IETF Logo Mail Archive

Re: [TLS] MTI extensions?

Martin Thomson <martin.thomson@gmail.com> Sun, 15 March 2015 18:08 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82E011A1B60 for <tls@ietfa.amsl.com>; Sun, 15 Mar 2015 11:08:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 170onLi1Fz3X for <tls@ietfa.amsl.com>; Sun, 15 Mar 2015 11:08:24 -0700 (PDT)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C6E81A1B5F for <tls@ietf.org>; Sun, 15 Mar 2015 11:08:24 -0700 (PDT)
Received: by obbgg8 with SMTP id gg8so21152917obb.1 for <tls@ietf.org>; Sun, 15 Mar 2015 11:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8BR3IedZ7fNEJqft/ba5+jmZhtjCXI+FPw0HRDs6M+g=; b=YgP8fOPA2lVMgZ7ieLzz2WLw/EbeK8PoFRIUlEmDUe8jDcYIg1yE+kk9OGrXklyMuK 86CzOzz/4sn7b4Gn8e3oqd8hD+eMO300puShdfzssLLu7FxBiYjS31Z6Re8l1AGvjPol GXh+0fd5RE36W0UtRQ0usb5VPj1XhWLi/fphNtrkpLzJ5v5j66QoVCjU7yhX80jvnz0o YxPyCoytDcTfX0TPssSpNk4zsfrK33DrN4Yihk/I5N4/axqz8rRET+b8SlsOz6l1Zl6P +96pzFK2MwvkcX1WoAh/UK6kudK1YyPHN4yakWJobeDvqLR6bhnM0EOgPtaAtfU7Ylq8 F/4A==
MIME-Version: 1.0
X-Received: by 10.60.84.40 with SMTP id v8mr9273177oey.80.1426442903601; Sun, 15 Mar 2015 11:08:23 -0700 (PDT)
Received: by 10.202.86.20 with HTTP; Sun, 15 Mar 2015 11:08:23 -0700 (PDT)
In-Reply-To: <201503140212.53255.davemgarrett@gmail.com>
References: <201503140212.53255.davemgarrett@gmail.com>
Date: Sun, 15 Mar 2015 11:08:23 -0700
Message-ID: <CABkgnnVxV3W5vMgUwCPGVzQYFAsmv4cY18xECQRbHu1QVdW_tQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-XGQe2sRv-P4KQfOmD-OFvpvz_w>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MTI extensions?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Mar 2015 18:08:25 -0000

On 13 March 2015 at 23:12, Dave Garrett <davemgarrett@gmail.com> wrote:
> Idea: Add a small section after MTI cipher suites for MTI extensions.

I think that's fine.  Signature algorithms was made mandatory in 1.2,
here, we are going to make ClientKeyShare mandatory.  I think that
there is good justification for SNI too.

> After enumerating the extensions that are part of the TLS 1.3 spec itself, I think it would be helpful to list a few other extensions that are reasonable to expect of all implementations. In particular, SNI & ALPN should ideally be available everywhere.

I don't see any point in making ALPN mandatory.  If you need it, you
need it; if you don't, that's all there is to say.

v2.23.0 | Report a Bug | By Email