Re: [TLS] WG review of draft-ietf-tls-rfc4492bis
Hubert Kario <hkario@redhat.com> Thu, 04 May 2017 12:41 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6EEC120727 for <tls@ietfa.amsl.com>; Thu, 4 May 2017 05:41:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.223
X-Spam-Level:
X-Spam-Status: No, score=-4.223 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6u7MS4fLFZ6C for <tls@ietfa.amsl.com>; Thu, 4 May 2017 05:41:30 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B165E126BF6 for <tls@ietf.org>; Thu, 4 May 2017 05:41:29 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5062DBDD4 for <tls@ietf.org>; Thu, 4 May 2017 12:41:29 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5062DBDD4
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=hkario@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 5062DBDD4
Received: from pintsize.usersys.redhat.com (dhcp-0-115.brq.redhat.com [10.34.0.115]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1613C7E2C0 for <tls@ietf.org>; Thu, 4 May 2017 12:41:29 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Thu, 04 May 2017 14:41:22 +0200
Message-ID: <4372384.YAPbqjqF3g@pintsize.usersys.redhat.com>
In-Reply-To: <F7262846-0E93-4780-B051-8DB1253ADCE5@sn3rd.com>
References: <F7262846-0E93-4780-B051-8DB1253ADCE5@sn3rd.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart6763987.6lAOXSEbUL"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 04 May 2017 12:41:29 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D8dLhazuWypkL_TqAfwzftFdqSg>
Subject: Re: [TLS] WG review of draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 12:41:32 -0000
On Tuesday, 11 April 2017 15:09:04 CEST Sean Turner wrote:
> All,
>
> draft-ietf-tls-rfc4492bis has been revised since it left the WG and we agree
> with Yoav’s statement at the mic in Chicago that the WG should review the
> changes before we ask Kathleen (our newly appointed AD) to continue
> progressing the draft. Please review the differences from the -12 version
> that went through WGLC and the latest version [0] and let us know by
> 20170426 whether there is anything that would stop progression of the
> draft.
I know I am late with the review, but I'd like to ask two questions:
1. In table 2, the "key authorised for use in digital signatures" was
removed.
Does that mean that key usage extension in X.509 certificates should be
ignored?
2. Given that RFC7919 is already accepted, standards track document,
shouldn't "NamedCurve" references be renamed to "NamedGroup" (e.g. in
Section 5.5.1.)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- [TLS] WG review of draft-ietf-tls-rfc4492bis Sean Turner
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Benjamin Kaduk
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Sean Turner
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Hubert Kario
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Kathleen Moriarty
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Sean Turner
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Kathleen Moriarty
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Hubert Kario
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG review of draft-ietf-tls-rfc4492bis Yoav Nir