Re: [Tls-reg-review] Adopting tls-flags
Yoav Nir <ynir.ietf@gmail.com> Sun, 21 March 2021 04:58 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93B483A1568; Sat, 20 Mar 2021 21:58:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6PbL4orBpyva; Sat, 20 Mar 2021 21:57:57 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 623753A1564; Sat, 20 Mar 2021 21:57:57 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id r12so15920067ejr.5; Sat, 20 Mar 2021 21:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=jT7aas/hUqfIkyNq9k/C8yONaHrHh1A+aGXAtoG1S2E=; b=ULhnWN/bUdfmdHJudFvsUxsqI/ZeIPXQHdNjCFUUaCc2KhLlqCmV77KqCgs5l4Had5 aJj+Wv9GiwnVIpaUgWP8jdFexFMjG+s4XW1cR4wBGNh+wdWyyrxkUKw6T7XyBk9V+XVC Uyx0lPVz/jZI6gkELPHzcpaPhU4ec1gyRoJyxzQl/2dVR7Lke9Y2sK4FBC36B4ilMQPB jvBGIoZtF3EKl4DPAjKhOGftV16zWo0l8LqnvlLDg2kScN/8mdFpk7ktTuGhvfNNjObC Q0iRNscR90Kiu6yV1YjC0nPtQIuAMA4ciJyLHdIoStfB/GOEpVQDNJoRH2Qhhrvw73tR hYpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=jT7aas/hUqfIkyNq9k/C8yONaHrHh1A+aGXAtoG1S2E=; b=gPTdPAhpT8M47dN4jOBfs7Iek0KBZLOAymqQDy2k1Xgp2/g5jnopplbN46oqeuXoRW SuPeFCLezfs2LA8TUjW9Fz8+8t6WF8GzkwZiXCmjkJC6lAWYHoLiAgRmjngej1Ti7a5V Bcg4yh4vbIFZE8jKpq1RjoWXW3ppt4CJWrwCQNkt+b5zyK035uoWig6Kw5SuMxDHOY/e LdFkQ8t/r/3jPlLXs6z5XS+P/Sjip6UOr2tk9gxCwpmvoUdNRt5BAEyHULYwuJF82AEV tOwZvdSla6Z6Zwzt8gP5hJXSLTbukvFj6nSX+2jVcfdZ0pZb57+EazLzz2qYddRpTOM9 YQhA==
X-Gm-Message-State: AOAM532H1pXc3Xnc0/ebmhJKhe/zS3otwU+PbynQgGTp64ig2UCZnH2s FzPzzCCohNv7EU+2IFRpe+S4ttancHA=
X-Google-Smtp-Source: ABdhPJzXVujs8jjvG1j6LXiZPO8JD5neyv1YRczXkECeNjm1fT6OD57BdAtybklmO7NxqTG/67lu6Q==
X-Received: by 2002:a17:906:9be1:: with SMTP id de33mr13095847ejc.320.1616302670666; Sat, 20 Mar 2021 21:57:50 -0700 (PDT)
Received: from [192.168.1.19] ([46.120.57.183]) by smtp.gmail.com with ESMTPSA id y17sm6362736ejf.116.2021.03.20.21.57.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 20 Mar 2021 21:57:50 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <E37616E0-5199-4258-BCAB-DFF9B3C5C14C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D2E4229D-C3AC-4353-AE95-D13EB168162B"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Sun, 21 Mar 2021 06:57:49 +0200
In-Reply-To: <20210319203859.GF79563@kduck.mit.edu>
Cc: Christopher Wood <caw@heapingbits.net>, Victor Vasiliev <vasilvv@google.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>, draft-ietf-tls-cross-sni-resumption@ietf.org, TLS Chairs <tls-chairs@ietf.org>
To: Benjamin Kaduk <kaduk@mit.edu>
References: <1241c65d-6c9c-4935-920f-5ae56babcd7e@www.fastmail.com> <CAAZdMadAGa=X5+ktAUjr-=fvxrpQwRfERHbpR4+6KfXeiWxAGw@mail.gmail.com> <7fb3a536-6716-4f55-82ed-2c4b96669166@www.fastmail.com> <b1a39bbf-23b8-472c-9565-20479ee7b262@www.fastmail.com> <CAAZdMad7A3fJG9GyNrXgSnsnC-wHN5_V4wpaOqWwAtUGzWtbsw@mail.gmail.com> <1f78ab86-8e27-4d8a-b670-b1a5d6432eb0@www.fastmail.com> <20210319203859.GF79563@kduck.mit.edu>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/ig2-_LribH7d4j9LsSHOg6ltLCw>
Subject: Re: [Tls-reg-review] Adopting tls-flags
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2021 04:58:03 -0000
You mean add the cross_sni_resumption value to the tlsflags draft? Sure. We can do that, if we’re sure that the cross-sni-resumption draft is getting approved in this form. I don’t think there has been a WGLC for it yet. Also, section 4.1 of the TLSFLAGS draft has this advice: 4.1. Guidance for IANA Experts This extension allows up to 2040 flags. However, they are not all the same, because the length of the extension is determined by the highest set bit. We would like to allocate the flags in such a way that the typical extension is as short as possible. The scenario we want to guard against is that in a few years some extension is defined that all implementations need to support and that is assigned a high number because all of the lower numbers have already been allocated. An example of such an extension is the Renegotiation Indication Extension defined in [RFC5746]. For this reason, the IANA experts should allocate the flags as follows: o Flags 0-7 are reserved for documents coming out of the TLS working group with a specific request to assign a low number. o Flags 8-31 are for standards-track documents that the experts believe will see wide adoption among either all users of TLS or a significant group of TLS users. For example, an extension that will be used by all web clients or all smart objects. o Flags 32-63 are for other documents, including experimental, that are likely to see significant adoption. o Flags 64-79 are not to be allocated. They are for reserved for private use. o Flags 80-2039 can be used for temporary allocation in experiments, for flags that are likely to see use only in very specific environments, for national and corporate extensions, and as overflow, in case one of the previous categories has been exhausted. So IMO this is more fitting to receive the number 8 rather than the number 1. That is, unless the WG wants to make the case that this flag extension is going to be present in most ClientHello messages from now on. Yoav > On 19 Mar 2021, at 22:38, Benjamin Kaduk <kaduk@mit.edu> wrote: > > The draft that creates the registry owns the initial registry contents > until the registry itself is created. > > So, just put the value in the draft's source, and try to avoid re-using a > number for different things during the draft's time as a draft. > > -Ben > > On Fri, Mar 19, 2021 at 01:26:10PM -0700, Christopher Wood wrote: >> + tls-reg-review >> >> Good question! Since this is a new registry, I don't see any problem with grabbing 1 to populate it. The registry experts may have a better answer though. >> >> Best, >> Chris >> >> On Thu, Mar 18, 2021, at 5:06 PM, Victor Vasiliev wrote: >>> Do I actually get to just use 1, or do I need to ask you to do the >>> early allocation process? >>> >>> On Tue, Mar 16, 2021 at 9:50 PM Christopher Wood <caw@heapingbits.net> wrote: >>>> Friendly bump! >>>> >>>> On Mon, Mar 1, 2021, at 7:52 AM, Christopher Wood wrote: >>>>> Hi Victor, >>>>> >>>>> On Mon, Mar 1, 2021, at 7:39 AM, Victor Vasiliev wrote: >>>>>> Hi Chris, >>>>>> >>>>>> This makes sense. I will update the draft some time after the upcoming >>>>>> IETF. Do you want to just add a codepoint reserved for cross-domain >>>>>> resumption into the draft, or how does that work? >>>>> >>>>> Good question. I suspect your draft would just add, in the IANA >>>>> considerations section, something like this: >>>>> >>>>> ~~~ >>>>> This document requests that IANA create a new entry in "TLS Flags" >>>>> registry with the following parameters: >>>>> >>>>> - Value: 1 >>>>> - Flag Name: "cross_sni_resumption" (or whatever you want to name it) >>>>> - Message: NewSessionTicket >>>>> - Recommended: Y >>>>> - Reference: This document >>>>> ~~~ >>>>> >>>>> (See https://tools.ietf.org/html/draft-ietf-tls-tlsflags-04#section-4) >>>>> >>>>>> >>>>>> (sorry for late response, just noticed the part about the draft submission deadline) >>>>> >>>>> No problem! >>>>> >>>>> Best, >>>>> Chris >>>>> >> >> _______________________________________________ >> tls-reg-review mailing list >> tls-reg-review@ietf.org >> https://www.ietf.org/mailman/listinfo/tls-reg-review > > _______________________________________________ > tls-reg-review mailing list > tls-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/tls-reg-review
- Re: [Tls-reg-review] Adopting tls-flags Benjamin Kaduk
- Re: [Tls-reg-review] Adopting tls-flags Christopher Wood
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir
- Re: [Tls-reg-review] Adopting tls-flags Christopher Wood
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir
- Re: [Tls-reg-review] Adopting tls-flags Christopher Wood
- Re: [Tls-reg-review] Adopting tls-flags Benjamin Kaduk
- Re: [Tls-reg-review] Adopting tls-flags Christopher Wood
- Re: [Tls-reg-review] Adopting tls-flags Sean Turner
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir
- Re: [Tls-reg-review] Adopting tls-flags Victor Vasiliev
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir
- Re: [Tls-reg-review] Adopting tls-flags Christopher Wood
- Re: [Tls-reg-review] Adopting tls-flags Victor Vasiliev
- Re: [Tls-reg-review] Adopting tls-flags Yoav Nir