Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Viktor Dukhovni <> Thu, 19 April 2018 03:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B12DD120713 for <>; Wed, 18 Apr 2018 20:34:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T1ERhIVJKTAn for <>; Wed, 18 Apr 2018 20:34:18 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D6E5B127369 for <>; Wed, 18 Apr 2018 20:34:17 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 068EA7A3309 for <>; Thu, 19 Apr 2018 03:34:17 +0000 (UTC) (envelope-from
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Viktor Dukhovni <>
In-Reply-To: <>
Date: Wed, 18 Apr 2018 23:34:14 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <>
Message-Id: <>
References: <> <> <> <> <> <> <> <> <20180418210615.GF25259@localhost> <>
To: TLS WG <>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Apr 2018 03:34:20 -0000

> On Apr 18, 2018, at 11:25 PM, Peter Gutmann <> wrote:
>> That's just silly.  Really, 7.5 years (relative, not absolute) measured in
>> hours is plenty good enough, and more than outlives current device
>> obsolescence.  This isn't subject to Moore's law or anything like it.
> I don't know what devices you work with, but for the ones where my code is
> used ten years is the baseline life expectancy, going out to 15-20 years for
> longer-life ones (I still have to deal with SSH bugs from the late 1990s,
> because the lifetime of the equipment that's used in is 20 years and counting.
> I think I've finally managed to get away from having to do SSLv3 within the
> last year or two).
> OTOH I doubt any of these devices will do pinning, they just bake in the certs
> at manufacture/provisioning, so I'm fine with any kind of lifetime.  Just
> wanted to point out, yet again, that the entire world doesn't live in a "we
> can patch the entire deployed base in 24 hours" situation.

Indeed, but if pinning were desired, all the device would have to do is call the mother ship at least twice per decade, it can then work for multiple decades.

I agree for many devices that don't wander the web in search of the latest cute kitten photos, and just "call home", a single fixed cert is a more plausible security model than either WebPKI or DANE.