Re: [TLS] RFC8447bis
David Benjamin <davidben@chromium.org> Thu, 19 August 2021 14:37 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ABDD3A1CA7 for <tls@ietfa.amsl.com>; Thu, 19 Aug 2021 07:37:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.949
X-Spam-Level:
X-Spam-Status: No, score=-9.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVhPPNevSTqj for <tls@ietfa.amsl.com>; Thu, 19 Aug 2021 07:37:18 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1660C3A1CA1 for <tls@ietf.org>; Thu, 19 Aug 2021 07:37:18 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id qe12-20020a17090b4f8c00b00179321cbae7so4929757pjb.2 for <tls@ietf.org>; Thu, 19 Aug 2021 07:37:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UbgxkUxRhOgjVsQg4EirqIciDayA9Dv4QVHSmA4kptk=; b=GbfYFajmtjShtCrjNpwwmCSydDrQQVDZxwgiUWBuj38bzZZ5J+ZE79Zox2i/mmc9HY ZtOkpy+nockzC4rPYYtUw5RZYoRiV6yZY7/wzyL6uZz+R3o/EcSfGH78gtcdGbPsfYbx DJ9AkgP+Otl7ZAJok42UP2H1HrfLPUztsVczU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UbgxkUxRhOgjVsQg4EirqIciDayA9Dv4QVHSmA4kptk=; b=Cjows4oE35phRKRFTULyaEC+i/sNLLRHpbLnWyTY7A6l+2ax41lQL6r8zGmT/Gx50G OxX6xOYsNPLddqH1as8NaIJUfNBAaYqmyIFrzRqoFIe1lWHmLVo1LFAjTgm5xrsWZAp5 ta6Lqc5XEjkjlQOCljjdbmtu62fzOhtx66hwl2dXYZ9GbkAtXOyAuUl9O4XBmEXdb2ie TfkOiB/tqho1MbM0a7y2Wvp3SJoLZND1pDAzF6+0nadtCr5ZDg1N+7lP5AoB11Fc2Nrq 79RDVBwJSnK2uNUwgiF2g9VDBsoMLxZe6olkicoYoRBjoPG6mEeuMUWRmXB2OXDoN9rL RL3g==
X-Gm-Message-State: AOAM531Spsb7jQZ9EzgxRYbbXtE7gsTEt3YQhxSRO52Te1bZIIv7rmgm 9kXp+u9uqAsOWm+Kd1qsKHb8x/wocHeKLgJBoK6J
X-Google-Smtp-Source: ABdhPJyVcFz15qI0Fl6J2wkZpt4Rf5R3j3roQd7dgVE91mk1LaARbR5w4GET/wYGjphMZkjNOjJlBoEV03L4de7k8VY=
X-Received: by 2002:a17:90a:c28d:: with SMTP id f13mr15280803pjt.73.1629383836220; Thu, 19 Aug 2021 07:37:16 -0700 (PDT)
MIME-Version: 1.0
References: <b2a65504-4d9b-40bd-b0bb-3b2fa5d37f26@www.fastmail.com> <03560d15-6b48-435b-a509-7cbebce153b9@www.fastmail.com> <2760D629-9990-45F4-A9DE-B41B7698E9CE@sn3rd.com> <d17461d5-9ac6-4f8f-81ed-c65aba6870b1@www.fastmail.com> <49CEC64F-D7E4-4FAD-B1E5-2C7F04381CA0@akamai.com> <27e99896-c92e-4364-939a-803327a1f2d4@www.fastmail.com>
In-Reply-To: <27e99896-c92e-4364-939a-803327a1f2d4@www.fastmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 19 Aug 2021 10:36:59 -0400
Message-ID: <CAF8qwaDR6J9rmNtaOt8+bk2huGV+sYNW9yoS2dtsgmh+9mETdg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c3322c05c9ea7cc2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0zgdRDeugj-ZHTDdaa-8igJVxzg>
Subject: Re: [TLS] RFC8447bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2021 14:37:24 -0000
I agree with Martin. At the end of the day, a collision between IANA and a large-scale experiment isn't significantly more interesting than a collision between two large-scale experiments. They will still cause interop problems. There isn't really any collision benefit to blocking off a range. If anything, there is a *more* collision risk: the experimental block is much smaller than the full codepoint space, yet, by their nature, there will be more experimental allocations than final ones. ECH has gone through so many now. Indeed, while ECH hasn't been constraining itself to a range, it and a few other drafts have had a habit of only picking from the upper 256 unused code points. Yet, by doing that, one of ECH's experimental code points collided with one of Delegated Credentials' experimental code points. Thankfully, I don't believe that version of DC was ever shipped large-scale. The concern that people will special-case the range is also very real, and would invalidate anything we learn from experiments using that range. We're already seeing folks special-case GREASE code points. (In hindsight, I think GREASE should not have been reflected in the table proper.) One of TLS stacks which inspired GREASE managed to, over the course of fixing its various bugs, even treat "Unassigned" and "Reserved for Private Use" differently and briefly only allow unknown Private Use values! It is true that the TLS space is a little tighter than QUIC, but I think the same lessons apply. On Thu, Aug 19, 2021 at 10:18 AM Martin Thomson <mt@lowentropy.net> wrote: > On Thu, Aug 19, 2021, at 23:14, Salz, Rich wrote: > > I understand this concern. I am sympathetic to it. But perhaps > > large-scale experiments on the whole Internet aren't the scope here? > > Those kinds of things seem to ask for an early allocation. I am > > thinking, in particular, of some GOST/TLS identifiers that weren't > > quite right. > > Nothing wrong with due diligence before allocation, or even a little > reticence. But I'm also concerned about people putting these ranges in > their code and doing something special with them. Like "this is > experimental, so we will ignore these always" or similarly silly things. > You don't need to have a reserved space to say that a particular codepoint > is temporary. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] RFC8447bis Christopher Wood
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Eric Rescorla
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Salz, Rich
- Re: [TLS] RFC8447bis Sean Turner
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Salz, Rich
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis David Benjamin
- Re: [TLS] RFC8447bis John Mattsson
- Re: [TLS] RFC8447bis Eric Rescorla