Re: [quicwg/base-drafts] It's just TLS (#2044)
MikkelFJ <notifications@github.com> Fri, 23 November 2018 00:32 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1FC130E0C for <quic-issues@ietfa.amsl.com>; Thu, 22 Nov 2018 16:32:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Level:
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVih7ZV1wDag for <quic-issues@ietfa.amsl.com>; Thu, 22 Nov 2018 16:32:45 -0800 (PST)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28DB7130DDD for <quic-issues@ietf.org>; Thu, 22 Nov 2018 16:32:45 -0800 (PST)
Date: Thu, 22 Nov 2018 16:32:44 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1542933164; bh=FRb1sK8GDYHnK2OPj1kb2Sbk2TBPiv3vpriCQk1dLxo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=0Ks0F1S1SOxVp8hEVPlkW1eFEgJ8+kbpwCR/eJLZPgIInmlrpVsH0esVVR2YvdlLH ZYkZL6ecAILDG+vHQNTDQ/Von+tvOi2dFly1GBEbmhqC6OTtbLeeib7nhRmyOloLD4 MJBzq8sIsflnYHohvmgOdlQRTwqx1ZXbTRapxoI4=
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abfda27f3d969009ad6b978254478a3435af3987b392cf00000001180f0cac92a169ce16de4d7f@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2044/c441137560@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2044@github.com>
References: <quicwg/base-drafts/pull/2044@github.com>
Subject: Re: [quicwg/base-drafts] It's just TLS (#2044)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bf74aac2c3f7_52063f89e1ad45bc826c6"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/wb4uXxaygjU4aFEV1vaCaotoCfw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Nov 2018 00:32:47 -0000
That is not very precise: You have document that describes how to use with 1.3, implying one could use any other version. Presumably this happens by detecting the TLS version in the handshake so the same QUIC version could support multiple TLS versions. It could also mean different QUIC versions support different TLS versions. Further, it could mean that TLS 1.0 is supported, but not specified. This opens to downgrade attacks such as loss of perfect forward secrecy. It also makes it hard to decipher the spec. I think it is fine to more relaxed about TLS as a building block, especially with an eye towards the feature, and perhaps also the past since TLS 1.2 might be more IoT friendly. However, a specific QUIC version needs to define a specific TLS version or set of TLS versions that are all mandatory. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/2044#issuecomment-441137560
- [quicwg/base-drafts] It's just TLS (#2044) Martin Thomson
- Re: [quicwg/base-drafts] It's just TLS (#2044) MikkelFJ
- Re: [quicwg/base-drafts] It's just TLS (#2044) MikkelFJ
- Re: [quicwg/base-drafts] It's just TLS (#2044) Martin Thomson
- Re: [quicwg/base-drafts] It's just TLS (#2044) ekr
- Re: [quicwg/base-drafts] It's just TLS (#2044) Mike Bishop
- Re: [quicwg/base-drafts] It's just TLS (#2044) Martin Thomson