IETF Logo Mail Archive

Re: [kitten] Martin Duke's Discuss on draft-ietf-kitten-tls-channel-bindings-for-tls13-14: (with DISCUSS)

Sam Whited <sam@samwhited.com> Wed, 23 February 2022 21:41 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9350D3A0E63; Wed, 23 Feb 2022 13:41:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=Nv4jRIfE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LtLiuqgM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yX3ewqhc_fs3; Wed, 23 Feb 2022 13:41:17 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9127A3A0E4D; Wed, 23 Feb 2022 13:41:17 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D2A715C012C; Wed, 23 Feb 2022 16:41:16 -0500 (EST)
Received: from imap42 ([10.202.2.92]) by compute5.internal (MEProxy); Wed, 23 Feb 2022 16:41:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=0Grp1InrBKEs+s LUuX/+D7M6qOeOYtBjRLtb//OhOrc=; b=Nv4jRIfEOAtx86kepj+ljYljL3TK7r hRZrQitkZxLUbiompx6cSSxnbi1UbayCFSnYwy1VNIHGI/vSVo9RlyN9pGU8GBs5 XDlG813zpd0e2EkEP0zb56vg05ce4sWsPM94O+yJH3HnMygIHF4a+9nFTrOfXPBc nWhhURYL5ginbjO+oG63ltlaNykFCIjGyPBYoLu+4mHhNB9yJcqFgla29v6q7tma hepkCecbFewd8K0Cm7L1yqJd9J4x5m961cFyfaGvdhquUYJZS20+Qp16R1nCygqT DUJ4ehF8DXcgTX60yLHBv+tpl0IeMcz6U+I8n0H2u909CZyn6tn9tqVQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=0Grp1InrBKEs+sLUuX/+D7M6qOeOYtBjRLtb//OhO rc=; b=LtLiuqgMUBs45aTkt/TQOJjv6eMUcm6Sj2hdYGiw0qLWqjpeCmK6Dir29 S/mknYFrN6b9z+9tmEXBHA5ecfejONojzTMzUvFzj0/0clBURGh/vU+Kbu18ij02 5KyTTDri+fpv5ucL2UMPVYeSfX2fPx1fh+T5CdfM8qZvI79K5HwDoGauSHlHokrH LPY9Xv3WAl4OMrutEwwjU1wW2Z2/7Pd8WSxwnXZ5TgfLkBEvzhxJEG18yC62khV/ PoSy8tGQ4sFxBya4XF0IOFm2YaW6jigDqfPoLokGKBB2f+E2sVAgo6oZ4T+M3Cjs lGmcy2ndUSvc2GLzkvUibiBsRneYg==
X-ME-Sender: <xms:_KkWYqA_VjL1IZiSSfSh49nMYAqoXCfhM4GYD3M9-hwuX-zDn1OMIw> <xme:_KkWYkjzWJuGCJbpMU5lEqEe7-iRfYtJX3VWau-xJVzwyELr7JXLBYnwLI873Pcyy ztroKHFqZkyBXZdLA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrledtgddugeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg htthgvrhhnpeefuddukeekueetueelfeeguedvuedvffehvdevieffgeehhfejffdtveev uedvffenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepshgrmhesshgrmhifhhhithgvugdrtghomh
X-ME-Proxy: <xmx:_KkWYtmdMr2ClMiQ6vMXLDksRqlS3DH394CXkEHtwK4NjptA2XOMqA> <xmx:_KkWYoyXTf_Lz0r_wK_ZP93MWJhfHQwlGegca5SxGEdMNWxPvT3FFw> <xmx:_KkWYvQShcOAcMW36HejdidLatCjNa19D416jnkY_DxWpXt5_dTd3Q> <xmx:_KkWYpec1e-eCecTkYXM6KCVyN2mmM1F89OFXo2a1UB1TR6jmGIpgA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 84AC7218008E; Wed, 23 Feb 2022 16:41:16 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-Id: <7a949ea1-611a-4919-b8c2-b0fa32d2b40b@www.fastmail.com>
In-Reply-To: <CAM4esxSsQRMnfJnUassNfVtv7OtpXAwXv2Xfnd+vDg-iJyho1Q@mail.gmail.com>
References: <164564529663.28442.4015005677356062750@ietfa.amsl.com> <20220223194317.GI12881@kduck.mit.edu> <cfe6a4ff-a27b-4084-9c03-479260c88f0f@www.fastmail.com> <20220223205926.GJ12881@kduck.mit.edu> <CAM4esxSsQRMnfJnUassNfVtv7OtpXAwXv2Xfnd+vDg-iJyho1Q@mail.gmail.com>
Date: Wed, 23 Feb 2022 16:40:56 -0500
From: Sam Whited <sam@samwhited.com>
To: Martin Duke <martin.h.duke@gmail.com>, Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, KITTEN Working Group <kitten@ietf.org>, draft-ietf-kitten-tls-channel-bindings-for-tls13@ietf.org, kitten-chairs@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Cbga0n2I91KObP59a_BLzMP5jXY>
Subject: Re: [kitten] Martin Duke's Discuss on draft-ietf-kitten-tls-channel-bindings-for-tls13-14: (with DISCUSS)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2022 21:41:23 -0000

I see, I missed that the suggested changes had removed this, or possibly
forgot to bring it up before applying them. If the text no longer
matches the header I agree they should match, but I still feel strongly
that this should in fact update TLS 1.3, which makes it sound as if
there are no channel bindings for TLS 1.3 (except now there are, so that
sounds like an update to me and something that's important to make
discoverable).

—Sam

On Wed, Feb 23, 2022, at 16:08, Martin Duke wrote:
> Yep , I have no opinion on whether it should be updated, but the
> header and the text should match.
>
> That said, if there is no consensus that seems like a bigger issue.
>
> On Wed, Feb 23, 2022 at 12:59 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>
>> Hi Sam,
>>
>> I think that the proximate topic here is that Martin is noticing a
>> mismatch between the in-document header (the "Updates:" header) and
>> the prose of the document.  That's my fault; I sent you suggestions
>> that removed the header but forgot to touch the prose at all, and if
>> I had done so, I don't think Martin would have raised the topic
>> (Martin, please correct me if I'm wrong).
>>
>> On the question of whether or not "updates" is correct, I think that
>> https://mailarchive.ietf.org/arch/msg/tls/YZQWmP_8BDkacfy3O-qcy8EV2N0/
>> (from a TLS WG co-chair) is a good summary -- the current "normal"
>> for TLS is to not use the header for this sort of thing.
>>
>> It also notes that the question of what text (if any) to put in the
>> ongoing 8446bis effort is more important, long-term, than whether to
>> use the "updates" header here.  That is, RFC 8446 itself will
>> probably only be current for a couple years and then the successor
>> will be current, so any "updates" relationship would become stale at
>> that point.
>>
>> -Ben
>>
>> P.S. Sean also mentioned draft-ietf-ace-coap-est in the linked
>>      message, and there are changes in flight for that document to
>>      refer to draft-ietf-kitten-tls-channel-bindings-for-tls13
>>
>> On Wed, Feb 23, 2022 at 03:26:00PM -0500, Sam Whited wrote:
>> > I do not believe there was consensus one way or another on this.
>> >
>> > The strong feedback was by one or two members of the TLS working
>> > group and I do not believe it was correct or represented consensus.
>> > Unless those people that complained *do* represent consensus among
>> > that working group and intend to block publication of this document
>> > based on it (and if they do, I wish they had said so earlier during
>> > the discussion and not let the matter drop), I would like it to
>> > move forward with the "updates" line in place if at all possible.
>> >
>> > —Sam
>> >
>> > On Wed, Feb 23, 2022, at 14:43, Benjamin Kaduk wrote:
>> > > On Wed, Feb 23, 2022 at 11:41:36AM -0800, Martin Duke via
>> > > Datatracker wrote:
>> > >> Martin Duke has entered the following ballot position for
>> draft-ietf-kitten-tls-channel-bindings-for-tls13-
>> > >> 14: Discuss
>> > >>
>> > >> When responding, please keep the subject line intact and reply
>> > >> to all email addresses included in the To and CC lines. (Feel
>> > >> free to cut this introductory paragraph, however.)
>> > >>
>> > >>
>> > >> Please refer to
>> > >> https://www.ietf.org/blog/handling-iesg-ballot-positions/ for
>> > >> more information about how to handle DISCUSS and COMMENT
>> > >> positions.
>> > >>
>> > >>
>> > >> The document, along with other ballot positions, can be found
>> > >> here:
>> > >>
>> https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13/
>> > >>
>> > >>
>> > >>
>> > >> ---------------------------------------------------------------
>> > >> -------
>> > >> DISCUSS:
>> > >> ---------------------------------------------------------------
>> > >> -------
>> > >>
>> > >> A simple thing: the document header should state that it updates
>> > >> RFC 8446.
>> > >
>> > > No, it should not.
>> > >
>> > > This topic was discussed with the TLS WG and there was strong
>> > > feedback that the use of the "Updates:" header was inappropriate.
>> > >
>> > > See the thread at
>> > > https://mailarchive.ietf.org/arch/msg/tls/vH74JoSGYpJv7Tcem60L3RtNa9U/
>> > >
>> > > -Ben
>> >
>> > --
>> > Sam Whited
>>

-- 
Sam Whited

v2.23.0 | Report a Bug | By Email