Re: [TLS] TLS Flags extension - not sure it makes sense

Adam Langley <agl@imperialviolet.org> Wed, 24 July 2019 01:18 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA43E1209B9 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 18:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Level:
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.091, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbNJ_Z-5anwG for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 18:18:13 -0700 (PDT)
Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B168112034B for <tls@ietf.org>; Tue, 23 Jul 2019 18:18:13 -0700 (PDT)
Received: by mail-qk1-f170.google.com with SMTP id r6so32638911qkc.0 for <tls@ietf.org>; Tue, 23 Jul 2019 18:18:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NnMSAR5bFSCmr7aSovBWykCMJS/76G9LyfftZHwGuYw=; b=c0CshmxCn+1g2usPMvXPBM5PflkCoDC2PgTtkK7AFwIhRC6cH/t99CtvASeDafpOo+ 1M1KXqDmXHgQ0JouEbOUiWyKw0Nf8MWNivXyibClBAbCQ4zWHHeMQsoQToo0KadxV+RW 62yCmXScMujulO241/XNWBOd2HYTH22tHjgx1eu2IbEfRtdlbYgqclLZP5k/wYPorQFM 7XLEUjjGd51SUHui+wMANQmX9/2Ku8FofC+puB7XpokR3cK5iWV95rP2CKW+a7cRc86V wqoFMvIUH5o1kdElTdlYKYPRaYb2y/OAqB82nMOuGeqbO8zeBO1pvs6fxUeRDgNlgDl9 knBQ==
X-Gm-Message-State: APjAAAUZjhWaCZslCnr72Ct8/dhEgoWTY/ceKEYvC3iPbxWmulMbOhx3 fL0pHCPtNwiAnlzTIbRdM4E1ZLVqo4E/zfdv5GutAMS1djw=
X-Google-Smtp-Source: APXvYqxClhmGiKOXoXtM+9XXP87r7Hl0fn/rT2v7TmRalVc1+7IP3Fxmzn5uvTyZRULtOq7FMq1eQ1708IV8Bz5HY/o=
X-Received: by 2002:a37:a7d2:: with SMTP id q201mr51438210qke.150.1563931092609; Tue, 23 Jul 2019 18:18:12 -0700 (PDT)
MIME-Version: 1.0
References: <9257D2C3-05A2-498C-AA2A-04F5EA793ACC@cert.org>
In-Reply-To: <9257D2C3-05A2-498C-AA2A-04F5EA793ACC@cert.org>
From: Adam Langley <agl@imperialviolet.org>
Date: Tue, 23 Jul 2019 18:18:00 -0700
Message-ID: <CAMfhd9VQqpbXJFn-RQJzHQN69s0vKu__=201pOHxjfjTyn-ruw@mail.gmail.com>
To: Chris Inacio <inacio@cert.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3XVtqiUZo27AF4ShC5eFWo-cH9Y>
Subject: Re: [TLS] TLS Flags extension - not sure it makes sense
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 01:18:15 -0000

On Tue, Jul 23, 2019 at 3:09 PM Chris Inacio <inacio@cert.org> wrote:
> I really want the savings on the wire that TLS flags extension provides – and so I think it’s really good for the future cTLS but I’m not sure when I get to use it in TLS 1.3 negotiation.  It goes in the clientHello message, but how will I know that the server uses this extension?  I envision a future where we will add the flags extension along with the more expensive 4-bytes version for a REALLY long time.

The expectation is that applicable future extensions will be defined
as flags. Therefore, if the server supports the extension that you're
interested in then it'll also have to support the flags extension. If
it doesn't, then the extension will be ignored as normal.


Cheers

AGL