Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 10 October 2017 01:33 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73656133073; Mon, 9 Oct 2017 18:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L5ixnntTmmMS; Mon, 9 Oct 2017 18:33:04 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F8241320D8; Mon, 9 Oct 2017 18:33:04 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id n73so8876833pfg.10; Mon, 09 Oct 2017 18:33:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lxPaFcwotAe8FJLtX+D/Z0yQd0C4i4xGtiNOF+8VQ0E=; b=WSMEn23r9MoeeCWwMYfVW9yyyvXPLmOnCMzyVcQ9ru9bLgFSnUowq40Yh4vqOb4lbK k3jK6I+OS/MDWOt/ZvgaQOcR7LSD1FjBGu+Bru23Pv2z5GZg4FOQwVN3Eepb+5UjsuQz lE+EnfH/UU/mjK4HdRIlUABq5eQtNAbOwKvZri9CZFTDPnSUQd7pOnU0SK1Y8uH3xcch YN/ap6E12oN5zRaARMZwXayT76z13vi/hHwXT99IjfBwXajTh4WYnR7qzhzrQ3s3UXH1 tqstp1U1aVxT4oCXJgdt036LDmOExmTBezy6OQS4IWlP2r1lvn4zlRCTveiFUyTAcnbQ TDgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lxPaFcwotAe8FJLtX+D/Z0yQd0C4i4xGtiNOF+8VQ0E=; b=WWDT3vjDZlJipUgdm7HElDu5Wrgo/SFt+fGv3WbsyRGWKAvGKxIc+ClzSFrZ6sipHN nSYRZlSon+MhH/OI2k8olikB2Awem9FQ7cXy/8Rt9dAG5/3T5Tv9fuMPejiAKzoVCVE8 tTetXfUivwIXBjsMTmbduajtvkwgPuk88OhXXzZ4yxgcjgyeSTwkfFnwVBL6GWiM5RWK rzdH42iuq2JDgyIFnzgfdt6LO1n7YeJrs/mNkkwySZV3vzUEOa2F6UWXivL5ho5N5IN7 PfEnjYPTZuWDhFUU/4fRP7MzOORDwh3kwdgeG6Pnb0cYu3YHUnk8jMKjMAocRoOTh7aB FHmA==
X-Gm-Message-State: AMCzsaV9nadAyRJmdiGF82jngisRsTKPpiGxmUSKfTQmIrqk0cymxCm7 EXe4wRSUPKV1WlcA1coWSXpvnnVsQ6jeuKPMflg=
X-Google-Smtp-Source: AOwi7QBeFzTpkWPhBxy1IfbDFu5XWEaln8qqjx7pnl/Rqy2P19ErSmXcGE9R8eq1l0bdK29CRDidgMlliR3RQRnPbto=
X-Received: by 10.98.194.8 with SMTP id l8mr11750823pfg.253.1507599183904; Mon, 09 Oct 2017 18:33:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.151.131 with HTTP; Mon, 9 Oct 2017 18:32:23 -0700 (PDT)
In-Reply-To: <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <20171009235717.GN96685@kduck.kaduk.org> <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 09 Oct 2017 21:32:23 -0400
Message-ID: <CAHbuEH5C_GAkeLj6Pda5usY4PYXb1uwY8jzwnnvAV6Ao7v+d2A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, ART Area <art@ietf.org>, MILE IETF <mile@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, draft-ietf-mile-rolie.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/WRpOuYvo_QFXfyJrSYKterTEFwo>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 01:33:05 -0000
On Mon, Oct 9, 2017 at 9:11 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On Tue, Oct 10, 2017 at 10:57 AM, Benjamin Kaduk <kaduk@mit.edu> wrote: >> I think that one could make the case that using TLS 1.2 (or higher) greatly >> facilitates having a secure system, and so it could plausibly be required >> by a consuming protocol. > > The problem here is that the protocol is actually HTTP. And that > protocol has requirements already. A recommendation to use TLS 1.2 is > fine, but that is already part of RFC 7525. > >>> needed. Similarly, the prohibition on the use of 0-RTT is groundless. The >> >> I am a little surprised to hear you say that this prohibition is "groundless". >> Given that we require consumers of TLS 1.3 0-RTT data to explictly specify >> an application profile for how it may be used, with the intent to induce >> a careful analysis of the security considerations for sending early data >> messages, it seems quite reasonable to me that a protocol author might >> wish to defer such a painstaking analysis and take the easy choice of >> prohibiting early data. > > This is quite explicitly using HTTP, which has a profile (work in > progress). If that profile is somehow inadequate, then a case should > be made in the draft explaining why (hence the choice of the word). A > reference to TLS 1.3 also has the unfortunate effect of delaying > publication of this draft. Can you provide a pointer? The profile is likely inadequate for this and many other uses of HTTP/TLS if early data is permitted. 0RTT has a large impact across many protocols including those that use HTTP/TLS. If there is no normative language, then it can continue on to be published with the draft for TLS 1.3 being used. This is an application where security is very important, so decisions like this that can be made now should be prior to implementers testing TLS 1.3. Best, Kathleen -- Best regards, Kathleen
- [mile] Artart last call review of draft-ietf-mile… Martin Thomson
- Re: [mile] [art] Artart last call review of draft… Mark Nottingham
- Re: [mile] Artart last call review of draft-ietf-… Benjamin Kaduk
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Benjamin Kaduk
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Peter Saint-Andre
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Alexey Melnikov
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)