Re: [TLS] TLS process thread
Eric Rescorla <ekr@rtfm.com> Mon, 14 April 2014 14:14 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F7A1A02C4 for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 07:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iF2bGNqFSEWz for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 07:14:52 -0700 (PDT)
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2A51A011A for <tls@ietf.org>; Mon, 14 Apr 2014 07:14:52 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id q5so4088571wiv.7 for <tls@ietf.org>; Mon, 14 Apr 2014 07:14:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=6bUa4QichXDELf2gaaa+HSPgIlZnQDk73/sPxRlVEo0=; b=PApeDgv7JaxHTKDWlhBkM1pNxHLQRp4KibCR9v91hPrAJK8PUYNxeF/QtWww4Qs7mf A15TINDd9Qy1pC+c3JVZ9ZYT/sbj0xDBqYQNunnfz8qZhgoUKDVzD886GZIOcClXNoWe dB0g//gi1yQmk5ZxFKuIyG5/2tdh5fBsYUOELpS27sOpFkYb1nbuiKLgdcWyZDbdJJ49 Bbtad51uJClHH5dqGpHr30DHNJrTmqRXkXI0pnOAln9XQNabU53kKGTaI5wpigWXqXKc n7c36azL8t7JqBYqaNTNKap7+B0YDfq26xGSMc8kE7l8ILa4Iz0ZuOshhkQT51wbu4R8 dOPQ==
X-Gm-Message-State: ALoCoQnnGFca3F1KVj9kRJX1F0zPtUzaxT3ekS+cJuncE8Kz/AN5DA8iXbl81SyNIp9MGpOkRSR0
X-Received: by 10.194.238.231 with SMTP id vn7mr725388wjc.76.1397484889425; Mon, 14 Apr 2014 07:14:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Mon, 14 Apr 2014 07:14:09 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
In-Reply-To: <m2bnw4pgod.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
References: <9A043F3CF02CD34C8E74AC1594475C738AC00E25@uxcn10-tdc06.UoA.auckland.ac.nz> <CACsn0cm10Mc6V6XtdVjtooLi2piekdEjXmys2RgaU9NCDGxNvA@mail.gmail.com> <m2bnw4pgod.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 14 Apr 2014 07:14:09 -0700
Message-ID: <CABcZeBOa6Qu_n9i3=rM4bX-uNg0P1h_aGFttWzBaTvDO5TzDTQ@mail.gmail.com>
To: Brian Sniffen <bsniffen@akamai.com>
Content-Type: multipart/alternative; boundary="089e01493d6069e65604f7014ec3"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/AGb2jOKdnkVVc_H7e8-68ARlymw
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS process thread
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 14:14:57 -0000
On Sun, Apr 13, 2014 at 11:29 PM, Brian Sniffen <bsniffen@akamai.com> wrote: > > The most important simplification I can imagine is to make the handshake > implementation crystal clear and dead simple, up through an > authenticated and encrypted channel: amenable to formal methods, to > automated search for differences from a verified implementation, and to > high-performance implementation without much risk. This certainly seems like a useful goal, but of course likely requires feature set tradeoffs. As I noted in London, probably the biggest complicating feature is SNI encryption, so I'd like to take this opportunity to ask people to read and respond to Rich Salz's message about that: http://www.ietf.org/mail-archive/web/tls/current/msg11823.html Which reminds me that I need to do so myself.... -Ekr
- [TLS] TLS process thread Sean Turner
- Re: [TLS] TLS process thread Nikos Mavrogiannopoulos
- Re: [TLS] TLS process thread Paul Hoffman
- Re: [TLS] TLS process thread Stephen Farrell
- Re: [TLS] TLS process thread Peter Gutmann
- Re: [TLS] TLS process thread Watson Ladd
- Re: [TLS] TLS process thread Dan Harkins
- Re: [TLS] TLS process thread Brian Sniffen
- Re: [TLS] TLS process thread Eric Rescorla
- Re: [TLS] TLS process thread Eric Rescorla
- Re: [TLS] TLS process thread Trevor Perrin
- Re: [TLS] TLS process thread Douglas Stebila
- Re: [TLS] TLS process thread Klaus Hartke
- Re: [TLS] TLS process thread Paul Lambert