IETF Logo Mail Archive

Re: [TLS] Enforcing Protocol Invariants

Eric Rescorla <ekr@rtfm.com> Sat, 10 November 2018 10:30 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE007130DD9 for <tls@ietfa.amsl.com>; Sat, 10 Nov 2018 02:30:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xU5itUSg3Vm4 for <tls@ietfa.amsl.com>; Sat, 10 Nov 2018 02:30:39 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 702C8130DBE for <tls@ietf.org>; Sat, 10 Nov 2018 02:30:38 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id k19-v6so3662461lji.11 for <tls@ietf.org>; Sat, 10 Nov 2018 02:30:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=e8xN9wD5kmRcDGjHfiNSHhwKxAOVEyMKbx/Iyph4nqo=; b=nlmpSdIpOuYlnm349BSbkIn5lE+lgoDXYp+g44CKogHSQnOyhI8ChMU5WJckONhevT Ug5MaoqWMj1j3RISTFbRvf32MZQTGZOOGWQdnDYajfUIpv5fHrtl48Xm8fnTUbmvXPtn Iq46HWKUAebhL6d8ZM8K89FGO5mekmfyrPZaIopmQ5HfjDmvDUuqegLbBEdUtDxunkX7 X0sTHuRZkbr/0gkuBOV8CfFLt7bCJ8jl1vx5uwMVmNvweCWY4HzfN5389MFg6V7zQguE bj+tvgEnfwBHVYrbM+bilKsTEhWqzT65+dcuJ5T+w/693Q1/sfsD1jvectfzegzMF0Y1 e3sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e8xN9wD5kmRcDGjHfiNSHhwKxAOVEyMKbx/Iyph4nqo=; b=sIbP59Tu/WGDqH5SELyLrk+lJTDrJQ8CwIAiKeCOPESydtfbIL9oFGsB/jT18uNKO9 qdCPUpmTyS2CGOhbtfOlDBngslJex6T/Cb5q8+8gEw9rlG6VX4RTBr7ruBhByVOOmZLi PCbfR086YIQnRhWofGY2W3YGNh6iULD3E/R+XGvDP28qL05eSiF7ZZntvMEDyv0eKshH EOfO5UUBx/gbSh4hawoaiMHaqGQY2DLbBMQCwblBrtsOkqkLUEmCWb9cTlmoZB+UAdgj ZMaPid8FT5rZmVsnKMzdFAy7L3uj/gusW9dMEzpblvA09H46GQEnRBPtE1lJkVJdRRnm XzcA==
X-Gm-Message-State: AGRZ1gKFnERMJMJ6vJty5UGTVzQs8XNbysCuG1HA1NOjVD2qNFHkiRAh AmhexwieyzD7pR7DjE7J4z4YAF3rDaSJTThgrcBK5lvkKZ8=
X-Google-Smtp-Source: AJdET5c/vuRRkX5/OYBXPE+QAqKoNdWJrhc74szr88go0XoHOV2Q4Diug24pm4bpK7xKzv6drEHIwZQTO5hP3pxK3/E=
X-Received: by 2002:a2e:5418:: with SMTP id i24-v6mr8318486ljb.51.1541845836632; Sat, 10 Nov 2018 02:30:36 -0800 (PST)
MIME-Version: 1.0
References: <CAO7N=i0g9d9x5RdF_guKm3GDAxVRHSV+eHffs6kiJm6dWO7tvw@mail.gmail.com> <CABcZeBPb2aPE3eXsqD5-qvWO88W=iMRxZ9YgCXZiTSGAPBDMxQ@mail.gmail.com> <CAO7N=i2L9mY1kdZNhgSV90e5FN64VBh0miApQv_9ws9fCdaGVg@mail.gmail.com> <CABcZeBNMVcidMGAE2XeSqpYRriUke_wmXvc6m5WVto7j6eM8vA@mail.gmail.com> <CAO7N=i0Jd03PoppWgoY=n4UE7rwmwvtEn=ryuug8PfM+Bdr+qw@mail.gmail.com>
In-Reply-To: <CAO7N=i0Jd03PoppWgoY=n4UE7rwmwvtEn=ryuug8PfM+Bdr+qw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 10 Nov 2018 02:29:59 -0800
Message-ID: <CABcZeBO+LJ4QcTUZemgG7+Nz3SsDZkgtFwxBsvk1_YV64tWGOw@mail.gmail.com>
To: Ryan Carboni <ryacko@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000642d62057a4cf59d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7TR_-TnW52OxeNZmzkxLXw-x7xA>
Subject: Re: [TLS] Enforcing Protocol Invariants
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Nov 2018 10:30:41 -0000

On Fri, Nov 9, 2018 at 10:20 AM Ryan Carboni <ryacko@gmail.com> wrote:

> Okay, a modern browser connecting to a server owned by billion dollar
> corporations are able to implement the latest version of TLS, I’ll concede
> that. Regardless, I can only underline one point: any new protocol needs to
> break both compatibility and be downgradable, and require a small amount of
> code. It probably wasn’t wrong for the average browser implementation to
> downgrade upon connection failure before, it certainly seem more sound than
> any gritty details of recent protocol design.
>
> Furthermore, TLS 1.2 is perfectly fine, and so is TLS 1.3 by everyone’s
> statements. If so, a new protocol has no need to quickly replace either one
> of them, but instead have a high likelihood of being superior and simpler,
> and performs better according to current design of the internet.
>

This thread seems like it has drifted afield of the TLS WG, which is
chartered to work on TLS.

-Ekr

And possibly list recommendations for how out of scope issues could be
> resolved in a subsection for the inevitable RFC describing it. Boot entropy
> can be solved by increasing boot times by one second. Reminders of various
> Javascript functions to ensure authenticity. Etc.
>
> Google’s idea to rush out experimental protocols looks disgusting to me.
>

v2.23.0 | Report a Bug | By Email