Re: [MLS] [new-work] WG Review: Messaging Layer Security (mls)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 28 May 2018 14:40 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 057C812D94C; Mon, 28 May 2018 07:40:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSt7U2f4dduX; Mon, 28 May 2018 07:40:08 -0700 (PDT)
Received: from mail-yb0-x243.google.com (mail-yb0-x243.google.com [IPv6:2607:f8b0:4002:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C452F127871; Mon, 28 May 2018 07:40:07 -0700 (PDT)
Received: by mail-yb0-x243.google.com with SMTP id i13-v6so4142437ybl.4; Mon, 28 May 2018 07:40:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pTEkKv+TbG19hu6Qb1BuYTF8mTV598gokZsE/bzldRw=; b=bO8HLgnlbGGovSFBd5JUTyMoweZibsvKE/LXkfq+xwzqOFyUy1US9RkDQ6oW86MjU3 Ce1m0FjXVAooGhPD8zf2h6Sc3lgRDKKDDWJdsuexn3dAAkMHFY6R5NPEzb/yYVVe0HOr ivk44joq4wZyHZCMx+b7UvW7k3PcYUT834y5bvHq04WBmGQ8F2/5uc2BbPBk4Xi7b+oW 1CCiixMTyx5QR/ZxCisH+wnjTTUMdjj+GN4UDqtczqTl/KbZWYWVfKvkvRUyvd2ALgp3 sWt6dB7gSCjqS3XNvUjZviHKfMMqN1tp2EWPMbG3W09DkUhfEievlK3dQyyljyYtLqDo mUJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pTEkKv+TbG19hu6Qb1BuYTF8mTV598gokZsE/bzldRw=; b=WV/Ozg7vRtRDQF805Iu9OINk2ytrwTqSlFXV3SRuHvpWqHnWF7FsFXyDMRrsV6URAS eO+AWY2pvtyblukGJ/y4W3zQuRV6KBVyKpqhPMyYulUeVM1ZJXBArF8IdLvl/8rFnUS4 motRVJMuPdeg4sG7cl/mb8fQ4PtX3KH+6dKvgGlzwVSt3iaAXMYeiqcDFW+bHMscy95x zxQ3o8GHN/ypxwkKgE+ktIcUYm0RyCIdLhkV6SBRmXudXtghtC0/wK6i/L0LYjaH4dnq eMicXNirG5lZ3uzulE4IQqnsMKKoijEeMORc+P2o7EZqUVagUweH6J6ROFmx4DkeOiSD NoPg==
X-Gm-Message-State: ALKqPwdwj153gT6oJ7IJeKQ0dUC5A/KdT5LnHyNm9vCFFj7emVoDgJQM yG6LK1nP5xnUe4pUE+aeNTh5t34C3kAyznpK7FlCLg==
X-Google-Smtp-Source: AB8JxZqYld4na8vFQQukq8H31GuFHEqn/XlC7SMnpwUBCIFnnCmeWVE9aEaxqZVEtI4ARiLnJ+kt02oJI7mNd8RJLL0=
X-Received: by 2002:a25:618f:: with SMTP id v137-v6mr7653479ybb.221.1527518406750; Mon, 28 May 2018 07:40:06 -0700 (PDT)
MIME-Version: 1.0
References: <152630665840.10130.3108627350220292581.idtracker@ietfa.amsl.com> <41fb6ec6-b370-0598-a831-d9a605bbc758@mozilla.com> <CABcZeBMvemAeYhJkbffrWbBW_pxcSzM_xa=U+HwURdz76T1iwA@mail.gmail.com> <db43afca-735f-17d1-81c3-70ae868cf9e4@mozilla.com> <CAKKJt-fdAgGXwk2p0Rn0RMRMJ096OqHpFL0Jc1WZiBezz7F2Kg@mail.gmail.com> <CABcZeBPRcjTR9VV3qW2rAYhhA9aLmR8yx=F1iJuvwxLqwVBSsQ@mail.gmail.com>
In-Reply-To: <CABcZeBPRcjTR9VV3qW2rAYhhA9aLmR8yx=F1iJuvwxLqwVBSsQ@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 28 May 2018 09:39:54 -0500
Message-ID: <CAKKJt-dXvTbxpa7vD_RBPov9zSSyNbQNcMkqiu1vzj=8QPZQwA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Peter Saint-Andre <stpeter@mozilla.com>, mls@ietf.org, IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000005d120056d451802"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/8IXqmstgLY_ChA2VO26rv1SrFQs>
Subject: Re: [MLS] [new-work] WG Review: Messaging Layer Security (mls)
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2018 14:40:11 -0000
Hi, Eric, On Sat, May 26, 2018 at 5:18 PM Eric Rescorla <ekr@rtfm.com> wrote: > I think even Class 2 devices should be out of scope. If it happens to be > the case that the protocol works for them, then great, but it shouldn't be > a design consideration. > > More to the point, I don't really understand why this needs to be in the > charter. Again, the default assumption should be that devices aren't > constrained; if each charter is going to need to say that, we're going to > need to revise a lot of WG charters. > I agree that charters don't need to include a mention of everything that is out of scope - not only would we be revising a lot of WG charters, but the revised chartered would be really long (and for extra credit, we could read them aloud as children's books, because they would sound a lot like "Green Eggs and Ham"(*)). I do think it makes sense to include topics that have come up in chartering discussions, especially if the resulting answer was "no, we're not gonna do that", because some working group participants can be really sure that that thing we decided not to do was really the right thing to do after all, and being able to point to the charter can make life easier for chairs and ADs. That's why I commented about this. Do the right thing, of course ... Spencer (*) for those who don't know "Green Eggs and Ham", it's a children's book, and an excerpt is at https://genius.com/Dr-seuss-green-eggs-and-ham-excerpt-annotated. The complete book is much more endless than the excerpt would make you think - endless enough that my junior senator, the Savior Of IANA IPR Except Not, read the book aloud to the assembled senate during a filibuster in 2013. YouTube is at https://www.youtube.com/watch?v=q8-NuwTjtq4. > -Ekr > > > > On Sat, May 26, 2018 at 2:46 PM, Spencer Dawkins at IETF < > spencerdawkins.ietf@gmail.com> wrote: > >> FWIW, >> >> On Fri, May 25, 2018 at 11:23 AM Peter Saint-Andre <stpeter@mozilla.com> >> wrote: >> >>> On 5/24/18 8:05 AM, Eric Rescorla wrote: >>> > >>> > >>> > On Mon, May 14, 2018 at 8:55 AM, Peter Saint-Andre < >>> stpeter@mozilla.com >>> > <mailto:stpeter@mozilla.com>> wrote: >>> > >>> > Two points: >>> > >>> > 1. It would be helpful to specify the expected capabilities of >>> devices >>> > on which the resulting protocol might be deployed, such as only >>> personal >>> > devices (e.g., phones and tablets) or also Internet of Things >>> devices. >>> > If IoT devices are in scope (I hope they are!), then citing RFC >>> 7228 >>> > would be good: >>> > >>> > https://datatracker.ietf.org/doc/rfc7228/ >>> > <https://datatracker.ietf.org/doc/rfc7228/> >>> > >>> > >>> > I think the default is we assume reasonably powerful general purpose >>> > computers, >>> >>> Constrained devices are indeed hard to design for (and there are many >>> dimensions of constraint - code size, memory, storage, battery, etc.). I >>> wouldn't necessarily argue for supporting Class 0 devices (which >>> according to RFC 7228 are "very constrained sensor-like motes"), but >>> Class 2 devices (which are "fundamentally capable of supporting most of >>> the same protocol stacks as used on notebooks or servers") would be >>> great. I'm not sure where to draw the line and whether to include Class >>> 1 devices (which "are quite constrained in code space and processing >>> capabilities, such that they cannot easily talk to other Internet nodes >>> employing a full protocol stack such as using HTTP, Transport Layer >>> Security (TLS), and related security protocols and XML-based data >>> representations"). >>> >>> > so if people want IoT to be designed for -- which it >>> > shouldn't, IMO -- then that would have to be stated in the charter. >>> >>> No matter what we decide, it would be good to make that explicit in the >>> charter. >>> >> >> I'd agree with Peter in general, but especially in this case - it seems >> unhelpful to the working group to make them figure out whether to include >> Class 1 devices in their work, after they've been chartered. >> >> Spencer >> >> >>> >>> Peter >>> >>> >>> >
- [MLS] WG Review: Messaging Layer Security (mls) The IESG
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Peter Saint-Andre
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Eric Rescorla
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Peter Saint-Andre
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Spencer Dawkins at IETF
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Eric Rescorla
- Re: [MLS] [new-work] WG Review: Messaging Layer S… Spencer Dawkins at IETF