Re: [TLS] AD review of draft-ietf-tls-rfc4492bis-12.txt
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 02 March 2017 08:18 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9456129459 for <tls@ietfa.amsl.com>; Thu, 2 Mar 2017 00:18:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1NK44jgUoRHT for <tls@ietfa.amsl.com>; Thu, 2 Mar 2017 00:18:24 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5DDB12941E for <tls@ietf.org>; Thu, 2 Mar 2017 00:18:24 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D3160BEAF; Thu, 2 Mar 2017 08:18:21 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYk1W6c51gLF; Thu, 2 Mar 2017 08:18:20 +0000 (GMT)
Received: from [10.87.48.75] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 37439BE5C; Thu, 2 Mar 2017 08:18:20 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1488442700; bh=2dodsedm2nEILZAuZhJ+PzJtFf7D6O9DiQ49npaCfVA=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=QCo1NDnVNm2XPxjzOtk7nVY1iYJ8BsuGhzty7DXbIDO/p64619SoHnlH30vDTu46S bpP61d4IK7HHbyr10oe2MH9smgY5kI2zScOnZqbY17agojXZqMpTwUmGPZi6pFOMsq tG694H2RMfGb/n8/gxt59AjX+XaB1KwIA2Cl21T4=
To: Yoav Nir <ynir.ietf@gmail.com>
References: <f6240519-9835-9568-99ab-9635ad2236fa@cs.tcd.ie> <087331C6-E504-4FDA-A689-95F0F4080F1D@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <d78b4031-af1e-c9db-499e-529dc1042b02@cs.tcd.ie>
Date: Thu, 02 Mar 2017 08:18:19 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <087331C6-E504-4FDA-A689-95F0F4080F1D@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ljMB642BAK1uk9q0O8eX4iGFfkEcJt3an"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9FoimTBzClRaA5de9uLnWMYg3hQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] AD review of draft-ietf-tls-rfc4492bis-12.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 08:18:27 -0000
Thanks Yoav, Those all look like fine resolutions for my comments. Cheers, S. On 02/03/17 06:47, Yoav Nir wrote: > >> On 17 Feb 2017, at 18:58, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> >> >> Hiya, >> >> I've had a read of this and asked for IETF LC to start. >> >> My comments below can be handled with any other IETF LC >> comments. >> >> Thanks, >> S. >> >> - Bits of this are fairly complex reading, given that ECC >> isn't trivial and nor are the changes nor how they were done >> to keep some things more or less backwards compatible. It'd >> help I think if we could say something more about >> implementation status in the shepherd write-up. > > In light of RFC 7942, I’ve added an Implementation Status section to my working copy (soon to be pushed to github). > >> - abstract: doesn't this need to say that this obsoletes >> RFC4492 in the abstract text. (Yes, PITA formalities, I >> know:-) > > Added. > >> - 5.1.1: "Note that other specifications have since added >> other values to this enumeration." Could/should we reference >> those others? I don't care, but someone will ask and it'd be >> good to have the answer in the archive if it's "no, and >> here's why…" > > I think not. Same as the main TLS spec doesn’t mention every GOST and CAMELLIA that people add, we don’t have to mention Brainpool. But I will note that some of these additions are not curves at all. > >> - 5.1.1: Is this text still correct: "secp256r1, etc: >> Indicates support of the corresponding named curve or class >> of explicitly defined curves." Do we need to say there that >> we're ditching explicitly defined curves? > > Yes, it should. > >> - 5.2: Is this still right, given the deprecation of >> compressed points earlier? " Note that the server may include >> items that were not found in the client's list (e.g., the >> server may prefer to receive points in compressed format even >> when a client cannot parse this format: the same client may >> nevertheless be capable of outputting points in compressed >> format).” > > Right. The example no longer works. I’ll remove it and say that there’s no other options than uncompressed. > >> - 5.3: Doesn't this need a change: "...unless the client has >> indicated support for explicit curves of the appropriate >> type"? Maybe more change is needed in that para as well? > > I removed the whole sentence. There are no more explicit curves. > >> - section 6: Do we still need the *_NULL_* suites? > > Did we ever? But I’m sure somebody uses them somewhere for something. Unlike weak encryption, they don’t tend to end up being used when people encrypt things. > >> - Just checking, I assume this is down to editing history >> but what happened to TBD1 and TBD2? > > There were determined :) > > These were Curve25519 and Curve448. We got temporary assignments so that Google and others could deploy them. > > Yoav >
- [TLS] AD review of draft-ietf-tls-rfc4492bis-12.t… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-rfc4492bis-… Yoav Nir
- Re: [TLS] AD review of draft-ietf-tls-rfc4492bis-… Stephen Farrell