Re: [TLS] PR#28: Converting cTLS to QUIC-style varints

Michael D'Errico <mike-list@pobox.com> Sat, 10 October 2020 18:41 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F513A167C for <tls@ietfa.amsl.com>; Sat, 10 Oct 2020 11:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pobox.com header.b=JUvd7XwR; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HVeeNQfx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOljfl4S_gMI for <tls@ietfa.amsl.com>; Sat, 10 Oct 2020 11:41:50 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4965D3A0D84 for <tls@ietf.org>; Sat, 10 Oct 2020 11:41:50 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id F3CD6F92; Sat, 10 Oct 2020 14:41:48 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute4.internal (MEProxy); Sat, 10 Oct 2020 14:41:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=nGHH9i0mL/cxFIg6MUtmov0G0O+kDsm sQXlYfnEliLU=; b=JUvd7XwRDQaU5jhtA9FmOemGHHpw8sn0qvCklQwixFLTH/2 Ujp+5/3B2U5lqsBsmVhGPTL/p3UcNaDsYvloneX481k68CEt4yXrfSRW4oBNEW4r f6TQHcYNLRLbP32R3nEcdpEwoyZEIr3y+9J6+f+elMxSHTgbByyprPgjUysau/En 0Gs/3aEg5qzL41JVy6Ez6HlTBDS7Fa8ekbND8B2M/H23/GSkpJe+dpsG0bV4s9EK a5+5ire/u8eowqymqlYVmGJ2VEiK1TUwj/qLtOMj3cCwsLx/B24I0jZKprOg0LfY i1TU1haIJdy5Ed1CsuTDxbY46V6swZmQ6cIxhHw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=nGHH9i 0mL/cxFIg6MUtmov0G0O+kDsmsQXlYfnEliLU=; b=HVeeNQfx4tX9jQJcNB/pmz V8zlKiqE7rNfKn5LsmX78i+loGJpAQibn4gqfuOcxDNis4kAkpbsgbw0dbP+2N7X slNeXzYFUPCtaUGfQgsC1ciXEVnzj5f1L55dnsOnZY1f6xATZX6aO2jkYhTBvQdG CQGXhc95xHpS8mo0BcOgZ2doAFAPwyM08j2UUNQ9LAWby6VO7I8BmEmlxo1m0xt5 MuaKRl7wl3jRvNS7MxiZOKCart8XFwS9U/+qWbieS+3/BREpPIa8sLwOXvzU+cb7 7GbE/KLAqMUfNf52wD8oRQb1rAQtiW3AFCCtnZDq7k6WacgyH4La5b5lNL8TSuMw ==
X-ME-Sender: <xms:bACCX9HQzDtAU3_7S0KVx9OVssxoqVPytITK4eLqVmVK2uelxtO3gg> <xme:bACCXyXLcoCAJsmyxxHfRHs7wih9IdSVF_DNk4OqraF1m45X0gOomPTT7Z-aSelal a0_7A0v_0pcA8x-nw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrheefgdduvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdfoihgt hhgrvghlucffkdfgrhhrihgtohdfuceomhhikhgvqdhlihhsthesphhosghogidrtghomh eqnecuggftrfgrthhtvghrnhepveduveeuhefhveekveduhfeugefgiedvhfdtkeehueeh hfeiueevgfejffegtdeunecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmihhkvgdqlhhishhtsehp ohgsohigrdgtohhm
X-ME-Proxy: <xmx:bACCX_IU4Can0q_vi-YscZ_UmyT2qoldWp54ksF9qKM0aAQT1r6ypA> <xmx:bACCXzHDNVD5UJvffHSLEFBafFWwIi_thRG3_mqOD3-CR7wU0topug> <xmx:bACCXzXmsR9Lf4fjwpIPMUs925BrrTh_Q-wLFZ0BFvlbsgRyvrq2NA> <xmx:bACCX6BdFaKdaMQM4dtDZbLMoTAAvxadyeb0j3j2y7jBJsI3Zh-Vrg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A8870660069; Sat, 10 Oct 2020 14:41:39 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-407-g461656c-fm-20201004.001-g461656c6
Mime-Version: 1.0
Message-Id: <a6017c25-c5b6-4a4b-90ae-c1e6876743d9@www.fastmail.com>
In-Reply-To: <CACdeXi+wA1FeUAsrZUFN9cOG6ZA7M5Cb4c-hgV_9Kh4haFfb7Q@mail.gmail.com>
References: <CABcZeBPNFhGoLhgqeR9ObwyU68BYq=hXG1PhXcqNsNDNFGGyaw@mail.gmail.com> <CAOYVs2rEDtgJFVpiQkcaaYG2LAyW1hB5Cou4kUoG2_dkxMFTww@mail.gmail.com> <CABcZeBP3BUDEeiV2T-kxYTmC841XE_BrXhPHSoRqfdH0hHd-6w@mail.gmail.com> <BBA456AB-EC42-47DD-A3E3-5FC0E9E7A534@akamai.com> <53DD7D0D-D325-4246-86F2-C409875134FB@ll.mit.edu> <8e8ca76e-37ce-ce10-ae42-ea26d87c35fc@pobox.com> <9CED80DA-FAE7-4C7F-9687-3B61B63587E9@akamai.com> <a49d4b8c-cf49-51df-0c6b-332a4459f318@pobox.com> <b8f4597c-37de-0092-6179-c6bf275c20f9@huitema.net> <96616ddd-263c-badb-64ee-20c03a8c1dda@pobox.com> <CACdeXi+wA1FeUAsrZUFN9cOG6ZA7M5Cb4c-hgV_9Kh4haFfb7Q@mail.gmail.com>
Date: Sat, 10 Oct 2020 14:41:11 -0400
From: Michael D'Errico <mike-list@pobox.com>
To: Nick Harper <nharper@google.com>
Cc: TLS List <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4wTf_vod4IsAkIvXn0tNMcUbBoY>
Subject: Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Oct 2020 18:41:52 -0000

> Hopefully https://tools.ietf.org/html/rfc8446#section-4.2.11.2
> makes it clear why the pre_shared_key extension must be at
> the end of the list. 

I see what was done, but it still makes me a bit
sad that whatever security property was desired
couldn't have been done differently to avoid this
requirement.  Hopefully we never discover a new
extension that should be "last" ....

Mike