Re: [TLS] New Version Notification for draft-bzwu-tls-client-keyshare-00.txt

Aaron Zauner <azet@azet.org> Tue, 05 May 2015 21:01 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A623F1AD373 for <tls@ietfa.amsl.com>; Tue, 5 May 2015 14:01:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWTZYxwNkhG6 for <tls@ietfa.amsl.com>; Tue, 5 May 2015 14:01:57 -0700 (PDT)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB0EB1AD358 for <tls@ietf.org>; Tue, 5 May 2015 14:01:56 -0700 (PDT)
Received: by wiun10 with SMTP id n10so161940974wiu.1 for <tls@ietf.org>; Tue, 05 May 2015 14:01:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=Q6XhTAukLXa0XeOkxrsFgclX15fzQvANmbSjS7yKBBw=; b=Vc6axhe3qYd663oeAy88HZkjZdsej1spW23LaX6G8yCMa9COs+jv0yaJ23yHvvYVio 0mKbIzoTr134S3e3FfohDnFUWpQ8so64JIR8slGnrdfxghYxTeRymLnfa6FXoJFVfLa2 aJza+pXjVFSSPDLIuHC5+pXAJvi0VLv9g9mj6TrCVoEuHw0TlDzuBgTNKNG4hex73937 p+bPqbsPMdULSnmFTQWN9D1svHIO95CY3YKh4AHuYKl+bVNEtpA9lcxH9O6gtakq9m6J ASqY/7R5WU3XY4zN/m41M0wASdHQfVig+DSBNrjZ2nn/l4WlGy9J7lpBQmJemg2VkTID JPkA==
X-Gm-Message-State: ALoCoQk2uezbLOc4DxnLeAv5RLd8sJ/U/SYLDhBYQZ5oAIX80B36j40LIZiuTaaTsiN9DdDHqvoP
X-Received: by 10.180.14.193 with SMTP id r1mr7539701wic.47.1430859715463; Tue, 05 May 2015 14:01:55 -0700 (PDT)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id 9sm17194188wjr.11.2015.05.05.14.01.52 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 05 May 2015 14:01:54 -0700 (PDT)
Message-ID: <55492FBD.6060104@azet.org>
Date: Tue, 05 May 2015 23:01:49 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>
References: 20150429023006.30489.70916.idtracker@ietfa.amsl.com <fb6fdbc6-e62b-4ab0-a034-9f8ed98db809@alibaba-inc.com> <5549277D.7060404@azet.org>
In-Reply-To: <5549277D.7060404@azet.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigDF6A60A8551DC53190B274F7"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/7bFVkCxGRwygQkoRqtZxpZ8sPZg>
Cc: tls <tls@ietf.org>
Subject: Re: [TLS] New Version Notification for draft-bzwu-tls-client-keyshare-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2015 21:01:58 -0000

A few more comments:

  * Maybe the document should state that it's intended for TLS 1.2 only
    (as there's no reason for this extension in 1.1).
  * Why have the original as well as the new flow as figures? Would
    just detail the new message flow with the proposed extension.
  * The security considerations section has barely any useful info.
  * it might suffice to note RSA as key exchange in the security
    considerations section, since it's deprecated
  * it might be reasonable to state in the beginning that handshakes
    involving client certificates are entirely unsupported, thus not
    noting it as often in the message flow section of the draft.


Aaron