Re: [TLS] Comments on draft-ietf-tls-tls13-18

Watson Ladd <watsonbladd@gmail.com> Wed, 02 November 2016 04:57 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E532D129436 for <tls@ietfa.amsl.com>; Tue, 1 Nov 2016 21:57:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHJ9f0Jt6PdS for <tls@ietfa.amsl.com>; Tue, 1 Nov 2016 21:57:20 -0700 (PDT)
Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAA441293E8 for <tls@ietf.org>; Tue, 1 Nov 2016 21:57:20 -0700 (PDT)
Received: by mail-ua0-x22d.google.com with SMTP id b35so3745269uaa.3 for <tls@ietf.org>; Tue, 01 Nov 2016 21:57:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ESgi7DhkYkmkySN/tp6O3DjRAA6FY9McGO7VfCQmVcU=; b=ohILwAYDV9xvhxPQgtdwrcgAOKwEElt9658aBTSrQ5eaeM+eQ9jLOInMjbsb3XOsQu /ZL39rqpxQBr00Lge5eyxFcLNW5hnL6NG4N71uGPV3eYyWH9Y+S95gl4XHkufHx5ghUh aChAjvEYu5tEjxsYJXOIqXEapAIzVG6nS3Dw245ehWihhEc4cvUdlUBMaJ3XcMUf/ibn qgSlCeyOgdoBIhluvtV5Bs+l6DsLmFvxVd3mU6u3USWH5U6NHc5cqw8R8zmklnhCy2e6 ViEiYQurRm7wl0+8kuVG5P2zPy8d619EMZkqp74U6QQ9CEQBPe5SNqJXiRThoHcJ3qD7 jjVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ESgi7DhkYkmkySN/tp6O3DjRAA6FY9McGO7VfCQmVcU=; b=fTI4ojGOQt1lxE3N62gfKEjUeGF/tDd14i+PIQZEAiSLP4vvigMsTEC2AyEXCZ0p52 lQTLe4Dc1URL6m057rjeIO1j6HyQQ24x8FrHMxYDIT5HqMHO11l220hCwYcDBRCqTm6B gL4usuaIUX9om/mQJXRhEFaHNrRoFsDkMixUoRc9OrYUwzS+Ha4M3+3SfXdyaoEJmxjJ 3WckOxk8tIIv6twVKywcxMnfp0pzYrBypZp7MCd7cqc0+qnndJ/i5zw7uHNVglX0a5IG ljnxdlo/Q075GbV64HNN5pr3ChWmsnH4xXiz1saNmLSD97bXrsuS1f+GfI7CNOY0LHd+ RiPw==
X-Gm-Message-State: ABUngvdVeBmYrxgGF6ZobsklfA/wBC+qpCm/xQIrCNe7oMZeT0YUuOV2mFU60jrAT40JKry2ypEU9NEg8Y2NNQ==
X-Received: by 10.159.37.235 with SMTP id 98mr1046954uaf.115.1478062639756; Tue, 01 Nov 2016 21:57:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.68.135 with HTTP; Tue, 1 Nov 2016 21:57:19 -0700 (PDT)
In-Reply-To: <CABkgnnXXesHQVbsCRFFg1NQKBHcBL42tx9qanaG0uq6j=MVCEQ@mail.gmail.com>
References: <CACsn0ckbKRRy0sQ+i8bNLSqh-mqAb0UMHY13CyzmonGj8cL-qQ@mail.gmail.com> <CABcZeBOGc0rfEFB8BYwtSw6-EJ5bFav5mLCz4a2T7XXUHN5sDA@mail.gmail.com> <CACsn0c=QYM7TZwWFzifYLa0ebsGaKdAVtjJ9XapX6T6HvGiV8w@mail.gmail.com> <CABkgnnXXesHQVbsCRFFg1NQKBHcBL42tx9qanaG0uq6j=MVCEQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 01 Nov 2016 21:57:19 -0700
Message-ID: <CACsn0c=tXjfVQ=p_rp9qv9dA=guO7GpfDtQF-WZ35tDbmc97wg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6Z5c9f9W9AJtRCEJHYQt0A_btCU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Comments on draft-ietf-tls-tls13-18
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 04:57:22 -0000

On Tue, Nov 1, 2016 at 9:30 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 2 November 2016 at 02:45, Watson Ladd <watsonbladd@gmail.com> wrote:
>>
>> That sounds good. The more we can turn bugs into ones that violate the
>> spec, the easier it will be to get them fixed. (Hopefully)
>
> failure to interoperate >> violate the spec
>
> I know that NSS rejects multiple HRRs.  I expect that Boring does too
> (couldn't be bothered to check).  That means you have to be even
> lazier than I am with interop testing to make this mistake :)

A conforming client will not produce Client Hellos that trigger
multiple HRRs: it will listen the first time.


-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.