[netconf] More complications was Re: netconf-tls wasRe: Summary of updates
tom petch <ietfc@btconnect.com> Thu, 27 May 2021 11:09 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8520B3A191D for <netconf@ietfa.amsl.com>; Thu, 27 May 2021 04:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbSnjYRIyYQI for <netconf@ietfa.amsl.com>; Thu, 27 May 2021 04:09:55 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00128.outbound.protection.outlook.com [40.107.0.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D87403A191C for <netconf@ietf.org>; Thu, 27 May 2021 04:09:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JsMqa/dm5oi1yr0RDJAigX3fuMaZeII6bo/9sXFOnGdq8wcmyrMdrDddl84W0u/bcQSO6XVK+WvVSlhadyZz9zoS2Qj5rGlQHQsRDZO2sIFzGz4kJnYZFk/mWiroCMhM4TfDXH53oLYTf+LTsxeWoUzp28iuepvPFc+mWIi4pLbxJCOIS7gpRosnNxeYMR5hChuaOTHgroJtMBNVlkD8hnTrvwpQtCCNnBtdq2W45AGN0ONEpUH5YjBI2VZLAdcA2w67EeC67VEMVgVo4x2zsfYSEOVicbEpQbvHpqK1yPhCIXGkFQR1X0R2iO+ALy2PZ3Lp4saI36bqnhZBd3XPRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GwrxqS8h7DPjkJhnqA4yOvUlc2IrSIkqXRb1fme/+6o=; b=V/9jnBHs5Io3KvMZrCWdrEh0eIZMHOe3RXhU5EMIyPotA1p1OIUAqmVsJzHyokboLqSQbzIdtqTTV+GB2ovppMsAJ2a0XECjCLUa7cVSG6N7bMbBKmUpTivgOwKMfnp1nvoEFypeTslvXlQTDKCR6pT/l4eqs5lr2SQnZ+zy6VS2oiEC0z0fI83qUy1dmLvswXriR+mytUOA+Suhrx0oO+n1YLJAje4SJ0sFh49i/KZ6qztjneYhaUPNd9BMAZfBVV/GhlZLU0v36n8a8sDGRcjx6qpztVXjlwhcorkAO8hpaO7eAt5P6AhSvF21py7MDuTs2Hcj+ITMoUej7Dq06w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GwrxqS8h7DPjkJhnqA4yOvUlc2IrSIkqXRb1fme/+6o=; b=X5wz7uFUdrY5qz10dlMUh7cMafFXyK1BJUCe1NU10KmNBQ1Tv1gs67lUJ2fDjtYPVxHaiQ3QXnEnzc/xbBuu7o8ttiWyiEvHnwaToophvidfV6XMzc0GpeQ7+vna2OT9RHiMzh2SfwnFKc1hvEuswkWy1Hd7hPOT+ylhgQx1HM8=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB5057.eurprd07.prod.outlook.com (2603:10a6:20b:36::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.13; Thu, 27 May 2021 11:09:52 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::a05a:a474:bf78:f0a9]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::a05a:a474:bf78:f0a9%7]) with mapi id 15.20.4173.020; Thu, 27 May 2021 11:09:52 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>, "garywu@cisco.com" <garywu@cisco.com>
Thread-Topic: More complications was Re: netconf-tls wasRe: [netconf] Summary of updates
Thread-Index: AQHXUPLWSrmKpVGr1UKbZ6VyMkdjp6rz9S9CgADbHoCAAlu6UA==
Date: Thu, 27 May 2021 11:09:52 +0000
Message-ID: <AM7PR07MB6248BBDEECB1134C56426F73A0239@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <0100017980c49236-7975b99d-b591-4da2-a118-f6598517c4e5-000000@email.amazonses.com> <AM7PR07MB624835D8BE54144D97221817A02B9@AM7PR07MB6248.eurprd07.prod.outlook.com> <010001798c0d947e-4d2d14f5-9f0e-450d-ac99-e18c260f0c2b-000000@email.amazonses.com> <AM7PR07MB6248FF0E1E5A053D4FA2BDC4A0299@AM7PR07MB6248.eurprd07.prod.outlook.com> <01000179a0aa5d37-4810234e-8db2-434d-b8fa-780c1648955a-000000@email.amazonses.com> <AM7PR07MB624888AD4CB3C09809B22702A0259@AM7PR07MB6248.eurprd07.prod.outlook.com>, <01000179a5bdc371-b665451f-61d4-4364-9d55-e9369f3adc8e-000000@email.amazonses.com>
In-Reply-To: <01000179a5bdc371-b665451f-61d4-4364-9d55-e9369f3adc8e-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: watsen.net; dkim=none (message not signed) header.d=none;watsen.net; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [86.143.250.49]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: af59e5bc-95a4-46d6-ea31-08d920fff36f
x-ms-traffictypediagnostic: AM6PR07MB5057:
x-microsoft-antispam-prvs: <AM6PR07MB50577CE124460E15C84404F4A0239@AM6PR07MB5057.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fy8pbbJ39WgkIOFawnY6Rfw/8+NFSHhj6naf/ek2e6DqxihfGl5QBvRMYHYgpW6HdwLzb32mIFudGMZgZC52RcZtAcXWQQt3fCQzMt6+HmFB2YJUH9jRB0OFnN6cakPVMc8qXAACKvhBE+VvLuRkWhOKfyCAgIbmChaIKTzbFYpJIjaqIcL3gquCHTPv0ECvt5Seof3nLGY9fP/oI7m4ztJ3J49JYPnSTlkhY4x/DhbHXQgpuoNRD8xtN9FEb0Nd23rBCmy6zFql1pf8//xV2xe0s7jZa2+/j3zvLBG2hbgl8V/eMou8AO7Q0B1ac8rBWoI42yhKXtgg2xQ4ymgSwoqtWbXkK6h0tnmlDrMS7GkH7PIxTP1barRMuw4HzIFZ5ygDYBLbw/BBygqtWidQhjU0FG+v/3Q6AhfFZGvTRGGgep4HVOAfebPrs3QqJElHvJqYppviBTA2GqhVzDqq+sYDrEYNOz2a3y1WBDDyLhKWYUzyq9IUB234aT1mWw42yUCNTqbZLF0VFyyOhV/nTza/bNU3B7nyavSoQx5whiRN3ls20TrTHV6ffjFhhH1hSVLXr7dqfjvUaVhFbd/jAitwXnlAB0AvQ78H4RNDujQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(346002)(136003)(376002)(396003)(15650500001)(7696005)(4744005)(52536014)(86362001)(4326008)(478600001)(83380400001)(33656002)(316002)(8676002)(54906003)(55016002)(2906002)(6506007)(186003)(8936002)(5660300002)(9686003)(71200400001)(66946007)(26005)(91956017)(122000001)(76116006)(38100700002)(66446008)(66556008)(64756008)(53546011)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: LV5kLoc1qBuguwhdbcu/eweFdAMh35ZhcohjUlTrUY9dD/5R96u1YVAoy1/muFX0mro+90QUGuokOxquAoEaugN/YnwrJB6juVlDxgpTRXw7AcFwR6rXo3V2YCc13EsZYYxvF0KaRtwNVl/lWcdXg+ov6RRLmDYxB7cRr9YlL1IVIXrsieItrugodQRJftRA4Xpe1Ry6blPLmu0p3LvfNF+p/kik0W7IC2vfaUyu3Ue9xSpxK85bMhCbGjPxlvrkBfxP00SJjzXF7npx1kclK8uzjUV2clzLpet+MAXgFK0x8bXzS2J4TF4Hv+etLxx3CNhsOfzU/EmZZMQNW1ZcfVDSjlzBa6ycJA1WT7P2l/Vfw0g5EeVW9gVOSAp4RXz2jrfqOAEe0pP7dgS/CJML9KrEwzVK9xV0d3aB/AZDVsLed2Jk0tSabz8G6sk8u2aHG+XvK1QtLHcAVqEs6CxVogYucWnYP6YnDiJw2yB5gNu5FF6kNcLJECQGA7008C/7lRZR+7BFiR1iA0wOdNR77VmS7bd0qRD52Mp+Hd6BJK4/YdqG7pKc1NjUTh5wZinsgHJZ2kfHDyS3WHkLDk/XTkEzgC3cDGl8mBglfvoQRR5/RLC27gSiYnVaAJT+RaAj7fhrqpOE8b7vaD78zRthiUQ2QCpv1DHcLEgT5Ph1kq42R9Cyv1OD83IkBiETqGIEhDx+C2O2+LABfKxFhcr+CjEpWNDiHYbKsUq3AmKD5I0FW0z+lZLike1EsguFkguAv+VZth3OTmZLXtpcIrprVyNo02EpRoeBOQcMm/4Bu3VlwbEYY75keoS+Eylaw7uGP1nxNBk/iIiL/PvMbhHMiQ0iS3ZyxzHOSyj4LA/9+wopAMvMK2vuWG3sfT6hA2YeJll7RPlWNSxTheCSS4KA4jUiNcPFptqqzpFrWHmvttKLRanvwYozQHXJOuTMVye40Rjo75CEpNb+vaAf7yuVmppcvCMHpnK8/FFV44oUxbimjeB5aiCKtYHS5TgzLJi5K+IR4jrqKZLDaH/JMr7kCwxiN+AuZY0s3Oj0fWH+k54xIkWDwBW79rLuH5fzD2V8lrS1tT8NBp/hPHtn1LK7MmLbcAxUoepwbm1Y4TgKH9HJVJ5441yalDVuLMKk1gO8AclIzBfJ07wl91o8U/aet7m0AdTptdIctqOzgCcCh6zng47nA+JdeJnh4RQj6QTM+YVUTV2+xSf5HBMtH4liAKV1qjGe8yaRKPd5NMUeXZj3ym3oClLqVurnhk0CIiTwjWk7C/14E/fT+lE6gFA+rhdEuEUnG8FeIIgGfTmk71o=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af59e5bc-95a4-46d6-ea31-08d920fff36f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2021 11:09:52.1358 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8O972UofI8SBTXwjgHHDKK8AcpqpGGsErVxomDepp/McUS/tKKl65PG39CIPpYHrr6aQHD8midtP2Ebz+HPjQQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5057
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/tWx1o7gMOgP2QaluzkKaywc-Efs>
Subject: [netconf] More complications was Re: netconf-tls wasRe: Summary of updates
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 11:10:00 -0000
From: Kent Watsen <kent+ietf@watsen.net> Sent: 25 May 2021 23:55 Subject: Re: netconf-tls wasRe: [netconf] Summary of updates <tp> Top posting a new and different issue. server case psk references ServerKeyExchange and psk-identity-hint neither of which exist in TLS1.3. The client sends an extension PreSharedKeyExtension which contains a list of identities from which the server selects one as selected-identity for which the identifier is uint16 indexing into the client's list. RFC8446 s.4.2.11. The client description also needs amending. TLS1.2 was extended to use tickets in this area to aid session resumption; these have now gone and been replaced by this extension. I would not suggest adding support for tickets. As I may have said before, TLS 1.3 is different. Tom Petch Hi Tom, Pruning resolved items below. <snip>
- [netconf] Summary of updates Kent Watsen
- [netconf] netconf-tls wasRe: Summary of updates tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… Juergen Schoenwaelder
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… Juergen Schoenwaelder
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… Juergen Schoenwaelder
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… Juergen Schoenwaelder
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… Juergen Schoenwaelder
- Re: [netconf] netconf-tls wasRe: Summary of updat… Kent Watsen
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- [netconf] More complications was Re: netconf-tls … tom petch
- Re: [netconf] More complications Kent Watsen
- Re: [netconf] More complications tom petch
- Re: [netconf] More complications Henk Birkholz
- Re: [netconf] More complications Juergen Schoenwaelder
- Re: [netconf] More complications Kent Watsen
- Re: [netconf] More complications tom petch
- [netconf] TLS 1.3 and pre-shared-keys and raw-pub… Kent Watsen
- Re: [netconf] TLS 1.3 and pre-shared-keys and raw… tom petch
- Re: [netconf] netconf-tls wasRe: Summary of updat… tom petch
- Re: [netconf] TLS 1.3 and pre-shared-keys and raw… Kent Watsen
- Re: [netconf] TLS 1.3 and pre-shared-keys and raw… Rob Wilton (rwilton)
- Re: [netconf] TLS 1.3 and pre-shared-keys and raw… tom petch
- Re: [netconf] More complications Kent Watsen