IETF Logo Mail Archive

Re: [mile] Artart last call review of draft-ietf-mile-rolie-10

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 10 October 2017 01:33 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73656133073; Mon, 9 Oct 2017 18:33:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L5ixnntTmmMS; Mon, 9 Oct 2017 18:33:04 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F8241320D8; Mon, 9 Oct 2017 18:33:04 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id n73so8876833pfg.10; Mon, 09 Oct 2017 18:33:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lxPaFcwotAe8FJLtX+D/Z0yQd0C4i4xGtiNOF+8VQ0E=; b=WSMEn23r9MoeeCWwMYfVW9yyyvXPLmOnCMzyVcQ9ru9bLgFSnUowq40Yh4vqOb4lbK k3jK6I+OS/MDWOt/ZvgaQOcR7LSD1FjBGu+Bru23Pv2z5GZg4FOQwVN3Eepb+5UjsuQz lE+EnfH/UU/mjK4HdRIlUABq5eQtNAbOwKvZri9CZFTDPnSUQd7pOnU0SK1Y8uH3xcch YN/ap6E12oN5zRaARMZwXayT76z13vi/hHwXT99IjfBwXajTh4WYnR7qzhzrQ3s3UXH1 tqstp1U1aVxT4oCXJgdt036LDmOExmTBezy6OQS4IWlP2r1lvn4zlRCTveiFUyTAcnbQ TDgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lxPaFcwotAe8FJLtX+D/Z0yQd0C4i4xGtiNOF+8VQ0E=; b=WWDT3vjDZlJipUgdm7HElDu5Wrgo/SFt+fGv3WbsyRGWKAvGKxIc+ClzSFrZ6sipHN nSYRZlSon+MhH/OI2k8olikB2Awem9FQ7cXy/8Rt9dAG5/3T5Tv9fuMPejiAKzoVCVE8 tTetXfUivwIXBjsMTmbduajtvkwgPuk88OhXXzZ4yxgcjgyeSTwkfFnwVBL6GWiM5RWK rzdH42iuq2JDgyIFnzgfdt6LO1n7YeJrs/mNkkwySZV3vzUEOa2F6UWXivL5ho5N5IN7 PfEnjYPTZuWDhFUU/4fRP7MzOORDwh3kwdgeG6Pnb0cYu3YHUnk8jMKjMAocRoOTh7aB FHmA==
X-Gm-Message-State: AMCzsaV9nadAyRJmdiGF82jngisRsTKPpiGxmUSKfTQmIrqk0cymxCm7 EXe4wRSUPKV1WlcA1coWSXpvnnVsQ6jeuKPMflg=
X-Google-Smtp-Source: AOwi7QBeFzTpkWPhBxy1IfbDFu5XWEaln8qqjx7pnl/Rqy2P19ErSmXcGE9R8eq1l0bdK29CRDidgMlliR3RQRnPbto=
X-Received: by 10.98.194.8 with SMTP id l8mr11750823pfg.253.1507599183904; Mon, 09 Oct 2017 18:33:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.151.131 with HTTP; Mon, 9 Oct 2017 18:32:23 -0700 (PDT)
In-Reply-To: <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <20171009235717.GN96685@kduck.kaduk.org> <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 09 Oct 2017 21:32:23 -0400
Message-ID: <CAHbuEH5C_GAkeLj6Pda5usY4PYXb1uwY8jzwnnvAV6Ao7v+d2A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, ART Area <art@ietf.org>, MILE IETF <mile@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, draft-ietf-mile-rolie.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/WRpOuYvo_QFXfyJrSYKterTEFwo>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 01:33:05 -0000

On Mon, Oct 9, 2017 at 9:11 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> On Tue, Oct 10, 2017 at 10:57 AM, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> I think that one could make the case that using TLS 1.2 (or higher) greatly
>> facilitates having a secure system, and so it could plausibly be required
>> by a consuming protocol.
>
> The problem here is that the protocol is actually HTTP.  And that
> protocol has requirements already.  A recommendation to use TLS 1.2 is
> fine, but that is already part of RFC 7525.
>
>>> needed.  Similarly, the prohibition on the use of 0-RTT is groundless.  The
>>
>> I am a little surprised to hear you say that this prohibition is "groundless".
>> Given that we require consumers of TLS 1.3 0-RTT data to explictly specify
>> an application profile for how it may be used, with the intent to induce
>> a careful analysis of the security considerations for sending early data
>> messages, it seems quite reasonable to me that a protocol author might
>> wish to defer such a painstaking analysis and take the easy choice of
>> prohibiting early data.
>
> This is quite explicitly using HTTP, which has a profile (work in
> progress).  If that profile is somehow inadequate, then a case should
> be made in the draft explaining why (hence the choice of the word).  A
> reference to TLS 1.3 also has the unfortunate effect of delaying
> publication of this draft.


Can you provide a pointer?  The profile is likely inadequate for this
and many other uses of HTTP/TLS if early data is permitted.  0RTT has
a large impact across many protocols including those that use
HTTP/TLS.

If there is no normative language, then it can continue on to be
published with the draft for TLS 1.3 being used.  This is an
application where security is very important, so decisions like this
that can be made now should be prior to implementers testing TLS 1.3.

Best,
Kathleen



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email