IETF Logo Mail Archive

Re: Report on preliminary decision on TLS 1.3 and client auth

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Fri, 25 September 2015 17:23 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCC21A7013 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 10:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlSR0nvAequD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2015 10:23:52 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F221A700F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 25 Sep 2015 10:23:52 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ZfWg6-0003jE-LY for ietf-http-wg-dist@listhub.w3.org; Fri, 25 Sep 2015 17:20:58 +0000
Resent-Date: Fri, 25 Sep 2015 17:20:58 +0000
Resent-Message-Id: <E1ZfWg6-0003jE-LY@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phk@phk.freebsd.dk>) id 1ZfWg0-0003i5-1D for ietf-http-wg@listhub.w3.org; Fri, 25 Sep 2015 17:20:52 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.80) (envelope-from <phk@phk.freebsd.dk>) id 1ZfWfy-0001Fa-5g for ietf-http-wg@w3.org; Fri, 25 Sep 2015 17:20:51 +0000
Received: from critter.freebsd.dk (unknown [192.168.55.3]) by phk.freebsd.dk (Postfix) with ESMTP id B07294F86F; Fri, 25 Sep 2015 17:20:27 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.15.2/8.15.2) with ESMTP id t8PHKNNO009744; Fri, 25 Sep 2015 17:20:23 GMT (envelope-from phk@phk.freebsd.dk)
To: Martin Thomson <martin.thomson@gmail.com>
cc: Yoav Nir <ynir.ietf@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <CABkgnnWREq6X+chcvookChGAZGxkJ6Zs_7FGwz7Mbn12XMxewQ@mail.gmail.com> <5603599F.8090303@treenet.co.nz> <CABkgnnVq9FDeGf_=JF0m0AkgfO1G3DVV2QN_aPrbYnFtfRLFrw@mail.gmail.com> <5603745A.7020509@treenet.co.nz> <6818.1443172702@critter.freebsd.dk> <8F0BC939-B0BD-43F6-AB41-7676B5B94054@gmail.com> <7301.1443176081@critter.freebsd.dk> <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9742.1443201623.1@critter.freebsd.dk>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 25 Sep 2015 17:20:23 +0000
Message-ID: <9743.1443201623@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-4.6
X-W3C-Hub-Spam-Report: AWL=-2.142, BAYES_05=-0.5, RP_MATCHES_RCVD=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1ZfWfy-0001Fa-5g af37f76a5bb6380cf827c2b25b117f30
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Report on preliminary decision on TLS 1.3 and client auth
Archived-At: <http://www.w3.org/mid/9743.1443201623@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30276
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

--------
In message <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com>
, Martin Thomson writes:
>On 25 September 2015 at 03:14, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>> What I tried to say above is that we don't know which cookie
>> identifies the session.
>
>[...]
>
>What I neglected to mention earlier is that client certificate
>mechanism that was being added was viewed more as a necessary evil
>than an important feature.  No one liked having to do this, but as
>Mark pointed out, there are far more people relying on having the
>functionality than we previously thought.

I think in the current climate, we have a lot of lattitude for
doing things right, and telling people why they should migrate
to something safer, so we should seriously consider skipping
the workarounds and aim for something that will hold up well
under pressure.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

v2.23.0 | Report a Bug | By Email