Re: [kitten] Status update on draft-ietf-kitten-tls-channel-bindings-for-tls13-15
Benjamin Kaduk <kaduk@mit.edu> Thu, 28 April 2022 16:23 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A0E5C15E6CE for <kitten@ietfa.amsl.com>; Thu, 28 Apr 2022 09:23:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i_wZ9ZXVMwg5 for <kitten@ietfa.amsl.com>; Thu, 28 Apr 2022 09:23:16 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD66FC15E403 for <kitten@ietf.org>; Thu, 28 Apr 2022 09:23:16 -0700 (PDT)
Received: from mit.edu (c-73-169-244-254.hsd1.wa.comcast.net [73.169.244.254]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 23SGN2sU003098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 28 Apr 2022 12:23:10 -0400
Date: Thu, 28 Apr 2022 09:23:01 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: tom petch <daedulus@btconnect.com>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, Paul Wouters <paul.wouters@aiven.io>, kitten@ietf.org
Message-ID: <20220428162301.GX13021@mit.edu>
References: <9365ee48-162a-4b1f-20b5-4f3853e43201@isode.com> <52B1911E-5D62-49F1-91AC-D4B9476A9CA2@aiven.io> <f1e8c499-49c7-c41c-c641-a51c0f2010e2@isode.com> <626ABCB2.9000605@btconnect.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <626ABCB2.9000605@btconnect.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/2MEJ988diQTs93aC13C-gusTzZo>
Subject: Re: [kitten] Status update on draft-ietf-kitten-tls-channel-bindings-for-tls13-15
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2022 16:23:17 -0000
Hi Tom, On Thu, Apr 28, 2022 at 05:11:30PM +0100, tom petch wrote: > On 26/04/2022 17:35, Alexey Melnikov wrote: > > On 25/04/2022 16:34, Paul Wouters wrote: > >> i am confused how an Updates: call is depending on consensus. either > >> it updates something said in that document or it doesn't. > >> > >> in theory this cannot be a subjective call? > > > > The shortish version of the argument is as follows: > > > > 1) The desire to include "Updates: RFC 8446" header in > > draft-ietf-kitten-tls-channel-bindings-for-tls13-15 is to make the new > > TLS 1.3 channel binding "tls-exporter" be discoverable by SASL/GSSAPI > > implementors. > > > > 2) "Updates" header is typically used to make implementors of the > > updated RFC be aware of important fixes (in particular changes in > > behavior) or mandatory extensions. In the past it was sometimes used by > > optional extensions, but this practice is not generally supported now. > > > > 3) TLS WG now uses higher bar for other documents to include "Updates: > > RFC 8446". Optional extensions (such as > > draft-ietf-kitten-tls-channel-bindings-for-tls13-15) don't meet this bar. > > > > 4) draft-ietf-kitten-tls-channel-bindings-for-tls13-15 doesn't define a > > mandatory-to-implement extension for TLS 1.3 implementations. Because of > > 2) and 3) it must not include "Updates: RFC 8446". Additionally, > > implementors can discover this extension through a) IANA registry of > > channel bindings or b) through Updates: 5801 (SCRAM) or Updates: 5929 > > (Channel Bindings for TLS). RFC 5801 is the most likely reason why > > people would implement any TLS channel binding in the first place. > > Alexey > > My initial reaction was that you were spot on but re-reading the I-D and > RFC, the problem is that RFC8446 says that there are no channel bindings > which is rather off-putting. If it had said 'at this time' 'for future > study' or some such then I would not see a problem. It is the somewhat > dogmatic 'are not defined for TLS1.3' that I think will mislead people > and warrants an update. Could you please clarify where you see RFC 8446 saying "there are no channel bindings"? I thought it said that the previously defined channel binding types are not defined, but actually encouraged future work to explore the use of TLS-Exporter values as channel bindings (which this I-D does). (I cound five instances of the phrase "channel binding" or "channel bindings" in RFC 8446, easiest to search for "binding" which has ten occurences, and have reviewed all five.) > Perhaps an Erratum for RFC8446 would do the trick. I don't think so, as I do not see a statement in RFC 8446 that was an error at the time of publication. Thanks, Ben
- [kitten] Status update on draft-ietf-kitten-tls-c… Alexey Melnikov
- Re: [kitten] Status update on draft-ietf-kitten-t… Sam Whited
- Re: [kitten] Status update on draft-ietf-kitten-t… Alexey Melnikov
- Re: [kitten] Status update on draft-ietf-kitten-t… Paul Wouters
- Re: [kitten] Status update on draft-ietf-kitten-t… tom petch
- Re: [kitten] Status update on draft-ietf-kitten-t… Benjamin Kaduk
- Re: [kitten] Status update on draft-ietf-kitten-t… tom petch
- Re: [kitten] Status update on draft-ietf-kitten-t… Paul Wouters
- Re: [kitten] Status update on draft-ietf-kitten-t… Sam Whited
- Re: [kitten] Status update on draft-ietf-kitten-t… Paul Wouters