IETF Logo Mail Archive

Re: [TLS] Fwd: Last Call: <draft-ietf-kitten-tls-channel-bindings-for-tls13-09.txt> (Channel Bindings for TLS 1.3) to Proposed Standard

Sam Whited <sam@samwhited.com> Sat, 02 October 2021 03:03 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CD603A012A for <tls@ietfa.amsl.com>; Fri, 1 Oct 2021 20:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=lNFUKnpe; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dsLYa8T5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQZe1auAYCfk for <tls@ietfa.amsl.com>; Fri, 1 Oct 2021 20:03:34 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 514003A00E5 for <tls@ietf.org>; Fri, 1 Oct 2021 20:03:34 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 8C3225C00B6 for <tls@ietf.org>; Fri, 1 Oct 2021 23:03:30 -0400 (EDT)
Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Fri, 01 Oct 2021 23:03:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=51oye v+G+kfjPiGPjDXfAQG1uo4dQ0rKrnJKsuvhX28=; b=lNFUKnpe3JeixR+drpGPl /JdHBLolO6H245FomxRnO0WPCoLJhyR6Nsz+Nek/hvHnxUiSzGB+UlnCe7BQhGbV u1+oxrCJAwD8+/VHNcjaa/kacpae/vfLehKBJDMS2U0+UkHHxO2BgfIJ70QX8CFM s77+ocgSgcnlpn6Fxsda1oFIr8Rc7MjJfMUnRGA7iF7ikQUyCdRVeBX/w1THlRhP 5Y9yTh4pliocrriGKyeY1MYCqOiMIR2/FOG5kqCQmRs3IxZ0+XDswL+qh/CXU0Zg sRyxeNKG09L62j4rqMEkwN7WWZJnubqf9zuzg4ndlBogpwb9ivD+J43tDPidJby1 Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=51oyev+G+kfjPiGPjDXfAQG1uo4dQ0rKrnJKsuvhX 28=; b=dsLYa8T5w2kdbxdEh8SwGeP13gZXmP2Vhgl2Nows7cDEdnMI+D3y9zdgn 3iPFIFl57T2yK1SxReipKXYFGf9OsCWdzbwvee+RnPHVfmfLVE33B/xc005XMFEZ p7DHdPIX6Xc88mpr7hg8ZwZSBQ4htEx6vziGeXI+Dmmi4uWRVbkieiyLM7S6OaYC JxGd3sMgtCeVd9oqMVjgf9chUK/T1rWYsaBSG0fq66DTiP8HplTkN33U8SBItRbV b0WwtHMey08ZuM+0kULL49FCi9Lr7sUNS90SgKhShIpISLUeqdPeqW3SM6kezWi0 Z1DoAK95sTrWZpo6iZROKpx0zkdtA==
X-ME-Sender: <xms:AsxXYT01i08Lxbr3Udz-9qO_3NOx6W4Xq2MlvCeJbD0QTfKUgBc-BA> <xme:AsxXYSGVTDLECmoOj0HEGqvoTidMhrP3OuNHVeDwZws2G-FPdkxEt9DLLC1ct0v2w f1WLPRzF154OJnYNQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudekjedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdfurghmucghhhhithgvugdfuceoshgrmhesshgrmhif hhhithgvugdrtghomheqnecuggftrfgrthhtvghrnhepvdffuedvudfhfedvieehueekff fhkeejvefggfegtdelhffhhfeiveekudevhfejnecuvehluhhsthgvrhfuihiivgeptden ucfrrghrrghmpehmrghilhhfrhhomhepshgrmhesshgrmhifhhhithgvugdrtghomh
X-ME-Proxy: <xmx:AsxXYT59Y0jbYSghcKq0Z3yRx7pal1l_QtCaGFBE20qCf8Por9YMAw> <xmx:AsxXYY1z7bIVFtkz4AdY9pw_pRL7VZ7c6f-8t-tbVsQTf-f6Vgk6fg> <xmx:AsxXYWGlKo16aN8E6Af9NNWDQDoJDfBT2egrMM2NCRhK8MZlW94g8w> <xmx:AsxXYaQqJNheKv1eMnrqSkedxcW9Wo3tjqX8jHJQPUCeOzf5dtXnag>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1193D2180075; Fri, 1 Oct 2021 23:03:30 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1322-g921842b88a-fm-20210929.001-g921842b8
Mime-Version: 1.0
Message-Id: <92ed26c1-bfde-43c1-93f4-2bbdbd4f6ec1@www.fastmail.com>
In-Reply-To: <CABcZeBPQG82xJdwMrmj4-=9aJymo1xts=D6VZedBW5X9k+34cQ@mail.gmail.com>
References: <163311243544.13917.11736165165419008870@ietfa.amsl.com> <20211001190002.GC98042@kduck.mit.edu> <CABcZeBPQG82xJdwMrmj4-=9aJymo1xts=D6VZedBW5X9k+34cQ@mail.gmail.com>
Date: Fri, 01 Oct 2021 23:02:43 -0400
From: Sam Whited <sam@samwhited.com>
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5b0y-qKNKFq45zZwWZJk_JMGp8c>
Subject: Re: [TLS] Fwd: Last Call: <draft-ietf-kitten-tls-channel-bindings-for-tls13-09.txt> (Channel Bindings for TLS 1.3) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Oct 2021 03:03:40 -0000

I have to respectfully disagree with this.

Anecdotally, RFCs are hard to discover. Having them linked from a
logical place in other RFCs is one way that discovery happens, and if
you're looking for how to do channel bindings with TLS the first place
you're going to look is the TLS RFC (and its list of updates).

Secondly, this is an update, not a retconn. It in no way implies that
TLS 1.3 always said this, or that the TLS 1.3 authors were involved in
the channel bindings spec. TLS 1.3 does an analysis of its own keying
material exporters and we rely on this and present a standard name for
one scenario where it may be used, this does not involve new technology
or even a novel use of EKM.

—Sam


On Fri, Oct 1, 2021, at 18:49, Eric Rescorla wrote:
> I don't believe that this document should update 8446. As noted in S
> 1, we didn't define these bindings because we didn't have complete
> analysis. This document doesn't seem to either contain or reference
> such analysis and until we have that, I think RFC 8446 shouldn't be
> retconned into endorsing this construction.
>
> -Ekr

v2.23.0 | Report a Bug | By Email