IETF Logo Mail Archive

Re: [TLS] consensus call: draft-ietf-tls-ticketrequests

Sean Turner <sean@sn3rd.com> Tue, 07 April 2020 17:08 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 495DF3A041E for <tls@ietfa.amsl.com>; Tue, 7 Apr 2020 10:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTlZWte_UGaM for <tls@ietfa.amsl.com>; Tue, 7 Apr 2020 10:08:22 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B386D3A08E5 for <tls@ietf.org>; Tue, 7 Apr 2020 10:07:44 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id b62so106297qkf.6 for <tls@ietf.org>; Tue, 07 Apr 2020 10:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=8X2mxWub5pMIWmzltsae8wSgnXbbeJ6ws9G8mLxzORg=; b=MrpeABToT/prFXKBwTH3ZmIB+p5JxW/0bhyIi5jA7JAf/CRB2IXkzOD0TKOeJ4rla0 9L//tXxJIjjRs1fVlizAN0hsDoLOZRMQQqLBtpyL+WuZF1YFDrjX15s8PU6I0mEjTp99 bxbuYCJziSAOCeuAIBXGd4nSj5IZQPzd2w854=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=8X2mxWub5pMIWmzltsae8wSgnXbbeJ6ws9G8mLxzORg=; b=AiIkUOWGbR3t8eggTz8KXBVVx9galWtMVCjuPcqWStr0ajrY+xrSskxRXaIIeEXbyO yZHmguOqn2JmAelI70dHTOymXRsDdV9N0wQsVZWJq/aCZKK+4EAE+cCZXnZme6+N7ZDQ i1pmwUcq+iqHAP5YQDvBk8y9AdunkyUcyMn31Nmp4eRvEF/WM7cBfjOUrJrwtYd2t8Ic 8/nOnH1d6p3yO+6UYCiCLAVbjncuvdyRECGjX/u1P1aPzDK7JmFCSw4gZunG/f5kuvwL yBmeQNyp45fYKLy+b7NWbGhBZ7XTaIJttQLvQPt7D2GcPpr1TQhBIOOr48h3mwWYfIyb zN+A==
X-Gm-Message-State: AGi0PuZDboJMXJWqA5C4RbOFKZamZKtEFDsIi6jN4KNlKuPhmFg8qvkE BZGtsgczXP+0j2ALQ09pQmWH3G+ICF0=
X-Google-Smtp-Source: APiQypI7aO3me4jA2C1PudBAGwjqKWiLj3c9jCHmy0IgwgQ8ZD7APCLnvhjf+GvhJCJpUvB6OZ5dlg==
X-Received: by 2002:a05:620a:1185:: with SMTP id b5mr2804364qkk.24.1586279262404; Tue, 07 Apr 2020 10:07:42 -0700 (PDT)
Received: from sn3rd.lan ([75.102.131.34]) by smtp.gmail.com with ESMTPSA id z18sm18587013qtz.77.2020.04.07.10.07.41 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Apr 2020 10:07:41 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 07 Apr 2020 13:07:40 -0400
References: <4E07012F-AB53-4727-A309-D8A15222A433@sn3rd.com> <0E7E2E43-CC46-488E-981E-BF8417821D85@sn3rd.com>
To: TLS List <tls@ietf.org>
In-Reply-To: <0E7E2E43-CC46-488E-981E-BF8417821D85@sn3rd.com>
Message-Id: <A0684DA2-9389-42A7-98CA-84E41E915E35@sn3rd.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D1SxI_vfeyU-IKcgHhI9n3tHLgk>
Subject: Re: [TLS] consensus call: draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2020 17:08:30 -0000

hi TLS WG,

Thank you for your input during the consensus call to add ticket reuse text to draft-ietf-tls-ticketrequests. What we see are some very strongly held positions on both sides of this issue, but what we do not see is consensus to add text to support the ticket reuse case. What this means is that the status quo from C.4 of RFC 8446 stands. The chairs do not believe the SHOULD NOT from RFC 8446 needs to be repeated in this draft.

We will note however that we do see some potential for emerging consensus to add a second counter. To expedite reaching consensus on this point, we will run another separate consensus call to determine whether to add a second counter.

Likewise, we note that PR#18 [0] includes editorial changes as well as text from PR#17 [1] that will be merged if we decide to add a second counter.

Joe and Sean

[0] https://github.com/tlswg/draft-ietf-tls-ticketrequest/pull/18
[1] https://github.com/tlswg/draft-ietf-tls-ticketrequest/pull/17

> On Mar 4, 2020, at 11:06, Sean Turner <sean@sn3rd.com> wrote:
> 
> one more time ...
> 
> All,
> 
> The purpose of this message is to help the chairs judge consensus on the way forward for draft-ietf-tls-ticketrequests. The issue at hand is whether the client-initiated ticket request mechanism [0] should be modified to add support for ticket reuse, see [1] lines 160-214. As we see it, the way forward involves either one draft or two. To that end, we would like your input (YES or NO) on the following question by 2359 UTC 18 March 2020:
> 
> Must the ticket reuse use case be addresses
> in draft-ietf-tls-ticketrequests?
> 
> Full disclosure: RFC 8446 recommends against ticket reuse to help protect clients from passive observers correlating connections [2]. The PR supports ticket reuse for use cases for a server-to-server connection that has fixed source addresses and no connection racing; if adopted the WG will need to ensure that the security considerations are properly documented.
> 
> Note: There have been at least three threads on this draft [3][4][5]. Please, let’s try to avoid re-litigating the points made therein.
> 
> Joe & Sean
> 
> [0] https://datatracker.ietf.org/doc/draft-ietf-tls-ticketrequests/
> [1] https://github.com/tlswg/draft-ietf-tls-ticketrequest/pull/18
> [2] https://tools.ietf.org/html/rfc8446#appendix-C.4
> [3] https://mailarchive.ietf.org/arch/msg/tls/2cpoaJRushs09EFeTjPr-Ka3FeI/
> [4] https://mailarchive.ietf.org/arch/msg/tls/-7J3gMmpHNw9t3URzxvM-3OaTR8/
> [5] https://mailarchive.ietf.org/arch/msg/tls/FjhqbYYTwzgiV9weeCuxn0tHxPs/

v2.23.0 | Report a Bug | By Email