Re: Consensus Calls for Transport/TLS issues, post-Cupertino
"Martin Thomson" <mt@lowentropy.net> Tue, 22 October 2019 02:38 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D234120AEC for <quic@ietfa.amsl.com>; Mon, 21 Oct 2019 19:38:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Grv77A+9; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Y1qdK7IG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-tqyzQWkrUw for <quic@ietfa.amsl.com>; Mon, 21 Oct 2019 19:38:43 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE587120024 for <quic@ietf.org>; Mon, 21 Oct 2019 19:38:43 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id DA3B56A0 for <quic@ietf.org>; Mon, 21 Oct 2019 22:38:42 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Mon, 21 Oct 2019 22:38:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=PITt/INuBtg3q0t5LuN+CdGpGK14U2O hFMT70ruBwJU=; b=Grv77A+9u+NbSQ6RT/m0x62wRRzIkWiBkMs/4Qx9ErMig7G hrg/sCDDaF/Tvxde2rCbHTPpzInnqtitvNdrYd2A5p8qptb1D5yUZFv2VJJvnL3F CReggYuNUgU0pWi2yhSoeIn74utrbYQzs0nAGoysLEreu7TjFiSeDjFczU0tqrpL l/wzZU+CktcURsCIKX2K9CZdKxIeHvT2BG/+ERnfwYRK18zW5NJYD9sLEIxI+z+a UoC6CAsqy5e50jxawr1+tbfTnMPw06RtpYYL3n4GgQyNV0g0vX7I9AJ6QG7CKlU7 bmLEfmkDCa1b//OIJE2QW2mfWfdJbo3bHJyK3/A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PITt/I NuBtg3q0t5LuN+CdGpGK14U2OhFMT70ruBwJU=; b=Y1qdK7IGkeQ10qPMs3LBpW I14F616r3j+GP5G9EzbcLyU80Y69K3NUQ8x+4lC37qV5X8xFxg/rOivjnXAHj+Xq AdAXBnwQA1vgOuuujcsed5l0NlkDQEhuZKnd8LTrKKJ8vpYzb12FE95YX5zDpXc8 OOxwxPTDHQOqvRWryZJaorSiljGpCAhqsOSmjG7OZdxnCHPVPX6M906BLb8hO3xc NqO1Xe8yuajBbBoSdGpxbty41mItf2Zg1G9ADYaWHMvQtZqa1koMSDkK3bIU2OIv I0FjkFqwGiBM79GAcZLG55sGDr9q8IJ533nRF/eljuGvnblXqTTkR/3biC06Id5Q ==
X-ME-Sender: <xms:smuuXcCih2J4vvuCT4OTLkaMNWUul2FMsmM9CqaBzTXTkEmJ-MEDcA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrkeeigdeiudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofi gvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:smuuXQzQxlesYA9KxtjMF8vDPPi8ubaica40GfybIT3NmOy6BSbJig> <xmx:smuuXR055RyX0qy8BBENZ-SzWto71fmlFGiANSLgzC-vO3q_-g5mDw> <xmx:smuuXYzNVJrR1uPcqNfMxYKoqGK21pQLOMRbo-clnyqo0rOg-e4mXw> <xmx:smuuXTnISS931Vs491xA6uCMDqVEsKEKEn9_CdMjcE8gUvgK5gIgqA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id F1200E00BB; Mon, 21 Oct 2019 22:38:41 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-470-gedfae93-fmstable-20191021v4
Mime-Version: 1.0
Message-Id: <22517ab5-9a6c-4486-b7ea-03badc064cbe@www.fastmail.com>
In-Reply-To: <BN3PR00MB0083E9A10A58F4CCC7B8A5C6B3680@BN3PR00MB0083.namprd00.prod.outlook.com>
References: <4D6397AF-B411-4E67-AFD2-76E8F2AD462C@mnot.net> <CANatvzwYA-NN+p5jLu4vpgKY_G-ZoUM03CacZWS2FAPyPqgiiw@mail.gmail.com> <BN3PR00MB0083E9A10A58F4CCC7B8A5C6B3680@BN3PR00MB0083.namprd00.prod.outlook.com>
Date: Tue, 22 Oct 2019 13:38:23 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: Consensus Calls for Transport/TLS issues, post-Cupertino
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/DH8m8m8hWqAY-XCvm3lh5fiNHzo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 02:38:45 -0000
On Tue, Oct 22, 2019, at 12:39, Nick Banks wrote: > I'd also prefer to fix the problem, even if it means bringing back > something like RETIRE_KEY. I would prefer to think of this proposed resolution as a temporary one. I don't think that we agreed to keep the handshake keys indefinitely, only that we would use that option as a fallback position until we found a better solution. On that basis, I think that it would be best if we open a new issue that says "Handshake keys can't ever be dropped". We might still conclude not to address that issue, but the important thing is to ensure that any solution works properly.
- Consensus Calls for Transport/TLS issues, post-Cu… Mark Nottingham
- Re: Consensus Calls for Transport/TLS issues, pos… Kazuho Oku
- Re: Consensus Calls for Transport/TLS issues, pos… Nick Banks
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Kazuho Oku
- Re: Consensus Calls for Transport/TLS issues, pos… Mikkel Fahnøe Jørgensen
- Re: Consensus Calls for Transport/TLS issues, pos… Jana Iyengar
- Re: Consensus Calls for Transport/TLS issues, pos… David Schinazi
- RE: Consensus Calls for Transport/TLS issues, pos… Mike Bishop
- Re: Consensus Calls for Transport/TLS issues, pos… Jana Iyengar
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Duke
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- RE: Consensus Calls for Transport/TLS issues, pos… Mike Bishop
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Watson Ladd
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- RE: Consensus Calls for Transport/TLS issues, pos… Mike Bishop
- RE: Consensus Calls for Transport/TLS issues, pos… Mikkel Fahnøe Jørgensen
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Mikkel Fahnøe Jørgensen
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Mikkel Fahnøe Jørgensen
- Re: Consensus Calls for Transport/TLS issues, pos… Eric Rescorla
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Christian Huitema
- Re: Consensus Calls for Transport/TLS issues, pos… Martin Thomson
- Re: Consensus Calls for Transport/TLS issues, pos… Christian Huitema
- Re: Consensus Calls for Transport/TLS issues, pos… Mark Nottingham