[secdir] secdir review of draft-ietf-tls-grease

Carl Wallace <carl@redhoundsoftware.com> Tue, 13 August 2019 14:37 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7D2120889 for <secdir@ietfa.amsl.com>; Tue, 13 Aug 2019 07:37:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RqeCWezYTJKu for <secdir@ietfa.amsl.com>; Tue, 13 Aug 2019 07:37:44 -0700 (PDT)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F299D12088F for <secdir@ietf.org>; Tue, 13 Aug 2019 07:37:43 -0700 (PDT)
Received: by mail-qk1-x732.google.com with SMTP id m2so15527582qkd.10 for <secdir@ietf.org>; Tue, 13 Aug 2019 07:37:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version:content-transfer-encoding; bh=X8OM5H+1v1W7uzx0us5gamjGJ3utDvZJZ3scolJYXQY=; b=g7zXRDYSiy8sJvyqmCxeLuPMIRtM50gbG3MlIPwbRlIK+U3ZjgTAfRYrJY5i7+Nrk7 TjwhLgJaX6aA9oraBzVMnn71xRRVq4PuVJ+yd2do90R6/rg2cwhs6B31jrZhx777JB1M 46w5AH3GAu3n9RF3/MzBAO0q9IZRae4HhDhFw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:mime-version:content-transfer-encoding; bh=X8OM5H+1v1W7uzx0us5gamjGJ3utDvZJZ3scolJYXQY=; b=NiejxjT1k7VRpd3WpJ8ty12eC1ezAO2NQZDmZNljiQEpF7Ncc4kr8vDQqipwC7mg7X Rv2bnHESOhmW6rQJfotVyRfuE3stjw9YlJ0eaAgqORHEV4310x0Kp2PpFn7DvFGKwdWn Rd8krj1SLLZSXPZr3mIi8EtKojJ0OT6uPuhW0W2lyZjFDejy+mNrbJrCdDmsamoUv6XS cTezSU77ACgjnzd4Av/2X3N2/UNyhwqmQe2zZqbEU2AWPKnt0XlbASI7y5i0swlbXNoF ufGX0+EFVhssUS3nlY9tnzZIm/fVh3WzoPgyU13db7Mp6PIM9NI27MQVPY8MYocqBsjj F1Xw==
X-Gm-Message-State: APjAAAW40q0ewnBLgKbaAgLNBVz7Y3CuZOM9m2FGqdCFI9t/6ufsMZ0D RrV/Y+rZnEM5t1jsLZaKfytaoQ==
X-Google-Smtp-Source: APXvYqzaiawExX46RKT6jqlVcEhaw5oJQZTAL8RicjpVLwbV/t0vrqOTGFfPyywwJZCnUXEyXKF5KA==
X-Received: by 2002:ae9:c303:: with SMTP id n3mr33672776qkg.372.1565707062997; Tue, 13 Aug 2019 07:37:42 -0700 (PDT)
Received: from [192.168.1.5] (110.sub-174-242-87.myvzw.com. [174.242.87.110]) by smtp.googlemail.com with ESMTPSA id o18sm5310684qtt.4.2019.08.13.07.37.32 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 13 Aug 2019 07:37:42 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Tue, 13 Aug 2019 10:37:34 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-tls-grease.all@ietf.org>
Message-ID: <D978436E.E80A3%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-tls-grease
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/oHShmWZ43cGRIGnmbrnz1BoDlxI>
Subject: [secdir] secdir review of draft-ietf-tls-grease
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 14:37:52 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document describes a mechanism to prevent extensibility failures in
the TLS ecosystem.  It reserves a set of TLS protocol values that may be
advertised to ensure peers correctly handle unknown values. Aside from a
nit/question, the document is ready.

The question relates to language in section 2. which states: "The values
allocated above are thus no longer available for use as TLS or DTLS
[RFC6347] version numbers." Should this draft be marked as updating 6347
and 8446 as a result? At present it is Informational and does not update
any other specifications.