IETF Logo Mail Archive

Re: [kitten] TLS export for channel binding

tom petch <daedulus@btconnect.com> Fri, 08 May 2020 15:41 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4433A0ADA for <kitten@ietfa.amsl.com>; Fri, 8 May 2020 08:41:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JrDO1ewLOaUt for <kitten@ietfa.amsl.com>; Fri, 8 May 2020 08:41:37 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60094.outbound.protection.outlook.com [40.107.6.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FAC23A09EA for <kitten@ietf.org>; Fri, 8 May 2020 08:41:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hh+YeNy/Rbmu/uQHuXzUvwktLTbRxosoStZG6H8CwhTAabHX1fZgXyWROI5a32dwWoEQZppW5H/NyopnprBjpeduGzvgdmuEsKXRXQ7n5YgshZF0HRJ8fN3FqxIPxWY1zXVhM6oYktTXtsdc+KSJEdGIyAbGNOxBlpS53s+aHfKggAVrVYJnyIwTZjjdTq96MeaZiCkAQL87O3FRBDyZ4r7eBQfU+Jba8Hxm2U3it0tT8bFrtFQP80EQQcnd8bJUgmpxeqsez5m9TxOuXSoqel3rbD0xnfKAsdq1Y73h/gIWkyRnefnT5pi7h4HO0oeqhXtpjMerLmQFcx5CO5WfAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J/2JW55srzMnhRCYqbbPdYcTaJqwUKgz+QUco8MCzko=; b=AT0z+l56cMgx9ssHTYW8G9DL14QoXbu+B0aE3D9gk/mLrc1f94rY4r0zuUnlzzq6kMD+iVpFxRSLWWPvsaJvXgoiXm0sVLCmyCyIegNxZ3MNa5lkg8uYnRKTME0K7e6dpp7PhBFBvFDofokifd+penKkzagw6tNO6BM7VT+HSdw0UJLB+5jEde/wf4fyugFINX1rztDpXCGI35WjRcCfDBKdLwiGXfMZgvobmqn2V9p1N3erBRpd+hawKU1+f5EpOe6Ff8aCVgYP1Ush4NAF4uFoKEtOSsgCmLrzDKL8GK1w8QhM6rVfl/pxvGhT8RMj36qwzQ9AfJNm6cvuRMOZTw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J/2JW55srzMnhRCYqbbPdYcTaJqwUKgz+QUco8MCzko=; b=pRG9Kw2IBjM4wZhxu7ZULt9FFjtjYUr+zZdwcdIsF8rOqwbRgHGwrOo8qrYjRVuAZy90M5Yj17OQwRzDqzXOqZPnCt6s1uGOwa8p9SoM+/xEMxHfk0zZa2sZzDOhMCj7K/KnSAbMz1z55lHkQkoBahK6qkL7BxcU2DSek3oVmR4=
Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16) by VI1PR0701MB6880.eurprd07.prod.outlook.com (2603:10a6:800:19d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.14; Fri, 8 May 2020 15:41:34 +0000
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::3474:b82e:e75a:b176]) by VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::3474:b82e:e75a:b176%11]) with mapi id 15.20.3000.013; Fri, 8 May 2020 15:41:34 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
References: <ddff592a-4774-43c7-8b23-392516d892ab@www.fastmail.com> <85d7fb9a-92f7-4b5a-bb20-bb9cfeeae67d@www.fastmail.com> <3d1e7257-004c-aabf-a259-6e532259c78e@isode.com> <80f32eca-9625-4c16-872f-5b0edb975483@www.fastmail.com> <jlg7dxn20ks.fsf@redhat.com>
Date: Fri, 08 May 2020 16:41:17 +0100
Message-ID: <1UW9H0ROlm.1L2tuElxz66@pc8xp>
In-Reply-To: <jlg7dxn20ks.fsf@redhat.com>
From: tom petch <daedulus@btconnect.com>
To: Robbie Harwood <rharwood@redhat.com>, Sam Whited <sam@samwhited.com>, Alexey Melnikov <alexey.melnikov@isode.com>
Cc: KITTEN Working Group <kitten@ietf.org>
User-Agent: OEClassic/3.0 (WinXP.2600; F; 2019-11-28)
X-ClientProxiedBy: LO2P265CA0029.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:61::17) To VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from pc8xp (81.131.229.19) by LO2P265CA0029.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:61::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.26 via Frontend Transport; Fri, 8 May 2020 15:41:33 +0000
X-Originating-IP: [81.131.229.19]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7b2d60f7-93c6-43e4-d959-08d7f3664943
X-MS-TrafficTypeDiagnostic: VI1PR0701MB6880:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB6880079B87514FEAEB1E7F32C6A20@VI1PR0701MB6880.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 039735BC4E
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Om7OzN59UP/yqmcgH6WuRrEloxXDwmT/Py+c4uMS9sZlwycyPb9zmS6f32inGei1qoR83dwiKHOS+zyDnkverdXzL36iCRVi3vDMONGm/c8SBTdj0DG1JpG2P9+czG0qgXRUcOAC1bCaTG7l7Q/dNu/a9BqIyT1/QAxzRLvvHT8Z1/c6y/QsAei3kHtJE9BwoMTg/9BejMCyzDGSiVbRoqKl1DUDRJvoy4GCGRhDHFwYxCHjaZAilqQ512cEm7tdd7hCIqeoUikiAWYYDJXZbsPrFiBbLEwiWUEzUBLqBZbKwu1jxEMMA1e/ZdNcBuPpwfyQ4SAFPpGvctEosPtijUxxPrI/AE6pM+h3BgBRlP4Qc3p54/P3bo8+Sov26t81LAgbPEnjPc01+oc4WWWjEXdcu6G2sEm2exlyvvcrdBfprKYqW3FtxxtHo54F3d2Azs/HKPFFqworkUCrUG4wRkj4ZUyDfUL6gXJzFWUKQLsNeAtSXIp9PjjiyEfEQIaeCbnJHJ2lITuHbOLo8VmDRRjwbSmA3CbZ1awCsgAF35/AcYkJIgoKd82Fln3/5EdcDJDs5FFZOSmZzj7eFYMpW6NAkqyGMC4ocRWDboQwDZE=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2480.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(136003)(366004)(376002)(396003)(346002)(39860400002)(33430700001)(66946007)(8936002)(52230400001)(956004)(5660300002)(33440700001)(66556008)(2906002)(6496006)(6666004)(83300400001)(26005)(66476007)(4326008)(83280400001)(52116002)(83320400001)(83290400001)(83310400001)(9576002)(33716001)(110136005)(316002)(86362001)(966005)(55016002)(9686003)(8676002)(16526019)(186003)(45080400002)(478600001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: gnX/GotxQoKxTMP6aNVbM9hDmHUnJmUoHLTY0dOiQjH8HFWIprFgUDO4ZiuMmY7H89npbBh3JKXi+Gm58GQm1MSXjLlVk6W8lBRq7nSzx4UUEklnThcS0moiiyrWVvd2RAm71Q9gTeZkdu3i++vW/mx1ItoPJeo3gt/uGCi09eJ1Toe6v3C8zJAoBcv/7PZhpp9XfrHotMHQhVfARs8j4sKpXDmRNulGFqPUe7qPwM3pAyNZiQP40y70NqcF73By5/xSXarmxpIgk4W/oKupNTSrfHSQF9mJmeAlTwSEn57e/95wxu+71m5MpCseZxS+eCKLiltTuCZNOK1IR8eHJa88gNQgSlFX8EGmuhr7r5kXteGa4VbkFRO5fzwJtNLnnw87Hv4ySQCNlxrfXWJRe/bRzdyLAlslY9qma1XtE1KDhFhdqJDuZ/3spSCydkBsFyRsgHNMOx1nu3ioTdpE5ooWxeHGzriTIu/iuWnc4U4=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b2d60f7-93c6-43e4-d959-08d7f3664943
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2020 15:41:34.1109 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zACTkmpK9N8jAhu9P+LPq12nzfeB66+4BrgXQPub6RzT/l6z7IaUsAI13QPRuyuCgWuigRWtkQTOMjCw86rakw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB6880
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/VtLqKBDxTc_4IAS6abVzJ-kUyE0>
Subject: Re: [kitten] TLS export for channel binding
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2020 15:41:40 -0000

----- Original Message -----
From: Robbie Harwood rharwood@redhat.com
Sent: 07/05/2020 17:04:35

"Sam Whited" <sam@samwhited.com> writes:

> Sounds good. There's been more interest here, so would the next step be
> for me to change the draft from "draft-whited-tls" to "draft-whited-
> kitten" ? If so I'll move it over and reset the version to 0.
>
> Thanks for your help as I try to understand this process (again)!

(Chair/obnoxious process hat on) I think it would be best to have a
formalized call for adoption in kitten - that's a separate email with
"call for adoption" and the thing to adopt in the subject.  What I've
observed so far is interest in the document existing (and willingness to
work on it), but not specifically in kitten.  We'll let that simmer
about a week, and then if there's consensus, we can adopt.

(As a contributor) I've certainly no objections to adoption, but TLS is
not exactly my wheelhouse.

<tp>
which I think is the problem; whose is? The I-D baldly states that the current channel binding does not work with TLS 1.3, with no explanation.  I track the TLS list and do not recall the discussion but the development of 1.3 was tortuous and I could have skipped the discussion on the grounds of This Is One More 1.3 Problem I Could Do Without.  Whatever, this I-D needs to spell the problem out and IMHO update the current RFC on TLS Channel Binding so that others can see that there is a problem.   There is a lot of expertise on the TLS list whose names I know well and trust but I do not see many of them posting here.  Which pushes me to thinking that this I-D 

---
New Outlook Express and Windows Live Mail replacement - get it here:
https://www.oeclassic.com/

belongs elsewhere.
Tom Petch






Thanks,
--Robbie

v2.23.0 | Report a Bug | By Email