Re: [TLS] Setting Policy for Extensions

Nico Williams <> Thu, 28 July 2011 16:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C90DB21F8C1F for <>; Thu, 28 Jul 2011 09:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[AWL=-0.820, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mOXdmoffmrds for <>; Thu, 28 Jul 2011 09:34:00 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7356B21F8C1E for <>; Thu, 28 Jul 2011 09:34:00 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id F316520203C for <>; Thu, 28 Jul 2011 09:33:59 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns;; b=nkL6PzhJNMrt0butlqAiJ lDJkSXGQ3e4AfQjOLCKUcv/TA4l1FJLXsFCdiZNI9EuVQqCDaVI4XDlYjXjHL5Fe BiPbsUmVtxlL9TJM9IH0So53upnoy2uBYwt0DovKe/iVwL7/TstQbQ0Dk0J9q2Yn fyvVP5H/EOBqMwixB7VaVM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type;; bh=0r4jK4D+/1+xwfMYEhKZ 7l7Gha4=; b=w3fj0KDXiBDT7iyQYzOYOuz7x3R+31QLqsn9LsmmXl+iF2QEns5/ WmQ+6KLrZffh/ojF/3eLMW+f/diVmeSxszPAl5wEkoJFIYKVleodnK6uYlu8t33R taeOgw+VXhZhY8S6JlO0s0En04lWTDxN0RCHbEI8m+rKzO7w/rZBYus=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id A6515202038 for <>; Thu, 28 Jul 2011 09:33:59 -0700 (PDT)
Received: by pzk6 with SMTP id 6so4497207pzk.26 for <>; Thu, 28 Jul 2011 09:33:59 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id j4mr457249pbg.307.1311870839315; Thu, 28 Jul 2011 09:33:59 -0700 (PDT)
Received: by with HTTP; Thu, 28 Jul 2011 09:33:59 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Thu, 28 Jul 2011 11:33:59 -0500
Message-ID: <>
From: Nico Williams <>
To: Eric Rescorla <>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [TLS] Setting Policy for Extensions
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jul 2011 16:34:01 -0000

A better way to word this might be to say that all TLS extensions I-Ds
must be announced at an IETF mailing list that is appropriate for
discussion of TLS (for now, the TLS WG's list), and that upon request
by any appropriate WG's chairs or by any IESG members, any such TLS
extension proposal would have to require WG review -- the outcome of
which must be consensus on the question of whether the proposal may or
may not progress and/or whether it should be adopted as a WG work item
(thus requiring WG LC, not merely WG review).  I think this would
result in a high likelihood that folks who might object to a given
proposal would have a chance to have their objections heard, and then
for consensus to be reached.

Of course, there might be situations where objections will be ignored
(because WG chairs and IESG members are unwilling to request WG
review).  An appeal path to the IAB might be desirable, but I
seriously doubt we'd ever need it.