RE: Regarding TLS 1.3 Usage
Mike Bishop <mbishop@evequefou.be> Mon, 11 February 2019 17:02 UTC
Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C0E71310AB for <quic@ietfa.amsl.com>; Mon, 11 Feb 2019 09:02:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNGjSIgWIPN7 for <quic@ietfa.amsl.com>; Mon, 11 Feb 2019 09:01:59 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-eopbgr750130.outbound.protection.outlook.com [40.107.75.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C68131310AC for <quic@ietf.org>; Mon, 11 Feb 2019 09:01:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector1-evequefou-be; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pEaEfB8Bu121ruhQGVTnZXFsKVzvn1gERex/e4aZHsk=; b=Az5r/+U3gt0DKP4ZdGyNfQYfwMf21Lp92JdYhIVY+Ha5KvapSVrchPVRQ+yDoyPgttRXtMfrwnmRJ+QjAf9plWop5U9g73CuEDlMgJkZNFEbZumkAqL8L+PBJuCWsYlj2Rwk5x0oqqa/vKTXWRWY73zzaoLqNNAYiv/5pncGLm0=
Received: from CY4PR22MB0983.namprd22.prod.outlook.com (10.171.171.20) by CY4PR22MB0535.namprd22.prod.outlook.com (10.172.139.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.21; Mon, 11 Feb 2019 17:01:55 +0000
Received: from CY4PR22MB0983.namprd22.prod.outlook.com ([fe80::90de:b35e:127a:ccc2]) by CY4PR22MB0983.namprd22.prod.outlook.com ([fe80::90de:b35e:127a:ccc2%4]) with mapi id 15.20.1601.023; Mon, 11 Feb 2019 17:01:55 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Mantas Gridinas <mgridinas@gmail.com>
CC: IETF QUIC WG <quic@ietf.org>
Subject: RE: Regarding TLS 1.3 Usage
Thread-Topic: Regarding TLS 1.3 Usage
Thread-Index: AQHUwePCgpnlJlG1okeRtwyMRNKoXaXa0YJA
Date: Mon, 11 Feb 2019 17:01:55 +0000
Message-ID: <CY4PR22MB09834C1C31B6B350F8833CD4DA640@CY4PR22MB0983.namprd22.prod.outlook.com>
References: <CAE9hW8T9t+M-WPuE05uXPH_edW_mq5usXCjM5zeik748N4V_Jw@mail.gmail.com>
In-Reply-To: <CAE9hW8T9t+M-WPuE05uXPH_edW_mq5usXCjM5zeik748N4V_Jw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2601:600:8080:701:a577:d655:63c7:1fcb]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR22MB0535; 6:cKRmJgwlb335h/DdJs4Ul6NbyxCDYV8M6aH9ELmOfSXHtX4Fa3Gt60JZ2T/Gh/fdpTvYglhk4y0UeWkKlSfj4KVaVWyRYBcgsqhj2tThAIpk3uYxLnKMvsxRbRRPSpXPF9i6sFx6Ck4QwBxob7nou5GQbC2zadkJnhuZoXvqzwIoz0bYch4DtgD6YoRteGnsYbFRXIsfVB65fyT4Ql7/+JafEWKbVrxxn6NrETL+IC9R70b/wN3A09jbDQL1+ohS2fcQD9KCxrEKXC8j/PA7dqVQCB5nG0r6VFSG4hQe5hJ+MrYEYI1Y6IT9P6uwOCVXKCYRJX8IVgR/9IWasLepqaFe2Zc2RjaAPhc716AchGzRoYrfzoFU6B7n/xJYfza+fVrGr62bY8Gd+DlbOPhSX/ihRwA3gMwbwHtuDSBSonEqztF8umhuK/62IFmaoXWoigtVEB3QRUjJxOAfHoJKNQ==; 5:CaVFtJ1OSQYP5GzheeoGUijU2tXOUY+Wco9OGzNXpHk7yrY/nqfYNABYYC4lbNsoFLQTxiR/2B9CoBbUoGERC6S3cvJTCogyCtyvFWmV/xfT5LWz1bh1G6Jxi4f8YimAjWLoxHrR+eUfYJi8pdAhLweflAi2ZSeAzfg8/CY03TEZnlBQlHnVqlb4pQp82PGcvEuk+m8vs6JEDzFQ7r/0GA==; 7:C6mUCDLkyK2ZHzSIoiCG6aLn18f4sZx7HfnpRdwWdTYJYAHN92jEVlUSJLoXQ+/c0wjqn4EGnYODHv7IYXZNH6AfUVNcKPWBLRXQ9+S7zIBTum3Fa1EAXe2hI9FDT4C7wmNRzXGFcD9UeSt1FLZYvA==
x-ms-office365-filtering-correlation-id: 3c255bb6-8b44-4566-429f-08d69042a0af
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:CY4PR22MB0535;
x-ms-traffictypediagnostic: CY4PR22MB0535:
x-microsoft-antispam-prvs: <CY4PR22MB05359F9F44FC35753E46770FDA640@CY4PR22MB0535.namprd22.prod.outlook.com>
x-forefront-prvs: 0945B0CC72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(136003)(39830400003)(346002)(396003)(199004)(189003)(2906002)(105586002)(86362001)(106356001)(186003)(102836004)(53546011)(46003)(68736007)(790700001)(6116002)(6506007)(11346002)(446003)(476003)(256004)(97736004)(486006)(33656002)(53936002)(7116003)(55016002)(74316002)(9686003)(81166006)(7736002)(8676002)(8936002)(1411001)(81156014)(508600001)(229853002)(6436002)(316002)(71190400001)(76176011)(71200400001)(7696005)(74482002)(99286004)(14454004)(6246003)(25786009)(4326008)(54896002)(6916009)(6306002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR22MB0535; H:CY4PR22MB0983.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 3MPYcIG1gGpzRgKkXdsCewgo48zYuGr1EXaIWpfOu2bbXPpzW9ihh+QjzV/houI4t3RugmcpLyPOsz07VKRzxoZYIz2qRhPWuaXP1/RTYJ9m+HfK0QN5etzg4yn48qJHSH3yCXMVYuWrGhsx66TdlYkSKJg3YRpCJP4pH4pYzHnIslLUqCNCd3cjABSiyrPku7xCFmdDgz7nV+/VDBcIDjhERABXuNTx4c/erVvJLlCzhFqZfHUwMFo5ApzErP/iC269MeDAaJk4TcFY3gKRrhNFB6z+T+iSP/R5Cn3rB9PfYNXxP3ZcCQTzcbtomTOfCKR3BB232fqtJDaOlNq437ycukbMVoCbIeuLGPrhuC28My2y3oGOrGcfWqJRyqk/Rj1TsrlS3hXHOOYCUjITn822NivPaXXEINtVpBBGJjY=
Content-Type: multipart/alternative; boundary="_000_CY4PR22MB09834C1C31B6B350F8833CD4DA640CY4PR22MB0983namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c255bb6-8b44-4566-429f-08d69042a0af
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2019 17:01:55.5924 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR22MB0535
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/qrFW8nkskTUfgySl57VIAB8GIeU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 17:02:03 -0000
(Moving from the draft-specific list to the WG list.) Given the flexibility of TLS, it seems more likely that individual ciphers or (at most) versions would be deprecated rather than TLS as a whole. Both of those things have happened before (see RC4, SSL 3.0; TLS 1.0 and 1.1 are in the process of being deprecated) and HTTPS has survived despite mandating the use of TLS. However, in the extreme case, two things would need to happen: A revision to HTTP/3 permitting it to use versions of QUIC which employ a different handshake protocol, and a new version of QUIC based on something else. That’s because TLS is still being used as a module – a different version of QUIC could choose a different handshake protocol that provides the necessary properties and would work just fine (modulo any extensions that assume the availability of a TLS stack). From: Mantas Gridinas <mgridinas@gmail.com> Sent: Monday, February 11, 2019 12:24 AM To: draft-ietf-quic-http@ietf.org Subject: Regarding TLS 1.3 Usage Hi! I have looked through your document about HTTP/3 and its suggestions to use QUIC as well as TLS 1.3 at transport layer and the following question occurred to me: What will happen if TLS gets deprecated? Will we need an entirely new protocol to replace HTTP/3 once that happens? Wasn't it entire point of SSL and TLS that they wouldn't be packed with any particular protocol, but instead added as a layer?
- RE: Regarding TLS 1.3 Usage Mike Bishop
- RE: Regarding TLS 1.3 Usage Mikkel Fahnøe Jørgensen
- Re: Regarding TLS 1.3 Usage Salz, Rich
- Re: Regarding TLS 1.3 Usage Martin Duke
- Re: Regarding TLS 1.3 Usage Stefan Eissing