IETF Logo Mail Archive

Re: Gen-Art LC review: draft-ietf-uta-tls-bcp-08

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 02 February 2015 19:42 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1370D1A1A1E; Mon, 2 Feb 2015 11:42:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Level:
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MANGLED_DIET=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HIOkQyajepem; Mon, 2 Feb 2015 11:42:35 -0800 (PST)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6766E1A01AE; Mon, 2 Feb 2015 11:42:35 -0800 (PST)
Received: by mail-wi0-f176.google.com with SMTP id bs8so19410832wib.3; Mon, 02 Feb 2015 11:42:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=M8PWq77NHBh0L6H2O96eE9E06vujWWWKYBzmdF0DikU=; b=iNQa2Gq6p0LnfcJE4hFWUW/SuCrgWo5KZC0bngK8p+c2+P092rwM5QAuTIDa3H8SM/ RzfML5LCPAst+HswT9D9e9JUQIuF06Ox2ryR9x49xt+2VN56bnV3K16BDY2SKRoqQaaB a2JCLd+V1Pr70vHptPUM7RrIBiQTjq8NO+HXDqKxjUIKIYAoaSap9aVAyHYYD3PUc7n7 zJk0WwMs58gi93OcP+ZKyOxmiyokB6KCq3lj+jzq/7m8FjRReCQEPc3hLej5tnewicip Wm6zH9NEHDow7SUzXgF1ngqNNgLGTWzjku1zJXQ3q/X9/rO1YnB6OXk1pGYwZTNvtPPq DhBA==
X-Received: by 10.181.13.136 with SMTP id ey8mr27871926wid.50.1422906154252; Mon, 02 Feb 2015 11:42:34 -0800 (PST)
Received: from [10.0.0.7] ([109.66.127.172]) by mx.google.com with ESMTPSA id ku8sm29271853wjb.23.2015.02.02.11.42.31 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Feb 2015 11:42:33 -0800 (PST)
Message-ID: <54CFD326.60705@gmail.com>
Date: Mon, 02 Feb 2015 21:42:30 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Peter Saint-Andre - &yet <peter@andyet.net>, Robert Sparks <rjsparks@nostrum.com>, General Area Review Team <gen-art@ietf.org>, uta@ietf.org, draft-ietf-uta-tls-bcp@ietf.org, ietf@ietf.org
Subject: Re: Gen-Art LC review: draft-ietf-uta-tls-bcp-08
References: <54CFCA0E.8090406@nostrum.com> <54CFCFBB.6000809@andyet.net>
In-Reply-To: <54CFCFBB.6000809@andyet.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/KZDY1U6S-82iQKdSovYYQkm4Cbs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 19:42:37 -0000

Hi Robert, Peter,

I don't recall a previous discussion of DTLS 1.0. But after looking at 
http://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security#Implementations, 
I agree that we should mandate DTLS 1.2 and make DTLS 1.0 a SHOULD NOT, 
similarly to older versions of TLS.

Thanks,
	Yaron

On 02/02/2015 09:27 PM, Peter Saint-Andre - &yet wrote:
> Hi Robert, thanks for the review. Comments inline.
>
> On 2/2/15 12:03 PM, Robert Sparks wrote:
>> I am the assigned Gen-ART reviewer for this draft. For background on
>> Gen-ART, please see the FAQ at
>>
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>>
>> Please resolve these comments along with any other Last Call comments
>> you may receive.
>>
>> Document: draft-ietf-uta-tls-bcp-08
>> Reviewer: Robert Sparks
>> Review Date: 2 Feb 2015
>> IETF LC End Date: 10 Feb 2015
>> IESG Telechat date: 19 Feb 2015
>>
>> Summary: Basically Ready for publication as BCP, but with nits that
>> should be considered before publication.
>>
>> This is a well structured and fairly easy to follow document. The
>> intended status (BCP, as opposed to, say, AS) is exactly right.
>>
>> There are a few nits that should be considered:
>>
>> Larger nits:
>>
>> * Section 3.1.1 says "SHOULD NOT negotiate TLS version 1.1", but
>> section 3.1.2 says "MAY negotiate DTLS 1.0", and goes on to say
>> "Version 1.0 of DTLS corresponds to version 1.1 of TLS". This seems
>> inconsistent. Should that MAY be a SHOULD NOT?
> Your suggestion seems reasonable to me. I have a vague recollection that
> we had talked about making just that change (and apparently neglected to
> do so), but I will double-check with my co-authors to verify.
>>
>> * In section 4.1, you have requirements like "MUST NOT negotiate RC4".
>> This formulation is good in that it doesn't say anything about
>> implementing algorithms like RC4 or not. There will be natural
>> pressure to stop implementing algorithms you must not use. But it
>> feels problematic when you use the same structure at "MUST NOT
>> negotiate the cipher suites with NULL encryption". Would it be worth
>> pointing out here that this isn't a suggestion to push back on
>> _implementing_ such cipher suites?
> Are you (a) noting that we might want to be explicit about the fact that
> we're not talking about implementation of such suites, or (b) suggesting
> that we might want to say something stronger by actively discouraging
> implementation of such suites?
>>
>> * Since Pete's the sponsoring AD, I have to point at the MUST in
>> section 5.1 as something that should be changed to not use a 2119
>> word. I suggest replacing the sentence with something like "If
>> deployers deviate ... they are almost certainly giving up one of the
>> foregoing..."
> Yes, something along those lines would be better.
>> Very small nits:
> The authors will work to improve the text on the points you have raised.
> If you would like us to propose text for each of these points in this
> email thread rather than through a revised I-D, let us know.
>
> Thanks again,
>
> Peter
>

v2.23.0 | Report a Bug | By Email