[TLS] Review of draft-guballa-tls-terminology-03
Eric Rescorla <ekr@rtfm.com> Tue, 26 April 2016 17:46 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D382812D534 for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 10:46:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ETeQLvaWEYrV for <tls@ietfa.amsl.com>; Tue, 26 Apr 2016 10:46:29 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AFB612D552 for <tls@ietf.org>; Tue, 26 Apr 2016 10:46:29 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id t10so26387313ywa.0 for <tls@ietf.org>; Tue, 26 Apr 2016 10:46:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=JGn3jPWAhvtp1uoQspB0gEKVYen7aHSm7UPfW5usVC4=; b=Jrx6pQ+R6aTRzZcikBIVBHNtA4JqqyVKxZEfWa/+mupzvzsAl/CH7zZN2/sdi+rmPd jOiB84IDLD1BEePFp6h0O49IRcTnoZc22VA6bSfKGWDKTl+c+2bq67gQbKumTdbghNld IRrVYP9MXPfsy38I6RcMdtRMqcTCiMAV605Q1aCUviTiNG3ErSi5Arm9BAkXjqSTNig7 KO8yKxku1nyMgSBOkBq67wYm9cOoxZ5Z8E63bUWv1IguMTWDAGLLjigJd2nWEEDUAQpL DuRn1lB1+j5JsBSRufJjv01ylyhbk9fk1Vwtumurwjr0nZf1hrMJeCdHZEX3CR5GABI0 inmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JGn3jPWAhvtp1uoQspB0gEKVYen7aHSm7UPfW5usVC4=; b=Fxv/IA1wMaY7zuJcLxXLzl4U8SXXE894QnCq0IeOmINheMokuGHt8Hgp9FFM0vMK9a RL/uz/xO4Ypjbkawve+EYgBhIpKQv/1DvlshPogizID3E6uC9KS3NxDTK9kb+2vgoKJU a8WKGFrFuXEDVaDFnaXZAOuSCWqy+EeU8QxV+1KYjxKXdvB4jzJDi9N1TrxsVq8n/1H8 74AAo9HchuTAmo3dAUBz4eapBbeQy7z9XqlT1DJoV6XstJD8cLGuH+JSgNLq42jCVjmD 2X2W2zI0DBn4UCO4EMhgXbTRk0asWslnS6xich9957Q8uEG/qUmw7hb8ZHhOCGIqSjzq YcdQ==
X-Gm-Message-State: AOPr4FVJomAl1H2Ztoi7JEid07UfSzNOV2hvdiZLqKDg6Q67VFWTubEHOquWLeMLQnTFDPYZt82UBfwJ8PViVw==
X-Received: by 10.37.198.2 with SMTP id k2mr2132645ybf.82.1461692788371; Tue, 26 Apr 2016 10:46:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.132.12 with HTTP; Tue, 26 Apr 2016 10:45:49 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 26 Apr 2016 10:45:49 -0700
Message-ID: <CABcZeBO41EEFDyWdWS=ZW984BBWwm_akM3LpMe0VZ2KxKHRVfQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c08c9506c28d6053166df2e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/C0yRdG_kVsklmuQvL6Yo7VB19jc>
Subject: [TLS] Review of draft-guballa-tls-terminology-03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 17:46:34 -0000
I recently reviewed draft-guballa-tls-terminology-03. Comments below. OVERALL I'm sympathetic to concerns that TLS terminology may not be as precise as one would like, but IMO this document doesn't make things significantly clearer and in some cases makes it worse. Specifically: - (D)TLS is intentionally defined without any tight binding to the underlying transport. However, this document tries to tie it to IP semantics, which is not helpful and doesn't match existing practice. - This document introduces a number of terms that don't exist in the (D)TLS documents (e.g., "Transient (D)TLS session"). This is just going to cause confusion. In general, I don't think that having a second document that acts as a glossary for (D)TLS but isn't part of the main documents is going to help much. If the authors feel like the terminology in TLS is imprecise, it would be more helpful to suggest changes to TLS 1.3 (e.g., via PRs). DETAILED COMENTS S 3.1.1. There's no restriction on TLS that a given endpoint is attached to one IP address, and in fact, it's common to run DTLS in multihomed configs (e.g., DTLS over ICE). S 3.2.1. Again, (D)TLS isn't bound to the port or IP. S 3.2.2. This whole notion of semi-permanent versus transient isn't helpful, especially in the face of tickets. S 3.2.2. This is just a new invented term. Please don't S 3.3.1. Destruction point doesn't seem useful since in many cases it's "unknown" since it's in the future S 3.3.4. In DTLS you can respond to a ClientHello with a HelloVerifyRequest as well. S 3.4.4. "message sequence" seems invented. S 3.4.7. I don't think it's helpful to import ITU notions of connection state here, especially in the face of stuff like false start. S 3.4.12. Copying the session state here doesn't seem that useful, especially splitting it into two states.
- [TLS] Review of draft-guballa-tls-terminology-03 Eric Rescorla
- Re: [TLS] Review of draft-guballa-tls-terminology… Schwarz, Albrecht (Nokia - DE)
- Re: [TLS] Review of draft-guballa-tls-terminology… Salz, Rich
- Re: [TLS] Review of draft-guballa-tls-terminology… Melinda Shore
- Re: [TLS] Review of draft-guballa-tls-terminology… Guballa, Jens (Nokia - DE)
- Re: [TLS] Review of draft-guballa-tls-terminology… Eric Rescorla