Re: [TLS] An IETF draft on TLS based on ECCSI public key (RFC 6507)

Dave Garrett <davemgarrett@gmail.com> Sat, 08 July 2017 05:26 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8051B128B4E for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 22:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.8
X-Spam-Level:
X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lgoHOXXG_Djt for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 22:26:43 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F66E12741D for <tls@ietf.org>; Fri, 7 Jul 2017 22:26:43 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id 16so42279805qkg.2 for <tls@ietf.org>; Fri, 07 Jul 2017 22:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=MbV9I2f2FHu7d/Yy2lBpw6QMWWzfHgJgGUBfAK1V3Ak=; b=KAoMAgIMlLxTHb/Blk+GkV98hXnab/6kmVk0tvPlw1oq1LxgRkDd7ZHQIUrMNFE/9G nM/2WetSqdYyU78FHRytJ/hjdJWLnfw4GI5wslF8XZUW6bevaiR7IMxjmJr4UblO42dB 0mKXF2ABnYlZmDNV6sXmEu72WchfajzmQHtveyqRQDBL800x898GLEQ6iUjafp3w62/A Trc54wlKF1evGaP7224A+npi4DE3HApxjb34dUtuOfb/kpjichvYGyr8HUuUYdLbwOZQ 8EeX1Ah0AyXY0D/r4m5q0l5tCXE9ZyU5uc1q3riB8iv82P3L+JIe78gq/bj6t3guliiL MClQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=MbV9I2f2FHu7d/Yy2lBpw6QMWWzfHgJgGUBfAK1V3Ak=; b=StAfy7QGzJid5a2iEJaFNJw8t2wB8b9Zm80iNQguaDULT1MgGSsaCF3qGHnz7Tqz/3 V9fvXfZm0lUmN4as+c6/1ieLPSJeQor9Smz7wre8esyLMLzy6G9oo6ReGS7X0WDw4VU7 X+TO5IGC/d/D6k1g9S6PpR5IrMv3UfDerBOtk/aHHmdOiiSSNS7pJhXH4NhQwBzLo7e6 cAaoljOrdxdf7D/19tOvjwqXNtqNIUHCeDATVfNWmeuoauIT5dNmr62lOPkBi9Q+u5Bh kn11N6Xl5mOHGuYkYfi2rO4yBPvZRTocUGxDKORRWVwqrKFoLvDi2EPcXDUM6BWqL7yI zbVg==
X-Gm-Message-State: AIVw1112o/xN533QX7coMe18a/N3iS7aMg+K9fzqDk5GZ4h2AKLO7LKf vyaeEkgKqC7k7s9B
X-Received: by 10.55.17.77 with SMTP id b74mr161552qkh.257.1499491602482; Fri, 07 Jul 2017 22:26:42 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-175-70-41.phlapa.fios.verizon.net. [71.175.70.41]) by smtp.gmail.com with ESMTPSA id m49sm4345480qtf.32.2017.07.07.22.26.41 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 07 Jul 2017 22:26:41 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Date: Sat, 8 Jul 2017 01:26:40 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
Cc: "tls@ietf.org" <tls@ietf.org>, "Wang Haiguang" <Wang.Haiguang1@huawei.com>
References: <149907920017.607.217202033021863337.idtracker@ietfa.amsl.com> <201707062201.08455.davemgarrett@gmail.com> <5af19fe7273748579cb2537313667aba@usma1ex-dag1mb1.msg.corp.akamai.com>
In-Reply-To: <5af19fe7273748579cb2537313667aba@usma1ex-dag1mb1.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <201707080126.40787.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-NMcjujMKo_-X2G7dJaQdjGiNBw>
Subject: Re: [TLS] An IETF draft on TLS based on ECCSI public key (RFC 6507)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 05:26:44 -0000

On Friday, July 07, 2017 11:14:10 am Salz, Rich wrote:
> On Thursday, July 06, 2017 10:01:08 pm Dave Garrett wrote:
> > Just as a clarification, all new RFCs should ideally meet all of the following
> > criteria:
> > * AEAD only
> > * PFS only
> > * TLS 1.2 and 1.3 support
> > * no TLS 1.0 or 1.1 support (let alone SSL)
> > * no use of broken hashes (MD5, SHA1, etc.)
> 
> That's a good idea.
> 
> Want to throw together a quick draft for curdle or AD-sponsored SAAG?

I was just enumerating the points that seem to have a general consensus in this WG and come up each time a new doc is discussed. I was going for FAQ, not RFC. ;)

That said, if we think there could be an actual benefit to formalizing this, probably with more detail (such as in Ilari's follow-up), that would be something I'd support.


Dave