IETF Logo Mail Archive

Re: Things that used to be clear (was Re: Evolving Documents (nee "Living Documents") side meeting at IETF105.)

Eric Rescorla <ekr@rtfm.com> Thu, 04 July 2019 22:41 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60CB91200DB for <ietf@ietfa.amsl.com>; Thu, 4 Jul 2019 15:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uG8D5ZjsTaVn for <ietf@ietfa.amsl.com>; Thu, 4 Jul 2019 15:41:39 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C58321200D8 for <ietf@ietf.org>; Thu, 4 Jul 2019 15:41:38 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id b29so5107054lfq.1 for <ietf@ietf.org>; Thu, 04 Jul 2019 15:41:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ECdR7y9DufGA89H1c7TxHuUt0nKRE2ryahvm5D4TTrw=; b=SJK7les1WI6REZtMn36xO6W5vrDv/MQJ1k+cwSRteGPQ4/qWd93JraovNAlwKEEurc Wp1/eZGOxgEnclvVWkbcyz3SGpRqyghVULAmDJYTkKWJxSxccshoZTx76tTFBmT52NI/ szeO77z9w4QKL8VS4K6jk6BJWazCmucU/oRZ6S8OuWex+iaoC6ozg/938sLoxCxF6uFl icGNKYVjkG1ZJ32PhGfWbXgG6ZmrGzFEMpIntoOwponRSHDpcLNKePepVxl40iKZd6Rk tSI70IgXbTPvnJ9/vWREJCG4k5O3CLnIl7haP/Ptb3eT/7ON0Hs/MeF/Hb2+KaLOfoKB n7Tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ECdR7y9DufGA89H1c7TxHuUt0nKRE2ryahvm5D4TTrw=; b=qvH0tenLJ/CkN+dtTPoMM+LdDYb5hQBWLbX1u7iDckUutYEGgsQ58HZZwff2AVs9c0 LDiAFayoKyBhN/QUb28Ksn8t9l8heUq8Q3E9ODFIr4NLm2waUBPvPFdPjBVjkiBsyB1s FKOMOS6Om8gA6N52p7/cCTuFkIT6i0RIWswJfXH5DxqXsuQeuSnBtZIJgeZW8JEMBg/k RN2ChwPGTqCn1fJOP9mAdT0CVlManDiIn9pi0CuiXVBd7ocnBcWZJM5kuXDvxN3hyFug oUdLAYqMy3LAwpqE1vxsPjUQbTGFZQEJQxR2l5ZI6G5+aK6MjnpgDyo7nDsFCbo6yDuR 334w==
X-Gm-Message-State: APjAAAXnPR6L6ME2btf6c1wsCI8SrjyIMW6eKvt5ADgB7b9g1QecXMZ4 UCMEtz76ZeSKPYkQiM8YT5wSi/a8fZcCnm1rTeGBzQ==
X-Google-Smtp-Source: APXvYqwA80ZUbBPHVZ/DylDThiV+CyL9vWxJ0FXujV520Tv04xUOpESUNiCrZkETOJD5ecU7nvnbQxwalxcxdlxohtI=
X-Received: by 2002:ac2:4202:: with SMTP id y2mr372061lfh.178.1562280097068; Thu, 04 Jul 2019 15:41:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgToQWmOrfOxS_dc4KRtT9e0PXNzmhWZHkRUyV_3V=E-mQ@mail.gmail.com> <0856af71-4d84-09d1-834d-12ac7252420c@network-heretics.com> <CAL02cgQ9qWVUTPW=Cpx=r32k3i1PLgfp5ax0pKMdH0nKObcKTg@mail.gmail.com> <e8d28a7f-128d-e8d0-17d3-146c6ff5b546@joelhalpern.com> <CAHw9_i+UBs85P+gjcF6BJd1_WD2qFrrYCnXb4rtcG9Hepqm37w@mail.gmail.com> <796c1f6c-cd67-2cd5-9a98-9059a0e516f8@network-heretics.com> <20190704013009.dlifopcbm2umnqo7@mx4.yitter.info> <b18809df-ee98-fb29-b6c4-04ed579e163a@network-heretics.com> <20190704052335.GF3508@localhost> <CABcZeBOw6w2tm4YYFdmLwC23ufPDupt2D1Vzwjn4Pi9bbf6R-w@mail.gmail.com> <20190704192057.GI3508@localhost> <CABcZeBMC-VRfea3YqLSs6yhtEq4VtfdO5L56v87KH=vMR4y=+A@mail.gmail.com> <5c9048ef-ba2b-a362-3941-82eacc664b64@mnt.se>
In-Reply-To: <5c9048ef-ba2b-a362-3941-82eacc664b64@mnt.se>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 04 Jul 2019 15:40:59 -0700
Message-ID: <CABcZeBPv8xUMbSt+SDL_X56SBB_CPyBMKZaQMbPd=6M-xT+hpQ@mail.gmail.com>
Subject: Re: Things that used to be clear (was Re: Evolving Documents (nee "Living Documents") side meeting at IETF105.)
To: Leif Johansson <leifj@mnt.se>
Cc: IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039cca7058ce2ae51"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/jQhR_jNu47ZCfijlLxbP1xs9dqo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 22:41:42 -0000

On Thu, Jul 4, 2019 at 2:20 PM Leif Johansson <leifj@mnt.se> wrote:

>
>
> On 2019-07-04 22:13, Eric Rescorla wrote:
> >
> >
> > On Thu, Jul 4, 2019 at 12:21 PM Nico Williams <nico@cryptonector.com
> > <mailto:nico@cryptonector.com>> wrote:
> >
> >     On Thu, Jul 04, 2019 at 08:31:47AM -0700, Eric Rescorla wrote:
> >     > Ignoring labelling for a moment, in a number of WGs (HTTP, TLS, and
> >     > QUIC) we have found it necessary to have full implementations and
> >     > large-scale deployments quite early in the design process, long
> before
> >     > anyone thinks that the document is done.
> >
> >     I had that experience in mind.
> >
> >     Except for QUIC (whose implementors and deployers understood and
> >     expected to have to make backwards-incompatible changes / move to
> HTTP/2
> >     and /3), HTTP/2 and TLS 1.3 didn't get widespread deployment during
> this
> >     process.  But they did get some, and that "some deployment" was
> >     absolutely critical to their success.
> >
> >
> > I don't want to nitpick about widespread, but we were seeing single
> > digit fractions
> > of Firefox connections with TLS 1.3 during this period. I would
> > anticipate that
> > QUIC will be similar.
> >
> > -Ekr
> >
>
> These are all success stories (TLS, QUIC...) that seem to follow the
> pattern of a fairly tight knit community of comitted actors who are
> willing to progress at roughly the same pace.
>
> I was here when MSFT suddenly announced that a particular draft of
> pkinit was going to get shipped in Active Directory krb and that was
> that. Would we have gotten further down the road of practical interop
> for asymmetric key authn in kerberos had we use the same pattern of
> work as TLS 1.3 did? Maybe we're just better at this now? I doubt it.
>

I actually do think we are a bit better. In particular, the idea of having
"interop versions" that we all converge on and using protocol versions
on the wire that corresponds to the draft version seems to be key.
This may have been done in other protocols but at least from my
perspective, it took a while to get those idioms right.



You can lead the horse to water but you can't force it to drink
> but to what extent is flexibility wrt the publication process enabling
> this behaviour?
>

Yeah, I don't think enormously. This worked fine with the ID system.
As I said, what would be helpful for big protocols like TLS, QUIC, etc.
seems to me to be the ability to make "editorial" changes to the document
post-publication. I scare-quote editorial because it would also include
clarifying points that basically everyone agreed on but that could be
misinterpreted and would impede interop if there were multiple
interpretations.

-Ekr

v2.23.0 | Report a Bug | By Email