a > >> charter update. It may be possible to publish documents for some of > >> the things you want without a charter update. For other things, in > >> particular things that require significant change to the TLS state > >> machine or other aspects of the protocol we are going to have to go > >> through the process of updating the charter. This does not have to > >> be > >> a heavyweight process, but it does require more review than just > >> adding a working group milestone. Since TLS is in widespread use in > >> all areas of the IETF this ensures there is some cross area review > >> before we initiate the work for a major change > > > > In the next couple of weeks, I could work on getting some drafts of > > extensions (and/or resurrect some old ones) that I would like to be > > considered on the standards track, which we (Mozilla and others) are > > likely to implement and deploy soon. At least two of these > > extensions do affect the state machine and most of the changes have > > already been discussed at length in the working group. I think this > > would be useful input for the decision of what to include in the > > initial revision of the charter, and would probably prevent some > > unnecessary future debates about it. > > > > Cheers, > > Brian > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > >
- Re: [TLS] Revised TLS Charter Brian Smith