IETF Logo Mail Archive

Re: [hybi] Why not just use ssh?

Eric Rescorla <ekr@rtfm.com> Wed, 01 September 2010 00:39 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C8D73A688E for <hybi@core3.amsl.com>; Tue, 31 Aug 2010 17:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.578
X-Spam-Level:
X-Spam-Status: No, score=-101.578 tagged_above=-999 required=5 tests=[AWL=0.398, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M+B5lqAcupNk for <hybi@core3.amsl.com>; Tue, 31 Aug 2010 17:39:12 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 0F4463A6859 for <hybi@ietf.org>; Tue, 31 Aug 2010 17:39:11 -0700 (PDT)
Received: by bwz9 with SMTP id 9so5962049bwz.31 for <hybi@ietf.org>; Tue, 31 Aug 2010 17:39:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.204.8.10 with SMTP id f10mr4950316bkf.181.1283301580798; Tue, 31 Aug 2010 17:39:40 -0700 (PDT)
Received: by 10.204.144.149 with HTTP; Tue, 31 Aug 2010 17:39:40 -0700 (PDT)
In-Reply-To: <CA566BAEAD6B3F4E8B5C5C4F61710C110FAFBCBD@TK5EX14MBXW605.wingroup.windeploy.ntdev.microsoft.com>
References: <d48398080b610405d982ffd924f58e27.squirrel@sm.webmail.pair.com> <AANLkTin8CiHFoOSFdcRPern5YY-FdODC4GST+BrP3t_j@mail.gmail.com> <AANLkTi=fn2JE7a0b_0KFFLwq3eG_-xnaRazXAMPGi0N3@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C110FAFBCBD@TK5EX14MBXW605.wingroup.windeploy.ntdev.microsoft.com>
Date: Tue, 31 Aug 2010 17:39:40 -0700
Message-ID: <AANLkTimiPTwrXng9u8z8nobO1xKReDCCogmSrhSmcFAX@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
To: Gabriel Montenegro <gmonte@microsoft.com>
Content-Type: multipart/alternative; boundary="00151743f7fedcfa74048f27ee3d"
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Why not just use ssh?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 00:39:14 -0000

On Tue, Aug 31, 2010 at 5:16 PM, Gabriel Montenegro <gmonte@microsoft.com>wrote:

> > On Tue, Aug 31, 2010 at 1:55 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> The NPN mechanism is not a slam-dunk in the TLS working group, judging from
> the exchanges there,
>

Responding just to this point...

I think that's a fair assessment of the state of the TLS discussion.

To expand on it a little bit, there are three barriers to NPN proceeding in
TLS:

(1) Concerns about the architectural choices embodied in it.
(2) Concerns about the precise technical details.
(3) A general lack of momentum.

My impression is that (2) isn't that big a deal, i.e., that the authors are
flexible about
the details. (3) is an issue (like any piece of work) but OTOH this WG
deciding that
they really needed something NPNish and asking TLS to do it would have a big
impact
on momentum, I think. That leaves the architectural issues. I think we'd
need
more discussion in TLS-WG before we have a clear answer to that.

-Ekr

v2.23.0 | Report a Bug | By Email