Re: [Pce] Thinking about draft-dhody-pce-pceps-tls13
Sean Turner <sean@sn3rd.com> Mon, 17 October 2022 07:56 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95E19C14CE36 for <pce@ietfa.amsl.com>; Mon, 17 Oct 2022 00:56:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiwlMVg0ke3C for <pce@ietfa.amsl.com>; Mon, 17 Oct 2022 00:56:24 -0700 (PDT)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBC07C14CF1F for <pce@ietf.org>; Mon, 17 Oct 2022 00:56:24 -0700 (PDT)
Received: by mail-wm1-x32b.google.com with SMTP id l32so8126808wms.2 for <pce@ietf.org>; Mon, 17 Oct 2022 00:56:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aPj8RGwDRsMFLcoZFqlgGPATDlVceUMgNNXmQylg2Iw=; b=b8xgitcLri+EHpgli3J75SgCjtcN6duz8Y+x2LcMDPYBONvArl9X+BOsosz1RVtLYB 2iwvIjeg36+gB19NDK1T59iFEpWYB14hZ/ustaNMWt/GTBeww3d22X0oB1jHwp5RApWG mcYvs0xDYWzgDq0+ZObGTPvLrH+oRw293a1w0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aPj8RGwDRsMFLcoZFqlgGPATDlVceUMgNNXmQylg2Iw=; b=NZyInwMrKGJyINJTlxCOcN8nOsyTTX5ChS5E+uWxAigJes8HaYkFXRTO9vK9uI6v8Y 5ofqgRZsD3GSSUUBjTPGnEpDdYitvYiMRRHJleFFXo70Yzg04G5BsPVX5WdQlUNney/L P+6SDa/CmBmXenrDdWOm6sCHKyVcdV8T8MFNDNjyHAj+bjQV5Vnl441zesYoDqYEQxtm J2shCHSNtWvYEKbTDVd7FNlCBacO9lcprNrcEmGxGjmOyYl1F6gHis4I/T4JIh9/9pqq J3t965erZ/4ghqDyWe0ZuQnv1QWa5v4tCEuJywGmAzmQcD3LMrzvIFoPI2EKihSO6PFR h9Iw==
X-Gm-Message-State: ACrzQf2r3uGm4sy6dXj/rvbsgT8R7oVtxkKpo4VOKwx8MkpRTssxpUoj mRSs0rE4xAMFwVB7Skr//ttAYw==
X-Google-Smtp-Source: AMsMyM7e/KXjP/FbUDF+AkKv6Cicd/t8RekpZ2BifjcUzWG6gXoXvtImyIio9tCh1aGBft7BjQveNQ==
X-Received: by 2002:a05:600c:358f:b0:3c6:da94:66f9 with SMTP id p15-20020a05600c358f00b003c6da9466f9mr6198369wmq.142.1665993382934; Mon, 17 Oct 2022 00:56:22 -0700 (PDT)
Received: from smtpclient.apple ([195.235.52.75]) by smtp.gmail.com with ESMTPSA id a21-20020a05600c2d5500b003b50428cf66sm9210010wmg.33.2022.10.17.00.56.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2022 00:56:22 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAP7zK5amurs5MLG9PpdbRE2xbRNSpA+qnrOBFkKtoFSs=P6E+Q@mail.gmail.com>
Date: Mon, 17 Oct 2022 09:56:20 +0200
Cc: Adrian Farrel <adrian@olddog.co.uk>, Russ Housley <housley@vigilsec.com>, draft-dhody-pce-pceps-tls13@ietf.org, pce@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A644C8DC-1901-4C42-BFDA-191ED687F098@sn3rd.com>
References: <069901d8df4c$a17ef430$e47cdc90$@olddog.co.uk> <50D4CB57-CA03-4E40-861B-CAC16B291533@vigilsec.com> <072e01d8dfd0$ddc88fd0$9959af70$@olddog.co.uk> <97602738-057B-4483-BC1D-46D0EAD46D24@vigilsec.com> <073f01d8dfda$e83a5070$b8aef150$@olddog.co.uk> <CAP7zK5amurs5MLG9PpdbRE2xbRNSpA+qnrOBFkKtoFSs=P6E+Q@mail.gmail.com>
To: Dhruv Dhody <dd@dhruvdhody.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/dCWb76VMTJ7tnt_D0aDGelh7BM8>
Subject: Re: [Pce] Thinking about draft-dhody-pce-pceps-tls13
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2022 07:56:28 -0000
I also submitted a CR to fix my spelling mistake :) spt > On Oct 14, 2022, at 19:23, Dhruv Dhody <dd@dhruvdhody.com> wrote: > > Thanks Russ & Adrian! > > I have updated the working copy with this commit -> https://github.com/dhruvdhody/draft-dhody-pce-pceps-tls13/commit/05027a5251a0290bd8c960b2c03aa2b13ae01c79 > > Dhruv > > On Fri, Oct 14, 2022 at 8:10 PM Adrian Farrel <adrian@olddog.co.uk> wrote: > Wfm, thnx > > -----Original Message----- > From: Russ Housley <housley@vigilsec.com> > Sent: 14 October 2022 14:58 > To: Adrian Farrel <adrian@olddog.co.uk> > Cc: draft-dhody-pce-pceps-tls13@ietf.org; pce@ietf.org > Subject: Re: Thinking about draft-dhody-pce-pceps-tls13 > > Maybe the phrase should be: PCEP implementations that support TLS 1.3 MUST > ... > > Russ > > > On Oct 14, 2022, at 9:28 AM, Adrian Farrel <adrian@olddog.co.uk> wrote: > > > > Thanks, Rus. > > > > What I didn't express well (don't write emails when you have been doing > hard > > concentration work for 9.5 hours straight!) is that it is possible to > think > > that this work is telling all PCEP implementations what they must do. I > have > > spoken to one person who was very worried that this was updating what > their > > existing implementation would need to do. > > > > I'm clear that the intention is to describe what PCEPS implementations > that > > support TLS 1.3 are supposed to do, and that doesn't have any knock-on for > > other work, but, yes, a very simple addition of "of this specification" > > makes all the concerns go away. > > > > Cheers, > > Adrian > > > > -----Original Message----- > > From: Russ Housley <housley@vigilsec.com> > > Sent: 14 October 2022 13:46 > > To: Adrian Farrel <adrian@olddog.co.uk> > > Cc: draft-dhody-pce-pceps-tls13@ietf.org; pce@ietf.org > > Subject: Re: Thinking about draft-dhody-pce-pceps-tls13 > > > > Adrian: > > > > TLS 1.2 does not have early data, and the algorithm registries arefor TLS > > 1.2 and TLS 1.3 are separate, o I do not think there is confusion. That > > said, I do not object to adding the phrase. > > > > Russ > > > >> On Oct 13, 2022, at 5:42 PM, Adrian Farrel <adrian@olddog.co.uk> wrote: > >> > >> Hi, > >> > >> Thanks for kicking off work to get PCEP able to work with TLS1.3. > >> > >> This is important. > >> > >> However... :-) > >> > >> I think it would be helpful to clarify that statements about what > >> implementations must or must not do (etc.) should be scoped as > >> "implementations of this document." That is, you are not constraining > PCEP > >> implementations in general, and I don't even thing you are constraining > >> TLS1.2 PCEP implementations. Well, if it was your intent to do otherwise, > >> you really need to be clear that you are updating the base specs, but I > > hope > >> you're not. > >> > >> Further, I am worried about the use of draft-ietf-tls-rfc8446bis as a > >> normative reference. I understand that the long term intention is that > > that > >> draft will obsolete RFC 8446, but it seems to be moving slowly (if at all > > - > >> it has expired). I think that implementers wanting to apply TLS1.3 to > > their > >> PCEP code will want to pick up TLS1.3 implementations that are stable > > (i.e., > >> based on RFCs). Now, by the time this draft gets to completion, it is > > quite > >> possible that 8446bis will have completed, and the draft can be updated > to > >> reference it and pick any additional points it makes. On the other hand, > > if > >> this draft makes it to the RFC Editor queue before 8446bis is complete, I > >> don't think you'd want it to sit around, and a subsequent bis can be made > >> when 8446bis becomes an RFC. > >> > >> What do you think? > >> > >> Cheers, > >> Adrian > >> > >> > > > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce
- [Pce] Thinking about draft-dhody-pce-pceps-tls13 Adrian Farrel
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Russ Housley
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Adrian Farrel
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Russ Housley
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Adrian Farrel
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Dhruv Dhody
- Re: [Pce] Thinking about draft-dhody-pce-pceps-tl… Sean Turner