IETF Logo Mail Archive

Re: [TLS] Adoption call for TLS Flag - Request mTLS

Eric Rescorla <ekr@rtfm.com> Wed, 03 April 2024 15:28 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83908C14F5F9 for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 08:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53eQqzANVTXP for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 08:28:47 -0700 (PDT)
Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23E6C14F60A for <tls@ietf.org>; Wed, 3 Apr 2024 08:28:47 -0700 (PDT)
Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-6150670d372so25126777b3.1 for <tls@ietf.org>; Wed, 03 Apr 2024 08:28:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1712158126; x=1712762926; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3K1XQArmEUof+usp0PESeJFUAtnfaj4xYpHiOVPIDTw=; b=JM1TcooL3qJs6ylCKyjcvwvqjvTcTfq9ge1+wabs0+zvDCBy4ZTGxaUviQ8zIRd9ZU Uq72rGq7JwLjWAdrwvhTQPuCeaNeBQL1xS42rjbPVm+tr4efxuYX1cigQCASgrh/ZVBB wa+YoI1AuP3sXxUJqmwpvMbQNc8DPInyDx0xiqfTsFDsGbOkOHOC4flB4/4o9Z0OJJ8V yt3A+XZ8Z8Z+21bhFv7x6Dyq4efXCtFsRfqhTU43f6Kzz72IfnI3k5Qrm6JxZz2uWiuG uDtKgED0HOD0Wz9c0RSEwLq4hn/Hj+Dew+F6j/3BbMabHS2aXCzlS7/Uqi/WhgN0B8fb usSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712158126; x=1712762926; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3K1XQArmEUof+usp0PESeJFUAtnfaj4xYpHiOVPIDTw=; b=O2mObGM/lkchKMHc1ut9HqazFUmY5BIPeOWcwFdg1KnRzUfUqJO1/Rb6ynkFN5jkEF wzEvP7OCAPxd7rafKhbLP/4/rwgaR81gyKJGZsqEAZd2DXjkuQnvS3P58Bdbr6IPUJqZ LZRoxCLQHaH1Kfw/2h6wAViBOM+Vvf7HFy5OnQLo/rq+iJ15YKivYwGLQpoiQeXoDaaR mcwNlPDw8YHsu9ZxIiPplh/NY32D/gSwoqFC9V/5j0GtDWgB/9LviqAP8LNxhP61aMnd cDGuOFtym+lvuhA36JIM75Wk9l9yV1UnQLbmxhC37HjLuHOrXpOgFYLPp2gE9EP7+G/R P9Ug==
X-Forwarded-Encrypted: i=1; AJvYcCXn5mJsdIaGQMJ06Q8k+rhe8NA5RgV5CfbO8GZvp79G9r6F9p8KgzaCJEkBn9pUZssQmuaMIZY9g/mqLKc=
X-Gm-Message-State: AOJu0Yy7zZhqw3pRGK1Et0ePmPVHo17pQWS9n/Ab8ZG1JLujpP00L/oZ 7GgdxhXdZ7buaP1hMXWj6Aih8FOowVcnAmI3aT1te/7GmZWpqwdFdZqG7AjKmL3rmcVc4lE884p 4Hb7M7c74quOm7kkhX5QiJtPsgNOBjuoo0J6SAZZQuuQJWDgN
X-Google-Smtp-Source: AGHT+IF52yc1UGyDQf7zRdbZFeBB7ktoutkq6oOH16307KdSkS4vkWZiynP6FX8rq4eDR0TWjMDAEo0C0gkjzW2DCeg=
X-Received: by 2002:a0d:e346:0:b0:609:ff6d:cb87 with SMTP id m67-20020a0de346000000b00609ff6dcb87mr13533097ywe.50.1712158126351; Wed, 03 Apr 2024 08:28:46 -0700 (PDT)
MIME-Version: 1.0
References: <8957179A-14D2-4947-B196-B68988B0E3CA@sn3rd.com> <CAG2Zi20wUSFMFUiySQMoM08hpvLY3eLe_F8sWDG+F7T7=E0SOw@mail.gmail.com> <CABcZeBPgmrDo37sRpRos6pFkeoG6QjMGeLhYkpXCHsEw7GCtYQ@mail.gmail.com> <CACsn0cmP9_2zufm0dmgkQJkpwn=b7Y2cZ13N_zDfhggLYunMRQ@mail.gmail.com>
In-Reply-To: <CACsn0cmP9_2zufm0dmgkQJkpwn=b7Y2cZ13N_zDfhggLYunMRQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 03 Apr 2024 08:28:10 -0700
Message-ID: <CABcZeBOJzEWtES9FYp2gvQriK_gsWWE8qrv9xKQZE0aGH+stEg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ebc841061532e094"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4HntWRBnyfy7GH997hQZkI52CI4>
Subject: Re: [TLS] Adoption call for TLS Flag - Request mTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 15:28:49 -0000

On Tue, Apr 2, 2024 at 10:36 PM Watson Ladd <watsonbladd@gmail.com> wrote:

>
> On Tue, Apr 2, 2024, 5:08 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>> Adoption should not be required to register a code point [0], as the
>> policy is Specification Required.
>>
>> I'm mildly negative on adopting this document. What is the reason we need
>> to spend WG time on this, rather than just having a code point assignment?
>>
>
> Well, don't we want to say how this is supposed to work somewhere?
>

Why? The attitude I am trying to get away from is that the TLS WG has to
be involved in every extension to TLS. Rather, we should decide what things
are important and spend time on them and then let others extend TLS
independently
in areas we don't think are important.

-Ekr


> I doubt this will take much time.
>
>>
>> -Ekr
>>
>> [0] As an aside the IANA considerations of draft-ietf-tls-tlsflags-13
>> should clearly have
>> a policy which matches 8447 S 7, which is to say that an I-D is
>> sufficient.
>>
>>
>> On Tue, Apr 2, 2024 at 12:59 PM Christopher Patton <cpatton=
>> 40cloudflare.com@dmarc.ietf.org> wrote:
>>
>>> I'd like to see this problem solved. There was some discussion about
>>> whether an I-D is needed or all we needed was to register a code point
>>> somewhere. If most agree that an I-D is needed, then let's adopt it. I'm
>>> happy to review.
>>>
>>> Chris P.
>>>
>>> On Tue, Apr 2, 2024 at 12:22 PM Sean Turner <sean@sn3rd.com> wrote:
>>>
>>>> At the IETF 119 TLS session there was some interest in the mTLS Flag
>>>> I-D (https://datatracker.ietf.org/doc/draft-jhoyla-req-mtls-flag/);
>>>> also, see previous list discussions at [0]. This message is to judge
>>>> consensus on whether there is sufficient support to adopt this I-D.  If you
>>>> support adoption and are willing to review and contribute text, please send
>>>> a message to the list.  If you do not support adoption of this I-D, please
>>>> send a message to the list and indicate why.  This call will close on 16
>>>> April 2024.
>>>>
>>>> Thanks,
>>>> Deirdre, Joe, and Sean
>>>>
>>>> [0]
>>>> https://mailarchive.ietf.org/arch/msg/tls/9e2S95H9YgtHp5HhqdlNqmQP0_w/
>>>> _______________________________________________
>>>> TLS mailing list
>>>> TLS@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/tls
>>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>

v2.23.0 | Report a Bug | By Email