Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)
Eric Rescorla <ekr@rtfm.com> Thu, 12 December 2013 02:59 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DE01AE1C5 for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 18:59:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nb3LMWvDbrtO for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 18:59:21 -0800 (PST)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) by ietfa.amsl.com (Postfix) with ESMTP id 92A571ADFA0 for <tls@ietf.org>; Wed, 11 Dec 2013 18:59:21 -0800 (PST)
Received: by mail-wi0-f174.google.com with SMTP id z2so8036378wiv.1 for <tls@ietf.org>; Wed, 11 Dec 2013 18:59:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=1LN4WsWBf1C7ceb7wpldsfjARlMvxed1ExQBjfom260=; b=OJG1yYhrqQ0jrzpIubPwx1VEpwFftWSSNS4+Lir3yffxAHvplR4hrQuheWVFYzKUGZ Vol+NYAefkaS78ngRX7g6AZ6LwLbPEFpoS/BVIYyAQ0rJKmC0gIVk89eGvSMu5OND+Mi xPcV2K7S6ezo0IPbUvWq5p2taOmzYYWCDC0c3BfsmnQ2S1zWtoLf63yEYLzXeAOuo8GG sUsyM9m4GCxvy4E/bGRe0T5XzIBW+RXw1f7AuYmegADHhjgOuxwPh9wBLlkS5zRiKbRJ ueFwyrO27e+avNdVaLL2p47ZKyAczkPoxoG9jm6F+JBfd0JI3XoRb5a58mkINT+piIeC 5wfw==
X-Gm-Message-State: ALoCoQk/rRnjGRkt3DiakJGjbu3tUwZFv64WQ+KyQy9RhSEtj77ReancNZFJRGRQE8c4Ka/qaziz
X-Received: by 10.194.240.197 with SMTP id wc5mr4230210wjc.23.1386817155440; Wed, 11 Dec 2013 18:59:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.216.54.194 with HTTP; Wed, 11 Dec 2013 18:58:35 -0800 (PST)
X-Originating-IP: [118.163.10.190]
In-Reply-To: <CAFewVt6ufrcteLfKA+r_7kby3fNRcwG410FJ1enu=pVO=xeBBQ@mail.gmail.com>
References: <CAFewVt7SS9ud8J=6VtR-Zv-9bhaTHEnjT8XD+ULaRSVUkYftaQ@mail.gmail.com> <CABcZeBM=gOZrm1EGDSer2RmGsbOoxPDSQK5t-+LZmWaB6a_swQ@mail.gmail.com> <CAFewVt6ufrcteLfKA+r_7kby3fNRcwG410FJ1enu=pVO=xeBBQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 12 Dec 2013 10:58:35 +0800
Message-ID: <CABcZeBN=xvFG_515immvF_FuUvGXnDThrWnj_rr8Ct8Wi1jnoA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 02:59:23 -0000
Brian, You write: But, don't you think it would be better for the whole working group to make that determination, instead of just the chairs? I think that if you simply asked the working group if we (still) have have a consensus, and the consensus is "go ahead with ALPN," then the whole issue would be resolved within a week or two, and there would be no trouble with IETF LC. This is the purpose served by the WGLC, which ended in September. You are asking for yet another call for consensus; this would be appropriate if there were materially new information available to the WG which became available after WGLC (otherwise, people could just keep asking for consensus calls). Whether this is in fact the case is a question for the chairs and the ADs. We consulted with the AD prior to taking this action, so perhaps he will respond to you separately. -Ekr On Thu, Dec 12, 2013 at 8:58 AM, Brian Smith <brian@briansmith.org> wrote: > On Tue, Dec 10, 2013 at 10:30 PM, Eric Rescorla <ekr@rtfm.com> wrote: >> After reviewing your request, the chairs believe that it does not raise any >> new substantive issues that were not known to the WG at the time of the >> decision to adopt ALPN and the subsequent WGLC. Therefore, we do not >> believe it is appropriate to re-open the issue at this time. >> >> Because the document has already passed WGLC, we will be asking the >> AD for advancement. You should of course feel free to reraise your objections >> during IETF LC. > > Thanks for the response Eric. > > I can understand that the chairs may not think it is appropriate to > re-open the issue at this time. It isn't surprising, because you have > lobbied for ALPN and against NPN, and you've also said that it is > important for Cisco (the other chair's employer) to have its > inspection appliances capable of learning which protocol is being used > on TLS connections. > > But, don't you think it would be better for the whole working group to > make that determination, instead of just the chairs? I think that if > you simply asked the working group if we (still) have have a > consensus, and the consensus is "go ahead with ALPN," then the whole > issue would be resolved within a week or two, and there would be no > trouble with IETF LC. But, if we don't verify that we actually have a > consensus now, then during IETF LC there will be doubt about whether > we still have a consensus. > > I remember somebody once saying that, when we have authority, it is > important to avoid not just impropriety, but also the *appearance* of > impropriety. We as a working group have the authority and > responsibility to everybody that uses IETF protocols and products > based on TLS to make sure we've made good decisions and achieved > consensus. So, I still think it is important, before advancing the > document to IETF LC, that we clarify and verify that we actually have > a consensus. > > Thanks again, > Brian
- [TLS] A new consensus call on ALPN vs NPN (was AL… Brian Smith
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Hannes Tschofenig
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Tom Ritter
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Stephen Farrell
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Eric Rescorla
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Daniel Kahn Gillmor
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Stephen Farrell
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Brian Smith
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Yoav Nir
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Bill Frantz
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Daniel Kahn Gillmor
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Yoav Nir
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Brian Smith
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Watson Ladd
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Brian Smith
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Brian Smith
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Wan-Teh Chang
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Paul Hoffman
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Watson Ladd
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Eric Rescorla
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Ralf Skyper Kaiser
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Yoav Nir
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Nikos Mavrogiannopoulos
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Alyssa Rowan
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Stephan Friedl (sfriedl)
- Re: [TLS] A new consensus call on ALPN vs NPN (wa… Bill Frantz