IETF Logo Mail Archive

Re: [OAUTH-WG] Referencing TLS

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 03 April 2015 19:50 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3381A01AE for <oauth@ietfa.amsl.com>; Fri, 3 Apr 2015 12:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3Yt0mKy4JFA for <oauth@ietfa.amsl.com>; Fri, 3 Apr 2015 12:50:16 -0700 (PDT)
Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DBAF1A017D for <oauth@ietf.org>; Fri, 3 Apr 2015 12:50:16 -0700 (PDT)
Received: by qcay5 with SMTP id y5so94887160qca.1 for <oauth@ietf.org>; Fri, 03 Apr 2015 12:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XO3LOcq/U6hk5RrZjZyEaSz4cI9HL6/xEDXM6UQW6G4=; b=a2fUCq2AFC/9K1AyfEsUSCAE6WI9SlmDHUuCHHG++gWhNlQqA85dnWnlK4unQU+DG/ QTrVKEPYsKwyh6/RE+H/6umykk0WWiVoTVa1zSw7ip2VfVOI3Kczl7O3tWgarUoLOnp6 Y2dgrvCPkXlXp1hHA1hBYJVkb9iLVYICLuVGvxsLqrPYZzINMgmoygQsZ86P0GA4vK1E B0ZNoE65KgfGxf82j7792sqNFB2Z2DDRkPW4l6QGFjrdmgMrOLNBkf8XeRg6Qa2xKzJP MjgljkcNwWhpCTjXpx2FVAt2yme43LMBn9otFSNtgEbUnwwehmxtBlnnpkX3pBs1oQyH YbXg==
X-Received: by 10.55.55.137 with SMTP id e131mr7400537qka.14.1428090615810; Fri, 03 Apr 2015 12:50:15 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by mx.google.com with ESMTPSA id 2sm6308150qgg.31.2015.04.03.12.50.14 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 Apr 2015 12:50:14 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <C8F7F75D-A2B9-48DB-A438-9FDF8E4051EC@ve7jtb.com>
Date: Fri, 03 Apr 2015 15:50:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <019F554F-93E3-4931-B9CD-9DA55FAA8341@gmail.com>
References: <551DADCB.9040803@cs.tcd.ie> <551ED488.7000101@gmx.net> <C8F7F75D-A2B9-48DB-A438-9FDF8E4051EC@ve7jtb.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/_MOjVBark9O5GLLbWFoORb9I7V4>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Referencing TLS
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 19:50:18 -0000


Sent from my iPhone

> On Apr 3, 2015, at 3:16 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:
> 
> Yes it is good, though reading that BCP may scare off implementers who will just ignore it. 
> 
> We may still want to give the current advice of >= tls 1.2 at the point of publication see BCP xx for additional considerations. 
> 
I think it's fine to do that.  Using the recommended version as the base at time of publication with a pointer to the BCP is appropriate.

Thanks,
Kathleen 
> John B. 
> 
> 
> Sent from my iPhone
> 
>> On Apr 3, 2015, at 2:57 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>> 
>> I learned something new: we can reference a BCP (instead of an RFC) and
>> even if the RFC gets up-dated we will still have a stable reference.
>> (See Stephen's response to my question below).
>> 
>> This is what we should do for our documents when we reference TLS in the
>> future. We would reference the yet-to-become BCP (currently UTA-TLS
>> document) and we essentially point to the recommended usage for TLS
>> (version, ciphersuite, everything).
>> 
>> Isn't that great?
>> 
>> --------------------------------------------------------
>> 
>>> On 02/04/15 19:09, Hannes Tschofenig wrote:
>>> Hi Stephen,
>>> 
>>> if I understand it correctly, you are saying if we reference a BCP #
>>> (instead of the RFC) then a revised RFC will get the same BCP #. I have
>>> never heard about that and if that's indeed true that would be cool. I
>>> might also have misunderstood your idea though.
>> 
>> Yep, that's it. XML2RFC makes it hard but you can do it, worst
>> case via an RFC editor note
>> 
>> S.
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email