Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt
John Mattsson <john.mattsson@ericsson.com> Thu, 24 November 2022 11:04 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DC6BC1522BD for <tls@ietfa.amsl.com>; Thu, 24 Nov 2022 03:04:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZSDPWOj9pKu for <tls@ietfa.amsl.com>; Thu, 24 Nov 2022 03:04:15 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2062d.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C0BC1522C1 for <tls@ietf.org>; Thu, 24 Nov 2022 03:04:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Umzkr6s7PW8ME1X+9frSCyVMmqMBmEfW7MxlzO8WfEJm7uMuEY5GPt4+YdVbrhg+Sh3v07CDkH8BTU4OSKzSsXGZ3C3oFePKfetOoM+f76N+LlbuZAfyGzqVc5REMfWjG3N0XAbC+xBqXTmrWradGHnPpEBMtKSp+zWdxEGIrcvMBl2wYZ2zwA1CgxLNzYcqq51qxNFZJX5+ZoH5/QLYSb2dTz6H7YZidSwNOS+CNPUXSjDrc98LsqlooZRR9LY1M3HRTahAh9agkDMShD1bYl/jhpMIm6EI1eEckqDZQZxFXW/zC5Cx6239twY2DDnfB/A6O/iEhggL4K/4zSG2Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eRyHCDm8dOiCarZkuTwZNZLTcAXGS2ZBjuYs7005uI4=; b=D4lpPrxcHYXk9rytfSGDjYuKeiwFaLfTTORg1WycArSKy3G0mQ52BsfzqE+JJ40iBQkKkc2cm+Dsb4a7ygSsDPLxEJaVUIl1t+9Tp9zo7dz9ZhzVjr6oo+yIDCWLFMpEXbHqMN5S78quqjTs8X6zE/l9SYOu7J2opjsCFAYnrrsNlzdEF1DCHOhZMXT2o7YRR/p2thcG/ta9eLtRaBMd7ePwwQiAhfGK/O6ioweFR2/BLlaKYcq2bkLqkwHVjpgcImStO8J20lXMpIoM0Es6tLfYVmgMcte6OEN90hUWock8rGLl3103ehdfuaapqpwfSanu/wvzZr8VvLG470LKCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eRyHCDm8dOiCarZkuTwZNZLTcAXGS2ZBjuYs7005uI4=; b=nnX5qTkKVfgs4XGgSdKxPNBQ4nO4JKEadiOp7hiQPnnjR3rQ6QKoAe+3Nb8K4ya3fTGhz/Istblo1U8q8RlFB8Oh8aqzKL2INjWTrpI2T/WM7VaCUROqjDxcEhzQpdeQGXFtiQM2tWBGZSNU7AEIBBW7ItzYK0TEWaDQhnutAT0=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by DBAPR07MB7015.eurprd07.prod.outlook.com (2603:10a6:10:196::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5813.18; Thu, 24 Nov 2022 11:04:11 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::99e7:5b55:a0ca:8a73]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::99e7:5b55:a0ca:8a73%6]) with mapi id 15.20.5857.017; Thu, 24 Nov 2022 11:04:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
CC: "Bytheway, Cameron" <bythewc@amazon.com>
Thread-Topic: New Version Notification for draft-kampanakis-tls-scas-latest-01.txt
Thread-Index: AQHYL91Y3Dyq5GBwHkGGWVsrgEM6rqyvWw8wgaApFZE=
Date: Thu, 24 Nov 2022 11:04:11 +0000
Message-ID: <HE1PR0701MB3050AD816C2DBCD38B71E860890F9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <164640802761.28333.14157326202570736962@ietfa.amsl.com> <86b00127b642402d93f92b3f0164ae77@EX13D01ANC003.ant.amazon.com>
In-Reply-To: <86b00127b642402d93f92b3f0164ae77@EX13D01ANC003.ant.amazon.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|DBAPR07MB7015:EE_
x-ms-office365-filtering-correlation-id: b7dfb6cf-6204-4841-8379-08dace0b9dde
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yoNmiVe1ZcSHcM6CWiIeD4SBx4IalEPSVcREVU/NU+3KaZfnEX/z2tjy7JVRz3+rMVpKMEwAw08W4dthLNrA1xMFf8Q+PgVHoFIox+BkcKVBi8N4US94TGTkJ+IVgNPJQM1foypcbwBu5Ve+gUbSk0+sFPLX1EXEDIahx4ikrWcKxtnDa/AHDRVjawRZ/IdLu0nehcm21yqig1DK4rsKm0N+/6eOUj8XwyOhyyyDyJn91VmlntQq/onMiXtmmAWrSLyqIVA1tV1LzvPeZO9Meo7WoYuM5jFxmA68FSv+xOLzkiO5MDw/ECaljDY031WsKxW8PO6z7A9WEQ97/CbQkWvHqsktqYVhyFM3exUPoSa2HXMlXXfyAg1NYAbke+f6VRKBVZ/uQU2++NxGVmcQuHHR1kb1y9E6IHtPEl1NJOlmWFIYdMVAFN8D5LNJZOxGJZEFwoy2GdPyfSsov0Wq3s5pA9oqBU36ptdqcQEkdX0j5NXHUT2V13g/aZwvb3cpxW6qq3wkQYM65oHyXo4/Cec+4i+QCxaEREUKnCGimT/xRJdetZdTLpVg3L5+GaE+9llcpg9rqFq0mEycrT5gt8a4Hnba9rIJmYhT3Ycl0K5cYiWUqPoYjtjTVxSo4WAfCr28t3MhS1rdeML/zAeZEGruO94Rt86f8Yoe6K1TscPhxEcdWP+Cm876x1lbsvMHDQKmXBD7Ph+9mJUBpdJDAin32CKYUbzKA/GwJb9+JyJG5eXx37Foo/oeuP/sVNeBo8oeH4pO+RJ2PanF//8lzQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(366004)(396003)(136003)(39860400002)(376002)(451199015)(166002)(53546011)(38070700005)(82960400001)(5660300002)(91956017)(38100700002)(122000001)(33656002)(83380400001)(110136005)(66574015)(44832011)(15650500001)(26005)(966005)(86362001)(6506007)(9686003)(478600001)(186003)(66446008)(55016003)(8676002)(8936002)(316002)(66556008)(66946007)(7696005)(52536014)(66476007)(2906002)(71200400001)(41300700001)(64756008)(4326008)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: I+KAn6szqg1vUBQJFpn4LQ5+y+PH1fbYmKNOghly6iIU7Se62wmScvOOjEZxASBijn0Gd6JHnYaIwyDprq/PRz1HSjuRoKg0dH5p4MtgoCx6m/DB1w1VakFcatLiiFLioZjhQlDuHzhCQy4FB4VO/mKU03jBgK+bEkavpVW6rsLcAv6KYcFRrmfOzdhF62MeZCa6Ck6VPEvMyY7hWmrd+O9aI1I5KweNi/2KY2K41NXQlo1vHyIdiFwIbvfXxBanolODHimdECY0qKIILOVuQwcCoLJ0LS1L78cszEBDcvHOJXbHAILC1+AK85mTHUI6iRT84tnX1WA7JUvHWdq65xu5tzuVrJtyuWRRJKwO6v1o8XvQhFKMQjEhQDjXNrtv897Z4CDjl0rXSrWw+8rgV73SW6e/dlmPuW1RSHsHKMawFuCRHYygMROvSkOYxUQSovEk6oRa3m/r01g6QnRG/0C5fCeZyH0QJubNoV7zQsGU+b2hsBxymL/oODaY81FhfmwJdsv++2E5eN8wz0bfhffip+m35ocHKx1JUg+hCk1BDCRFUU998s8BbiVjKCOrmgw4srj6XU6DRxfUbex6ceflnkTrhVpvBrf+70nz7jdi0itKf2GK3hYochdj5aWZo9++Z0VkSLfTxDxZD8HcN5lar9lgrS2ixiZ/HnN1tM+PR9dclFRumUytC97NE1czPOIKxIovSjBpp5v9niYJ16DHutuv4Ui+qNen1EZAQZy/9N5OIrZM9zVrzbT/SdiMbfjs/dktr2mr4iy6nkQqWTZXhaTBjhjwo2/HbIAOsyTTMomAsGPVrCRCIKZKNXrVnkdfHKl+3vf/E4i0gtqbDeIujAv/8b0eizqSc9yV3/ryNn9d0bdxWQpEG6cBWCkoVGsjzv0fyjtgOIGjfW76jPerxvBFpj/CBBwWKvunlo3Ce/Dju0OjTtD8+bM8WWmurpP7arJURhRYa91jy9YaU+ZOGDzgm36kgpFyhqtwAOmtWiku458MOpsp0WPPyaADyGQS8Cd5WVZwPBEpShvm1wL03HxTvt8yHkTbX6gdW3ThQ+OCkLGZLiAfwgOQNSxDAxVGVI5YrmyBTBqlzH1pt8AyVzmonGTaGlFDbqOqeQd+hZDp/HNOffLt/AiHxHy8W+x0+eQnSjx8HZU7tZMznVF0Qj4JKpFBBC58rWA7EiIXpgAo+udDRb6FuS7AbWPVSnVq2WtHnLXwL0megElGoQMWDg5O9YspoLBdyLjr3R+QoSpVPeY5wHHCSr0yTZ8r0tZsR0UrurgLRWD7P0od6Di4uZTFtX5unaptKpnC6ftAyjTbsY6VR1tHGRP8xHGkUGjcEn1UbPaKNW2qsf9MUuYyFTpByqFlnSbISWVb2Wf2UCpoxL2i8tr4sRJ8gSeIRXcUNllg5srR2Ednqudqds229dix2wi9TUeh1+aP5fPazLdljRmbSczNnCCCembJ5JZxjf6qAl5SjZ5kJubucEcQf2Q8JRdXCDp8S7GjPQtBkDq+Fd9FoeXV75PgXdmE9Hh0II+ihjXL5iCjqS2Z9Q5FQHz5WFKvoD3qL/6LAkRTleS4SYzNLH+kVcKjYjLONDJWYZbi8aF6NUGfajhv35zhQD8XN7Fxqa07/fHxmdQ=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050AD816C2DBCD38B71E860890F9HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b7dfb6cf-6204-4841-8379-08dace0b9dde
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2022 11:04:11.4757 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G6qw4FsL6sJCLNnvB4p2mKTqVu+9zL3mIb3JXWBHG6ha49N8Ru9xzM7UM7aB6fQBK2m0qORDWjhfqkpnNHWDvk1Xzp5o0cgn/TMgYZv/KcA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB7015
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4Jj2wg-4dwkELC4EuMcAg22tpSk>
Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 11:04:20 -0000
Hi, I think this is great work and something the TLS WG should adopt and work on. Reducing the total number of bytes is very important not only in constrained IoT, but also in TLS based EAP methods, and in applications where handshake time to completion is important. I quicky read the -02 draft. It seems to be in a good shape. Some comments: - I think it would be good if the draft described how it works with draft-ietf-tls-subcerts. While the latest version of draft-ietf-tls-subcerts talks about “delegated credential” and not certifcates, they are commonly refered to as subcerts. - I think draft-kampanakis-tls-scas-latest could considered allowing suppressing also the end-entity certificate for use cases when draft-ietf-tls-subcerts is used. Cheers, John From: TLS <tls-bounces@ietf.org> on behalf of Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> Date: Friday, 4 March 2022 at 16:42 To: tls@ietf.org <tls@ietf.org> Cc: Bytheway, Cameron <bythewc@amazon.com> Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt Hi all, The updated -01 version fixes a couple of nits identified by Ilari, removes the needs for two different tlsflags, one each direction, and does not require an acknowledgement of the ICA suppression tlsflag based on discussions about the tlsflags draft https://mailarchive.ietf.org/arch/msg/tls/SIvCO_ZFmNfTEeyiuZOcdBzTdAo/ There are more issues we are tracking based on discussions in this list https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-24c7ac234ac8e19f&q=1&e=76ac0dba-b0c6-4ac8-9538-5faabd060cb2&u=https%3A%2F%2Fgithub.com%2Fcsosto-pk%2Ftls-suppress-intermediates%2Fissues -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Friday, March 4, 2022 10:34 AM To: Bas Westerbaan <bas@cloudflare.com>; Bytheway, Cameron <bythewc@amazon.com>; Martin Thomson <mt@lowentropy.net>; Kampanakis, Panos <kpanos@amazon.com> Subject: [EXTERNAL] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. A new version of I-D, draft-kampanakis-tls-scas-latest-01.txt has been successfully submitted by Panos Kampanakis and posted to the IETF repository. Name: draft-kampanakis-tls-scas-latest Revision: 01 Title: Suppressing CA Certificates in TLS 1.3 Document date: 2022-03-04 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/archive/id/draft-kampanakis-tls-scas-latest-01.txt Status: https://datatracker.ietf.org/doc/draft-kampanakis-tls-scas-latest/ Htmlized: https://datatracker.ietf.org/doc/html/draft-kampanakis-tls-scas-latest Diff: https://www.ietf.org/rfcdiff?url2=draft-kampanakis-tls-scas-latest-01 Abstract: A TLS client or server that has access to the complete set of published intermediate certificates can inform its peer to avoid sending certificate authority certificates, thus reducing the size of the TLS handshake. The IETF Secretariat _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] New Version Notification for draft-kamp… Kampanakis, Panos
- Re: [TLS] New Version Notification for draft-kamp… John Mattsson
- Re: [TLS] [UNVERIFIED SENDER] Re: New Version Not… Kampanakis, Panos