Re: [TLS] Adoption call for draft-davidben-tls-batch-signing

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 21 November 2019 16:40 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B071200BA for <tls@ietfa.amsl.com>; Thu, 21 Nov 2019 08:40:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=baWBR/Q8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=z6D1dWs2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQytSSiJ4rPQ for <tls@ietfa.amsl.com>; Thu, 21 Nov 2019 08:40:44 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 082BC120125 for <tls@ietf.org>; Thu, 21 Nov 2019 08:40:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1812; q=dns/txt; s=iport; t=1574354444; x=1575564044; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=kGXMlidV8S5E5UOA8Yfyma7NuMvKKXVSmuvyw0fysNw=; b=baWBR/Q8Dll1OafNFJbdmoKLwWRhBMWH8BSf6je4hTyWYvpqcZS9P13+ jPSU1kn6hLYjTNscLgzxefGL/vNhRAkJ259fFKYH7LDeDB+24TM5vwgJ5 G/urghOFFVSCZR9vaEPxB6vxuZgohWf/2AKqSoiOpmDljwCUOybizcsDY Y=;
IronPort-PHdr: =?us-ascii?q?9a23=3A0YYwHxaHBfeaMHvV6fgfflT/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20gabRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavybCU/BM1EXXdu/mqwNg5eH8OtL1A=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BPCwCIvdZd/5pdJa1lHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgX6BSyknBWxYIAQLKgqHZgOKa06CEZgBglIDVAkBAQEMAQEYCwo?= =?us-ascii?q?CAQGEQAKCKCQ4EwIDDQEBBAEBAQIBBQRthTcMhVEBAQEBAwEBEAsdBgEBLAw?= =?us-ascii?q?LBAIBCBEEAQEfECcLHQgCBAESCBqDAYJGAy4BAgyjHwKBOIhggieCfgEBBYF?= =?us-ascii?q?IQYMLGIIXAwaBNowWGoFAP4ERRoJMPoJiAQEDAYFHCQ+DQIIsrjQKgiuHGoU?= =?us-ascii?q?miSuCPodqj3COSIg4kVQCBAIEBQIOAQEFgWkigVhwFTuCbFARFIZIgScBDII?= =?us-ascii?q?/hRSFP3SBKI1fgS8BgQ4BAQ?=
X-IronPort-AV: E=Sophos;i="5.69,226,1571702400"; d="scan'208";a="662675616"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Nov 2019 16:40:42 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id xALGeg0M009234 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 21 Nov 2019 16:40:42 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 21 Nov 2019 10:40:42 -0600
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 21 Nov 2019 10:40:41 -0600
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 21 Nov 2019 10:40:41 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RDt5CLjU5sqvp/iPlOl9bBdSsixJwdchGBW6XdOWzy17vG8aLpyo8TIGIhYc4eiB5CMmPJmBXMDqVjL4p82edUmPTirAj8HfywNX+hZGPkSnw9VLINq0uvM4bVq28Vq68Ybw/IJvEVX2JoV9PgL5EOhaOhizJ5EZoezIik3ibeJ9ExYr0wi4MWgBx/O97wImYz9hFLHPQOzJxJXgu05CCyQ+VTax4TsJWN9uuvsR3fMQqJg6AFtoa80jV1g19Di/euWtycR6McUNi0LK57oUQPHbHw33Fuqs/pIs7ztx7rZh9+VYsQ/Bp4yAbU++6WUuzwctosLRZQfIPruyhYKlUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TtJfoM3cgtF7vKaHMN+aKs5EYOhQJtXCsqbyiaBwHSc=; b=FdSay3s1r/VX9Be9oTtvAwTHElHBQi4kYjNnnmxKEASivrWngeWKVpzjgB1uqbrruwdgTX94FFIHJSdD5/Bg16hGGP45ZNGiKhwTfe4CAXLgX3PyRshuyh+gbV/gDgpZ0tmYuD6QmFE1UwKo69Z3XRfO5Rkcp2drI12ObquMuOhjXslOe05OY1wZVuouktxNp4OafDkVgPDIhPPvICzW+qFGiHqhKJUitlJepuwedfQ472JBBiSx/0WYVfKC8dKF06X5SP2HzOBbn8ZGXcesW33MMh+TEI02bxYH/t8ZrgP2AKlS/Ayk0U4gkS7DV7pVJoN//eBcFfuNkRxKab4J0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TtJfoM3cgtF7vKaHMN+aKs5EYOhQJtXCsqbyiaBwHSc=; b=z6D1dWs2lM/sTdprUtnfh4QLK+tPbYljF7yHjRWh7XASi8JmLC2Jb/MDlwHc713PoCnniPESxM9pE/QECjAsMHAf5QTBaO9t3+8QPi9BRJlFLK2utlfH9SikCvqaIGuXRJSTTJG/ct6c51qp2CDrXg2yrGl3QKDZ6f7KuLkq+Mo=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2594.namprd11.prod.outlook.com (52.135.246.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Thu, 21 Nov 2019 16:40:40 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802%6]) with mapi id 15.20.2474.019; Thu, 21 Nov 2019 16:40:40 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for draft-davidben-tls-batch-signing
Thread-Index: AQHVoDjmo2uwrcUz4kKnCRDJOcjVN6eVzxzg
Date: Thu, 21 Nov 2019 16:40:40 +0000
Message-ID: <BN7PR11MB2547C6BC5C63ADF5B36B6C42C94E0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <B6698ABE-F0F8-419B-BE3A-17200ED3B380@sn3rd.com>
In-Reply-To: <B6698ABE-F0F8-419B-BE3A-17200ED3B380@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [173.38.117.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa93b0e4-ea8c-4d1c-fe62-08d76ea18b8d
x-ms-traffictypediagnostic: BN7PR11MB2594:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BN7PR11MB259449C323092960266138CDC94E0@BN7PR11MB2594.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0228DDDDD7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(366004)(376002)(136003)(39860400002)(13464003)(189003)(199004)(8936002)(6436002)(8676002)(256004)(446003)(6306002)(14444005)(52536014)(9686003)(7696005)(26005)(2906002)(186003)(55016002)(76176011)(11346002)(5660300002)(6246003)(53546011)(6506007)(81156014)(99286004)(102836004)(305945005)(229853002)(316002)(66066001)(71190400001)(6116002)(14454004)(81166006)(76116006)(110136005)(33656002)(74316002)(66476007)(66556008)(66946007)(66446008)(64756008)(7736002)(25786009)(71200400001)(966005)(86362001)(478600001)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2594; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EZCa/KYuSF48WXmp9PADnfjakb5E7Neg8ec38RTQ9TZZXAm5u9pxb9Tra9Ik7vN48hIUTP8JH1Iyv133R+7GtYVFCdaJk7DGJqHrjKlWmEnbIIAeuNd/nCHfng5yEr1Djb0A7kaYmzZA1B3Atcc7PoQCHDFfcw4X9BBW36W0H7epY5Xr2JMzvybz38VEPd4yz38nUlj9VlykrYPXNYS25p2qnY+6qaCaVugeBtexzvK9HG2fsHeFdrh5mMSu/mxohochIrtDIayTLR2r0MGXwWmpJhRN1hDs51Mr/Ev9G659fDjR0qtJuaRA3h+vNsWYlogXDtLtrsFtCWZJM7H6sWuBpF1NNOOYFTp8v+pcyvdoIj779dxfZ0pwNukQ5MazckvbJyUR1xg3HqTiik6EUQPY9Q4yPAAG2Jpx82i8vGcdM+U+K8tSXNreABlxO6gjhIytax5ZbRe/0xTtC7FLXnSJiTiKlXcD2Ed94em/PS0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: aa93b0e4-ea8c-4d1c-fe62-08d76ea18b8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2019 16:40:40.4934 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yCxijboG1CKbXcw7bUHFTohHN7bmuVYsjXgIyfrPdHRvk4HPQUv5lFBGU6HiLiws5/SG23W2Md3ugnIoCwLFQA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2594
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5eF9MnFNhaNefJFkFSW2izhmiPU>
Subject: Re: [TLS] Adoption call for draft-davidben-tls-batch-signing
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 16:40:46 -0000

I am not in favor of adoption, but I could be convinced otherwise.

Sorry as this may have been discussed in IETF-106, but are we that worried about the CPU cost of ECDSA or EdDSA that we are willing to have the server buffer/slow down client connections, generate the Merkle tree and the batch signature? Do we really pull the private key from a hardware module or remote location with every signature instead of keeping it in volatile memory in our application?

I find it hard to buy the problem statement based on the usecases I know of, and such a draft would require a lot of client upgrades and participation in order to have fruitful results. I am ready to buy the argument, if there is concrete data on actual usecases.

Rgs,
Panos



-----Original Message-----
From: TLS <tls-bounces@ietf.org> On Behalf Of Sean Turner
Sent: Thursday, November 21, 2019 1:57 AM
To: TLS List <tls@ietf.org>
Subject: [TLS] Adoption call for draft-davidben-tls-batch-signing

At IETF 106 there was support for adoption of "Batch Signing for TLS" [0] as a WG item.  To confirm this on the list: if you believe that the TLS WG should not adopt this as a WG item, then please let the chairs know by posting a message to the TLS list by 2359 UTC 13 December 2019 (and say why).

NOTE:
: If the consensus is that this draft should be adopted as a WG item, then this will necessarily result in a WG rechartering discussions.  We would have gotten to this rechartering discussion anyway now that DTLS 1.3 is progressing out of the WG.

Thanks,
Chris, Joe, and Sean

[0] https://datatracker.ietf.org/doc/draft-davidben-tls-batch-signing/
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls