IETF Logo Mail Archive

Re: [rtcweb] DTLS version

Eric Rescorla <ekr@rtfm.com> Fri, 04 July 2014 19:49 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46C421A0538 for <rtcweb@ietfa.amsl.com>; Fri, 4 Jul 2014 12:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UiB5rUnDw5Ml for <rtcweb@ietfa.amsl.com>; Fri, 4 Jul 2014 12:49:30 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBE921A009E for <rtcweb@ietf.org>; Fri, 4 Jul 2014 12:49:29 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id cc10so12650421wib.3 for <rtcweb@ietf.org>; Fri, 04 Jul 2014 12:49:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=4+LBvmPjLlfpX4Q76LXbp6RUq3jeOBNf/GHNMaXhg/M=; b=eZ9HX8jPxACooP5xg9cAD19gk/BZGQjctr4iG0YNhOy7SKLwwqycFO+/vzlTBpqhTE MyZNxh0SNT7c14OFTeTmddhiauCiDRHATCNFO88KQ0to7fdE6/33yaGICMD3vKIMkOGE koKfD8Gz2qmJUa8zyi3u4yz118wHqEEr+u4fD1hrC6DIjfdnx2r3Tq4ABEfepPK8nNZg LO2kWkczFrYvQzKLPMb0qSWcsVs01yutTEeIS2ilPcP4wT2ewJajIKb0+KSswzAj5cJN AlmwKiDEnZgsmsEr0o3qKdaBh0HUat6BbBKwIeIroRiqSCsMB9vJ4KGBwcd6PgckvsKL OhIA==
X-Gm-Message-State: ALoCoQlqbqdyM+82jc4kOq2wgswrotSIdx8mBqOh9qnYTemIC7sUl+HeQIJ0/d8fxC6IzygHc2sJ
X-Received: by 10.180.76.20 with SMTP id g20mr19128696wiw.7.1404503368394; Fri, 04 Jul 2014 12:49:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.57.202 with HTTP; Fri, 4 Jul 2014 12:48:48 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <949EF20990823C4C85C18D59AA11AD8B1FD11D@FR712WXCHMBA11.zeu.alcatel-lucent.com>
References: <A963F527-57EB-4617-9583-6C0D63DDE4BD@lurchi.franken.de> <CAOW+2dvgg3zMU0C_EjozRnEEs9BmSy2k0u2PKExb3AeCF6in=Q@mail.gmail.com> <C52F606C-C7E3-4AF8-B249-07C16A474F52@lurchi.franken.de> <CABkgnnXszLWwXgfg=TOHuxrnnQMy3QBaFKS2SC+eOHiC90cFoQ@mail.gmail.com> <DBE402B8-82FF-41A8-A971-9BB71D9A4830@lurchi.franken.de> <6355614E-44DA-4729-97C2-E903548EBA8B@gmail.com> <949EF20990823C4C85C18D59AA11AD8B1FC18D@FR712WXCHMBA11.zeu.alcatel-lucent.com> <CABkgnnWBeeSDoeHDkbjGEwvpcJ+Ld6q1Fs_Fwckp3oW_Hzmcew@mail.gmail.com> <53B660BC.4090907@alvestrand.no> <949EF20990823C4C85C18D59AA11AD8B1FD11D@FR712WXCHMBA11.zeu.alcatel-lucent.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 04 Jul 2014 12:48:48 -0700
Message-ID: <CABcZeBMTJpmriEnNNYwtah8ABjUvZMuuO2xHJ33Jc6_A1XsrMg@mail.gmail.com>
To: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
Content-Type: multipart/alternative; boundary="f46d043439465c0c7d04fd636c84"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/oBw-6HbOszbyB486hWHtC0cmMFc
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DTLS version
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 19:49:32 -0000

I made this change in the current draft at:

https://github.com/rtcweb-wg/security-arch/commit/c2af2bf7fd032abd367dff8d4d16f7ec435fa663

Note that the TLS WG is currently discussing whether to bring ECC onto
Standards Track.
If they do, we probably want ot require support of ECDHE. We should discuss
in YYZ.



On Fri, Jul 4, 2014 at 3:23 AM, DRAGE, Keith (Keith) <
keith.drage@alcatel-lucent.com> wrote:

> This is the direction I am tending in as well.
>
> Although what or if the second statement needs from RFC 2119 language
> would need to be debated.
>
> Obviously, new versions are not being put out there just to make it look
> like the WG is performing. In any referencing (not just this issue), I
> would need a good technical reason why the latest version cannot be made
> the normative reference. I am not seeing that at the moment.
>
> There is always be non-conforming equipment on the market (as an example
> look at the number of SIP implementations that still use UDP for large
> messages, or that can at least be configured that way). Just because we
> mandate 1.2 does not mean that everyone will conform from day 1, but at
> least a marker is established for what should be addressed if
> interoperability issues are identified.
>
> Keith
>
> > -----Original Message-----
> > From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of
> > Harald Alvestrand
> > Sent: 04 July 2014 09:07
> > To: rtcweb@ietf.org
> > Subject: Re: [rtcweb] DTLS version
> >
> > On 07/03/2014 07:58 PM, Martin Thomson wrote:
> > > On 3 July 2014 01:39, DRAGE, Keith (Keith)
> > > <keith.drage@alcatel-lucent.com> wrote:
> > >> Can someone elaborate what this massive apparent step
> > change is from 1.0 to 1.2?
> > > Actually, it's not a massive step.  TLS 1.2 (DTLS 1.2
> > depends on this,
> > > DTLS 1.0 depends on TLS 1.1) adds AEAD modes, but doesn't require
> > > their use, so you can pretty much just bump the version number and
> > > advertise 1.2.  That's exactly what we did with NSS, though NSS
> > > already supports TLS 1.2.
> > >
> > > That said, I agree with Jim about 1.0.  There's enough 1.0
> > out there
> > > now to make mandating 1.2 - as much as I might prefer that
> > - a little
> > > too aggressive.
> > >
> > >> Will those implementations that choose to stay with 1.0
> > still interwork with 1.2?
> > > That depends.  We could say "MUST NOT negotiate 1.0", which would
> > > prevent that.  I don't think that we're there.
> >
> > Sounds to me like MUST implement 1.2 (in order to move
> > forward), MUST accept 1.0 (in order to not lose the long tail).
> >
> > >
> > > _______________________________________________
> > > rtcweb mailing list
> > > rtcweb@ietf.org
> > > https://www.ietf.org/mailman/listinfo/rtcweb
> >
> > _______________________________________________
> > rtcweb mailing list
> > rtcweb@ietf.org
> > https://www.ietf.org/mailman/listinfo/rtcweb
> >
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>

v2.23.0 | Report a Bug | By Email