Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Eric Rescorla <ekr@rtfm.com> Mon, 03 February 2020 05:02 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27BD81208C6 for <tls@ietfa.amsl.com>; Sun, 2 Feb 2020 21:02:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRd8IAJK_YQr for <tls@ietfa.amsl.com>; Sun, 2 Feb 2020 21:02:23 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53D4D1208C5 for <tls@ietf.org>; Sun, 2 Feb 2020 21:02:23 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id z18so8737774lfe.2 for <tls@ietf.org>; Sun, 02 Feb 2020 21:02:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=38SPibAwmap8efbOlDSlfBJtl3XelhczcbEqv0MPpCU=; b=FScpUx26bTeERaxk94+sC93XbpSouiHbYrcd37P1Ouia2RMm/PAEku+DaGIMVpZS9E 4CGpZfKTiRhXcE+gj0yT+XpKHV7G83Vnvxfa4JCTmzqZvnyWMRbmKuYMV6gUsmabWVRw r5HmYS7NQ1oy2HVIqUp3gNz1/eHzyI3Hx+bt2S8sI0oZ2Dn02ikx97jw+ZMs6WlqzghZ 8sFwVeICghDRhi618BsUX2akDWaD2JrR/CBltWyb3eCU0/SgSWSrcihRYiwu64FcGjk0 SwLDIOOSfWk37YR7gbY+QDnkU9nW8kOniAVNF2aBdw3FPAIi6YUHMwRO1OsDEEEg+ClQ GQ7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=38SPibAwmap8efbOlDSlfBJtl3XelhczcbEqv0MPpCU=; b=eKlLkEgEwG3+ckIOk/72CcYPJZddQiXUBQ9MpjQ5OCxspOIEZ7dYYu3pAtbkbiHJzP YWCQl43QzC8dPvMcXjHMrgp/0y/IdpcifUucrE9eQsu4aW4Kb1NfSNPkwrm/nDDwWZ0d 3EZPIrIjvdNNkAnULgfXFv2djewscX4O/6ZFrK+KX5hcXOe9BiLiHN3uDzOfoGIj4lHf AM14u/4uewQtzepUe2ZdT2TpKjh1IEL8XUllv8n1zXJvTre/ZraNv4JrKFra2Nvl6lfn uq2iJHt4MgAcWVQlQgzXr9lGkB5oTmYG0mYnaRYzkX8WBJv9sfGxN+CyDUQiaENYCI3e qWsw==
X-Gm-Message-State: APjAAAVp4qmfzmV89o+RzrG89kVkcUaxLrYQlH+KvCsCbldac4jXVwSR ObcBPYJohhs+5DgZ5cMq0pvvRRcSeIEQoWEXjmadoA==
X-Google-Smtp-Source: APXvYqzeZWutO25os0OWuSSD6aLEXiYLBaDZq/dqNnOFD2oe4z4og5/dI20O6hM3Rl+LZumrwL5M97zF5GnvPjQ7zV0=
X-Received: by 2002:a05:6512:64:: with SMTP id i4mr10936314lfo.55.1580706141560; Sun, 02 Feb 2020 21:02:21 -0800 (PST)
MIME-Version: 1.0
References: <20191117002249.GV34850@straasha.imrryr.org> <CADZyTkmaUVj=sFdgg93MuM2au0B=1M1k3yCA1XDoaAneVDmnNw@mail.gmail.com> <14690874-E301-4BC0-B385-00DEBCBA94C2@apple.com> <20191120034812.GQ34850@straasha.imrryr.org> <5FBFE820-8C53-4B32-9520-343279C1A6CC@apple.com> <20191120064819.GR34850@straasha.imrryr.org> <CAPDSy+6DFJ+OYRtYK6eEiUt1noiik4KxqrGFx0ro_RL2Mft_VA@mail.gmail.com> <fd37bd2a-c799-4bf4-95b3-65943681683b@www.fastmail.com> <20200121055411.GJ73491@straasha.imrryr.org> <CABcZeBP=BetaxVo5v-khdykP0U3P6j-e+hL307o8Wn3KC9rmhA@mail.gmail.com> <20200121224610.GR73491@straasha.imrryr.org> <CABcZeBOq+mvY4mx+VT0QB08b67noqZyvr0NE-_YMGsz5VoSDuA@mail.gmail.com> <CADZyTkmvJRCNXMU4vS_4Q6soD3_+b2aHLSVdSXeK5+WCWQr+Ew@mail.gmail.com> <CAChr6SwkwEntnigHaQ8rnN0Ku_MKbGcFFh4EBSaUtrxfQaMdUg@mail.gmail.com>
In-Reply-To: <CAChr6SwkwEntnigHaQ8rnN0Ku_MKbGcFFh4EBSaUtrxfQaMdUg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 2 Feb 2020 21:01:45 -0800
Message-ID: <CABcZeBPiq8-2xT_E2A8OtDCN6p3ZQuK19Cxso28+C1tCyeUs=w@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000ff396059da4d453"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7-4o7zJ5ppKO7tdj1Um48Pybtyo>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 05:02:25 -0000

On Sun, Feb 2, 2020 at 7:40 PM Rob Sayre <sayrer@gmail.com> wrote:

> On Sun, Feb 2, 2020 at 11:52 AM Daniel Migault <daniel.migault=
> 40ericsson.com@dmarc.ietf.org> wrote:
>
>>
>> On Sun, Feb 2, 2020 at 12:09 PM Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>>
>>>
>>> 1. TLS 1.3 takes the position that reuse is bad and that position
>>>    is for good reasons, so we shouldn't undercut it in a new
>>>    extension.
>>>
>>>
>
>> . Appendix C.4 discourages tickets re-use when Client tracking is a
>> concern. The section uses SHOULD and not MUST. So, in fact, TLS 1.3 takes
>> position this is not mandatory to renew tickets.
>>
>
Somehow I didn't get Daniel's email, so responding to it here.

C.4 is not conditional. It simply says "Clients SHOULD NOT reuse a ticket
for multiple connections." My point is not that servers which do not renew
are not compliant but rather that TLS 1.3 has taken the position that reuse
is bad and therefore we should not add an extension to facilitate it.

-Ekr


> thanks,
> Rob
>