IETF Logo Mail Archive

Re: [TLS] Feedback on draft-ietf-tls-tlsflags

Yoav Nir <ynir.ietf@gmail.com> Fri, 31 January 2020 14:00 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5931F1201C6 for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 06:00:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnNwrwlwGUNm for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 06:00:43 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67BBD120129 for <TLS@ietf.org>; Fri, 31 Jan 2020 06:00:43 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id j104so8707796wrj.7 for <TLS@ietf.org>; Fri, 31 Jan 2020 06:00:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=1x/f5U+2ZnU5SdMA0EJ+X19QXKXbDXDSM4/D0Xiu/LY=; b=I+06Jme7hkOCboL3MdMGgJ0x3ohkmWBT0k5wEe8L7+ZXaVkpb58WyfwMLM9lpCZWkf lFmOXAtsKhNaXi/U5rn6/NN0DKoXhm0BkeTAog+hkfsI0sVEagb+qmE2GidYmZfH4a31 +8pOwy6hlO9MGilhDRtLtdduS9MRON6JLkVSLLT1HHWtiRKsXFJEwMEXhCII/kaJzlNs 4W6EKYq057eVzuWXg2Cgk+YI7+mEikHXYH/0GyyR47ivuj+Kb84NFf9VuOMMJQA41UFz LVgpCcLcmWRChHrHeu305eikY/OGIlsIe3ZLIZX5g61lZQZL6zjt7pgK420eXRk4ZqX3 7fKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=1x/f5U+2ZnU5SdMA0EJ+X19QXKXbDXDSM4/D0Xiu/LY=; b=TkqJWGeT9dvqkgYus+4JWRmz17g/CFtrXTaoMFtEEqnwqJcg/a/iE7NlvTLyqDPxjI tgHytU816FX3P74iv51m0SOwIwG4nV61o+55v1pqjzd8J0qz0GEKSu3CMAwCzeQj7Vrd DGuSl4y+KSzU3OVI7dENXP06RdZ+/cl8yGc9oMLbT4IRCVNL4/+APtvt6MNbhbh7Zi3z YdbleiS18xPflbUX0V8OqcLa/qOQH2M3gkiFIL0m4odGEttyd98cNXECssYsK452nmOM bCyIG7gVYen1chyhKOLIWwj1xsohXnkCDMwzvjdUfXwXkVO3F23cw83EhDldGbS6Y7CU Vaxw==
X-Gm-Message-State: APjAAAUo0DH/aTmHQapLUyQEYe1+7Yv9O+ExTaVrMRSOQX5EqxHXcHwA r5zMIQTDsCicDLDoO/nEV+M=
X-Google-Smtp-Source: APXvYqznnCVVhQ1jNL5eNMzc/UTVlH8lqQ/wkJtxnvDKAbudFNA/s2/YLFV4J75oI05BsJ/+X+FW7w==
X-Received: by 2002:a5d:53c1:: with SMTP id a1mr12050114wrw.373.1580479241946; Fri, 31 Jan 2020 06:00:41 -0800 (PST)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id j12sm12823989wrw.54.2020.01.31.06.00.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 Jan 2020 06:00:41 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <2C73A60D-2870-4AD3-A506-CB1FCC6B60FD@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DB41E45D-E1D9-41A9-B5D4-EA1D9EDF9B94"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Date: Fri, 31 Jan 2020 16:00:39 +0200
In-Reply-To: <a92e4269-cc35-9ecc-6c38-b62f9cecd626@cs.tcd.ie>
Cc: "TLS@ietf.org" <TLS@ietf.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <6d2a87a9-6d9a-4a39-913b-e9f620275cec@www.fastmail.com> <6F2B5A29-E7EF-4F83-A5F7-A40484D319FB@gmail.com> <a92e4269-cc35-9ecc-6c38-b62f9cecd626@cs.tcd.ie>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-RzJWDtDGC6IJTVXSsW6mVOt4QM>
Subject: Re: [TLS] Feedback on draft-ietf-tls-tlsflags
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 14:00:45 -0000


> On 30 Jan 2020, at 22:08, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> 
> On 30/01/2020 17:57, Yoav Nir wrote:
>> Hi folks.
>> 
>> In case you’re not following GitHub, there was an issue with a brief
>> discussion ([1]) and a resulting pull request ([2]).
>> 
>> If there are no objections by late next week, I will merge the PR.
> 
> Allowing 2040 flags seems a bit mad and a possible
> foot-gun - with a specification required rule that
> could end up worse than the ciphersuites registry!
> 
> Given it's possible to define a tls_flags2 extension
> if this one runs out, I'd argue to constrain this to a
> much smaller number of flags - 63 should be plenty
> I'd say.
> 
> That said, it's not that huge a deal since I have
> a hard time seeing implementers even trying to code
> for 2040 flags and specification required is the
> same rule as for extensions.
> 
> Cheers,
> S.

The format allows 2040 bits. I think we should never define that many bits. I think we should never define even 60 bits. But I also think it should be left up to the TLS chairs and the IANA experts to serve as gatekeepers rather than tying their hands in the specification.

v2.23.0 | Report a Bug | By Email