Re: [OAUTH-WG] Referencing TLS
Justin Richer <jricher@mit.edu> Fri, 03 April 2015 20:36 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 689F91A0318 for <oauth@ietfa.amsl.com>; Fri, 3 Apr 2015 13:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aLCI0ebYe-BX for <oauth@ietfa.amsl.com>; Fri, 3 Apr 2015 13:36:57 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9667F1A0302 for <oauth@ietf.org>; Fri, 3 Apr 2015 13:36:57 -0700 (PDT)
X-AuditID: 12074423-f79536d000000e74-77-551ef9e84446
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 1F.C5.03700.8E9FE155; Fri, 3 Apr 2015 16:36:56 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t33KatBW009570; Fri, 3 Apr 2015 16:36:55 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t33KarDj020549 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 3 Apr 2015 16:36:54 -0400
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_A6F35690-F205-428A-AF2D-564526FFA2BB"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.5b6
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <51BF88CA-290A-4F57-82E9-C2A536EDCA8C@mnt.se>
Date: Fri, 03 Apr 2015 16:36:52 -0400
Message-Id: <32C746E3-ED37-4A9F-8E25-B5579E212A5E@mit.edu>
References: <551DADCB.9040803@cs.tcd.ie> <551ED488.7000101@gmx.net> <C8F7F75D-A2B9-48DB-A438-9FDF8E4051EC@ve7jtb.com> <51BF88CA-290A-4F57-82E9-C2A536EDCA8C@mnt.se>
To: Leif Johansson <leifj@mnt.se>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOKsWRmVeSWpSXmKPExsUixCmqrPvip1yowcupkhaNfTOYLU6+fcVm sfruXzYHZo8lS34yeWxanupx+/ZGlgDmKC6blNSczLLUIn27BK6M9tuvWQrOyFS8/afRwNgq 0cXIySEhYCLxe/UmFghbTOLCvfVsXYxcHEICi5kkzr24wAjhbGCUWLtiNhtIlZDAAyaJgw0p ILawgLrEscutYN28AgYSc099YQKxmQWmMEocWAk1VUqi6fUxRhCbTUBVYvqaFrAaTgEriR9b usHiLAIqErd+XWaH6PWU2PMMZDEH0Ewrid+/I6AOYpRomX0ZrFdEQFHi4Zez7CA1EgLyEj2b 0icwCs5CcsUsJFdA2NoSyxa+ZoawNSX2dy+HistLbH87BypuKbF45g2ouK3Erb4FUHPsJB5N W8S6gJFjFaNsSm6Vbm5iZk5xarJucXJiXl5qka6ZXm5miV5qSukmRlAcsbso72D8c1DpEKMA B6MSD++DQLlQIdbEsuLK3EOMkhxMSqK8mneAQnxJ+SmVGYnFGfFFpTmpxYcYVYB2Pdqw+gKj FEtefl6qkgjv48dAdbwpiZVVqUX5MGXSHCxK4rybfvCFCAmkJ5akZqemFqQWwWRlODiUJHh3 /QBqFCxKTU+tSMvMKUFIM3FwHmKU4OABGj4VpIa3uCAxtzgzHSJ/ilFRSpz3AUhCACSRUZoH 1wtLf68YxYHeEuY9DVLFA0ydcN2vgAYzAQ12mCcNMrgkESEl1cAY5RnHr5Qp9mVrfL5e+tb1 SnNVdiqUV3YlbbbxWxtd0sDR9lfaW3WzdQ6HQcjdL7Zmf+4xXhLaV9j78Z2ThOi7uZ735tjc uCJdF2pw9m246kP3qbWP+WQcGVMb1wbs3HK44EnRr813c4QuKsV6p866ve9Sv+CMDfN/+8dv +P/LO/7yue0SyrFKLMUZiYZazEXFiQCAZ/2VWgMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/kWaXV1AVcuT7S6QkotlUohuKXNs>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Referencing TLS
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 20:36:59 -0000
In the end, I still say that 99.999% of implementors and deployers will look at that and say: “Am I doing HTTPS? I am, so I’m good!” and leave it at that. :) I’m in favor of Kathleen’s approach where we give the minimum version and the BCP pointer for people who really care, and at least say “go do the right thing” to people who might otherwise ignore it. — Justin > On Apr 3, 2015, at 4:08 PM, Leif Johansson <leifj@mnt.se> wrote: > > > > >> 3 apr 2015 kl. 21:16 skrev John Bradley <ve7jtb@ve7jtb.com>: >> >> Yes it is good, though reading that BCP may scare off implementers who will just ignore it. > > Those people are gona ignore a bunch of other good advise too. Lets not chase the rabbit down every hole. > >> >> We may still want to give the current advice of >= tls 1.2 at the point of publication see BCP xx for additional considerations. >> >> John B. >> >> >> Sent from my iPhone >> >>> On Apr 3, 2015, at 2:57 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: >>> >>> I learned something new: we can reference a BCP (instead of an RFC) and >>> even if the RFC gets up-dated we will still have a stable reference. >>> (See Stephen's response to my question below). >>> >>> This is what we should do for our documents when we reference TLS in the >>> future. We would reference the yet-to-become BCP (currently UTA-TLS >>> document) and we essentially point to the recommended usage for TLS >>> (version, ciphersuite, everything). >>> >>> Isn't that great? >>> >>> -------------------------------------------------------- >>> >>>> On 02/04/15 19:09, Hannes Tschofenig wrote: >>>> Hi Stephen, >>>> >>>> if I understand it correctly, you are saying if we reference a BCP # >>>> (instead of the RFC) then a revised RFC will get the same BCP #. I have >>>> never heard about that and if that's indeed true that would be cool. I >>>> might also have misunderstood your idea though. >>> >>> Yep, that's it. XML2RFC makes it hard but you can do it, worst >>> case via an RFC editor note >>> >>> S. >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Referencing TLS Hannes Tschofenig
- Re: [OAUTH-WG] Referencing TLS Hannes Tschofenig
- Re: [OAUTH-WG] Referencing TLS John Bradley
- Re: [OAUTH-WG] Referencing TLS Kathleen Moriarty
- Re: [OAUTH-WG] Referencing TLS Leif Johansson
- Re: [OAUTH-WG] Referencing TLS John Bradley
- Re: [OAUTH-WG] Referencing TLS Justin Richer
- Re: [OAUTH-WG] Referencing TLS Leif Johansson