Re: [secdir] secdir review of draft-ietf-tls-grease

Carl Wallace <carl@redhoundsoftware.com> Tue, 13 August 2019 16:00 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB08F12083B for <secdir@ietfa.amsl.com>; Tue, 13 Aug 2019 09:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oVkNhstVvij1 for <secdir@ietfa.amsl.com>; Tue, 13 Aug 2019 09:00:28 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21EF0120800 for <secdir@ietf.org>; Tue, 13 Aug 2019 09:00:28 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id k13so9551192qtm.12 for <secdir@ietf.org>; Tue, 13 Aug 2019 09:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=t0/1qYwZGMUAh4uBbizkQMj0HccrI54ubgMuwuTYfFY=; b=ZZGkzn6+jIPtjSso6t04RJE3NhySk8Ezox5SPsgKuVHDYbntqnx+XO95N/sr6IcKbd YrmrFAaAEaPZ0EjxpI17/582gr5rJUWBr8EORa0z0CqAsySQ0kR7gdQXi76SX1hbvlr7 WNKUijn9l5HGi9sMDgbXRBqr+kgW7rZ0hJnm4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=t0/1qYwZGMUAh4uBbizkQMj0HccrI54ubgMuwuTYfFY=; b=TfJt/BCTjQtWcVGqianEOSQSiX50S+TnPjzGZJ1YQ5Tk15AP0OX3WzY/zpMJ1o2jR2 hyNr4JLYLokcHGdRCZg1VkXoCnyNawuthHDtPGIx+40+Qf2FhlpdQOJcUGPUPGZvIvjE UlLjgGMYVzvecEe36/4rRUJ8DL7irf0CGXIySF34YwgEoW6CPLpiJ2W6e627ebDK09o7 46yKz7XlXPQEcihCKHUZt+GmzvjjSJQBbdraBKtlNgvFGDOHRLAZRKek3A3AlfH5UU43 WtjND4Y49elf3n8CS3sCfo54aiAl3/0KOIWoQrpGyCJ7kCITOOUlAVlMe85f+o9D1RXg X+Rg==
X-Gm-Message-State: APjAAAUjyxU2q6UGtii3H72SN89XQmPdj6Rmh6aRP3XN4vYYQm586Yox hDMi7B75p+6gkWUuIzer+hHFENL+NblMPl57rk3mY9Kn
X-Google-Smtp-Source: APXvYqy0oJAfsD/uGmcNClEfZkPxqIhhDkFOw4rgrqhzSivCWu3H5P3q8xXh+xnSgmOJNPn7gje7p+zcwCHw8Mygy3c=
X-Received: by 2002:ac8:7094:: with SMTP id y20mr6979583qto.140.1565712027148; Tue, 13 Aug 2019 09:00:27 -0700 (PDT)
MIME-Version: 1.0
References: <D978436E.E80A3%carl@redhoundsoftware.com> <1BF964FE-2217-4063-B8F5-1FAC1FE050E5@sn3rd.com>
In-Reply-To: <1BF964FE-2217-4063-B8F5-1FAC1FE050E5@sn3rd.com>
From: Carl Wallace <carl@redhoundsoftware.com>
Date: Tue, 13 Aug 2019 12:00:15 -0400
Message-ID: <CAGNP4Bn5tha02L9-G7MzSXDE+rFppn5tL_NkBm4CM1Ahew__VA@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-tls-grease.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000331a08059001bd15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3wDUQi7QQqSfFpnAanyq9fF6B34>
Subject: Re: [secdir] secdir review of draft-ietf-tls-grease
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 16:00:37 -0000

OK. Impacting the version number stream was a new thing to my eye. Seemed
worth asking.

On Tue, Aug 13, 2019 at 11:52 AM Sean Turner <sean@sn3rd.com>; wrote:

>
> > On Aug 13, 2019, at 10:37, Carl Wallace <carl@redhoundsoftware.com>;
> wrote:
> >
> > I have reviewed this document as part of the security directorate's
> > ongoing effort to review all IETF documents being processed by the IESG.
> > These comments were written primarily for the benefit of the security
> area
> > directors.  Document editors and WG chairs should treat these comments
> > just like any other last call comments.
> >
> > This document describes a mechanism to prevent extensibility failures in
> > the TLS ecosystem.  It reserves a set of TLS protocol values that may be
> > advertised to ensure peers correctly handle unknown values. Aside from a
> > nit/question, the document is ready.
> >
> > The question relates to language in section 2. which states: "The values
> > allocated above are thus no longer available for use as TLS or DTLS
> > [RFC6347] version numbers." Should this draft be marked as updating 6347
> > and 8446 as a result? At present it is Informational and does not update
> > any other specifications.
>
> I tend to think that an updates header is not required.  RFCs that
> allocate and reserve code points do not need to update the RFC that
> originally created them.  For example, RFC5764/RFC7983 reserve a block of
> TLS ContentType space and neither of the those drafts updated the base TLS
> spec.
>
> spt
>
>