IETF Logo Mail Archive

Re: [kitten] Status update on draft-ietf-kitten-tls-channel-bindings-for-tls13-15

Paul Wouters <paul.wouters@aiven.io> Mon, 02 May 2022 19:37 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB3B1C14F747 for <kitten@ietfa.amsl.com>; Mon, 2 May 2022 12:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuL1UzTb7xXd for <kitten@ietfa.amsl.com>; Mon, 2 May 2022 12:37:54 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17FD5C14F73D for <kitten@ietf.org>; Mon, 2 May 2022 12:37:54 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id x33so27040754lfu.1 for <kitten@ietf.org>; Mon, 02 May 2022 12:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=s8VKogusyDQ5QazJQlnW4iuwi24vps6k3aRYRCGafT0=; b=WSTvDs3/U106MqVUZb11SuyFbs1fANefWL91Sqwmh9lgebfjZzf4zkLveQwVS3tH3q HcZ19SirF++pQW6ONkJJ52H5++H/mIUrtM4nbVnbG9BVZZqwJ82Tn2sK3J/apjl89IHv O3neuYbZhSsyi/nrZcqjP4uyFTEe25WUc/SBs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=s8VKogusyDQ5QazJQlnW4iuwi24vps6k3aRYRCGafT0=; b=0AwaEuE7K4x6aw279tcj1KXaz5L03befKDRqVxFKJaX9WezZEqxA+Dce7LKyDKoAXV OwXuy4NSQiJlyur7jZRUo8kdYsbFc9vDgWA5va4vMFi4+zjoqxxVtnS6bxhk8nz6kznV qw/6TBUCCxZZw9M+v+RVA6bvcPKcgi3GqZjPOFXxLEp/Lqkuoo0yttEhHyc5KvRHSDNM n4fhaJrH9vmo8VuRWYKP/81liJvNPYRLqQFkiBQbTg+WAodhKBrOE8gWaeGVG0QBDdt8 7lawpsFmFNmZI44+rxP+K2c8TCBouV9IlpnKiqMq1p6SqF5fD+tEXgZe13zeoq1ZUqC/ NPnA==
X-Gm-Message-State: AOAM530TW7fDjSiiBrDwt9V61aCOZZoG288tA2aHZGUGURKbYofblg4E BpYQPU6+zpH32mLXk3S/AEnGe+1OHZfYIYbeceUR7w==
X-Google-Smtp-Source: ABdhPJxiD7OA02MwoEQIUv9ZqwaGCQV+PrH6f7jEZwYFzA2i1skAnm+1WV05LVGpsH6WrLKt61aFV9cuYdNqolgHT2Q=
X-Received: by 2002:a05:6512:2286:b0:471:d055:887d with SMTP id f6-20020a056512228600b00471d055887dmr9438169lfu.413.1651520272008; Mon, 02 May 2022 12:37:52 -0700 (PDT)
MIME-Version: 1.0
References: <9365ee48-162a-4b1f-20b5-4f3853e43201@isode.com> <52B1911E-5D62-49F1-91AC-D4B9476A9CA2@aiven.io> <f1e8c499-49c7-c41c-c641-a51c0f2010e2@isode.com>
In-Reply-To: <f1e8c499-49c7-c41c-c641-a51c0f2010e2@isode.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Mon, 02 May 2022 15:37:41 -0400
Message-ID: <CAGL5yWbkvTnYon2smL+RZ1+SDG=f2=TrivhP23e7336K6cg2Dw@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: kitten@ietf.org, Sam Whited <sam@samwhited.com>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000272bff05de0c87db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/8AeXuegPLFVZ1MMyG-RdPvoZT5I>
Subject: Re: [kitten] Status update on draft-ietf-kitten-tls-channel-bindings-for-tls13-15
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2022 19:37:58 -0000

On Tue, Apr 26, 2022 at 6:35 PM Alexey Melnikov <alexey.melnikov@isode.com>
wrote:

> On 25/04/2022 16:34, Paul Wouters wrote:
> > i am confused how an Updates: call is depending on consensus. either it
> updates something said in that document or it doesn't.
> >
> > in theory this cannot be a subjective call?
>
> The shortish version of the argument is as follows:
>
> 1) The desire to include "Updates: RFC 8446" header in
> draft-ietf-kitten-tls-channel-bindings-for-tls13-15 is to make the new
> TLS 1.3 channel binding "tls-exporter" be discoverable by SASL/GSSAPI
> implementors.
>
> 2) "Updates" header is typically used to make implementors of the
> updated RFC be aware of important fixes (in particular changes in
> behavior) or mandatory extensions. In the past it was sometimes used by
> optional extensions, but this practice is not generally supported now.
>
> 3) TLS WG now uses higher bar for other documents to include "Updates:
> RFC 8446". Optional extensions (such as
> draft-ietf-kitten-tls-channel-bindings-for-tls13-15) don't meet this bar.
>
> 4) draft-ietf-kitten-tls-channel-bindings-for-tls13-15 doesn't define a
> mandatory-to-implement extension for TLS 1.3 implementations. Because of
> 2) and 3) it must not include "Updates: RFC 8446". Additionally,
> implementors can discover this extension through a) IANA registry of
> channel bindings or b) through Updates: 5801 (SCRAM) or Updates: 5929
> (Channel Bindings for TLS). RFC 5801 is the most likely reason why
> people would implement any TLS channel binding in the first place.
>
> Best Regards,
>
> Alexey
>

Thanks for the update. Based on this, plus Ben Kaduk's investigation into
the consensus, plus my own reading that I believe that there is no need for
an Update: clause.
I set my ballot to DISCUSS to resolve this issue before the document can
proceed.

As suggested, an Errata can be filed for 8446 to leave a pointer that the
statement is no longer correct.

Sam, as the author of a WG document, you should be making the change
requested by the WG. If you really are not planning to make this change,
the WG chair can either add another author to make the change or we can
make the changes in AUTH48. But obviously, the easiest is if you would just
proceed with this as per WG request.

Thank you,

Paul





>
> > Sent from my iPhone
> >> On Apr 25, 2022, at 16:11, Alexey Melnikov<alexey.melnikov@isode.com>
> wrote:
> >>
> >> Quick status update on this.
> >>
> >> draft-ietf-kitten-tls-channel-bindings-for-tls13-15 includes "Updates:
> RFC 8446".
> >>
> >> After reviewing various mailing list discussions, I confirm that
> inclusion of this header in the draft doesn't represent IETF consensus. So
> the header needs to be taken out. Sam, I know that this is not what you
> personally prefer, but are you willing to make the change?
> >>
> >> The document also needs to have a "Yes" ballot from one of current IESG
> members. So I separately asked Paul Wouters (our new Sec AD) to do the
> document review.
> >>
> >> Best Regards,
> >>
> >> Alexey, as a KITTEN chair
> >>
> >>
>

v2.23.0 | Report a Bug | By Email