IETF Logo Mail Archive

Re: [TLS] Adoption call for TLS Flag - Request mTLS

Mike Bishop <mbishop@evequefou.be> Fri, 05 April 2024 02:38 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A65C15107C for <tls@ietfa.amsl.com>; Thu, 4 Apr 2024 19:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzlJKeSE51Cz for <tls@ietfa.amsl.com>; Thu, 4 Apr 2024 19:38:35 -0700 (PDT)
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2130.outbound.protection.outlook.com [40.107.100.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4025C14F704 for <tls@ietf.org>; Thu, 4 Apr 2024 19:38:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j2gS9OA5VS3Kb3HZFw4pv9vFNVzTtwp85pdFGngS65AzyX2DfV4bZTVVXLwQEuHFaxBNsnrnJxWYtw6nxgJORyMbsm5rH//Zsx1XFBFjQBy8co95hdJ69nTHGqdOPtoyDKFC1ea+B288ealTvtemNusAZhs/FamhIxsO4Mh5VOGuiz8JkU4S9dDqo0azynvJDmSolRfCeFP9l24eaSyrA9kBY4I7bwyzDx/gZTtflqIcSs7FQLR5gEmyBjcS3XidYP5fHVluZcME1hpdAeKqqL6rFlOkmn4u0gDjNeyf1r13mDGSGx90jZPcfgp5mOT5yNx0z1iv2iVYTXvDmI9zbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2CkZgM9fQuNW+JBvm2oF52DR0vVYTj9ppjz4spWt8M0=; b=lR9p2PggS88O6BsuwOI9lHH90XoZPIFH1e63TZubn3J8wRW8uLMbTMboYlxAKAVAxMcr7KsipAI77AMbhQXvUOEAIJoqQYl91b6gB7PFljACNfJP7UUfQUpq6pzbVQf6F7aorA/vcerVVdRxyxxT5bJxBOn3G0x1SjJSytJSz+pLuqCvBsKf12nMYPXFCOr68oDzK1vUlDy8QaoxiZPD/kyc2izQIL7KzxYO1iB/LgriWvA2aVc/+XJSkFVBbgRUSAHRgBu5tl9geh/L63eUY+8bKIDPkW+Qq7ZDpVPwTmPcAeGt8Nwl4hPLhm+5Y0HGrtdiGjBN4i/JAukETFw42A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2CkZgM9fQuNW+JBvm2oF52DR0vVYTj9ppjz4spWt8M0=; b=hGRpjXzlK+CgsYB/UOtsj8+10L4WGVbxPLXdjJTPCFAadX4vkAL8C3/dDknXK/rlPOmJPv1XEQQiQ/YH6trZWfbNw/PQV2WNK1RN/ocqdPanpV0iYyhcP/RiCJ7AnmgO5d4BdeVNS120UnPIYZx1slyb2yxwMsUHG2lTpe+jUdc=
Received: from SJ0PR22MB3096.namprd22.prod.outlook.com (2603:10b6:a03:42d::13) by SN4PR22MB2840.namprd22.prod.outlook.com (2603:10b6:806:207::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Fri, 5 Apr 2024 02:38:32 +0000
Received: from SJ0PR22MB3096.namprd22.prod.outlook.com ([fe80::11ea:5a78:3c33:f3e6]) by SJ0PR22MB3096.namprd22.prod.outlook.com ([fe80::11ea:5a78:3c33:f3e6%5]) with mapi id 15.20.7409.042; Fri, 5 Apr 2024 02:38:32 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Eric Rescorla <ekr@rtfm.com>, Watson Ladd <watsonbladd@gmail.com>
CC: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for TLS Flag - Request mTLS
Thread-Index: AQHahTMekzfAqOMeR0+K2s8Gj+yjH7FVZfEAgABFpwCAAFvRgIAApUIAgAJKdbA=
Date: Fri, 05 Apr 2024 02:38:32 +0000
Message-ID: <SJ0PR22MB3096BA38B9318777E11D19B3DA032@SJ0PR22MB3096.namprd22.prod.outlook.com>
References: <8957179A-14D2-4947-B196-B68988B0E3CA@sn3rd.com> <CAG2Zi20wUSFMFUiySQMoM08hpvLY3eLe_F8sWDG+F7T7=E0SOw@mail.gmail.com> <CABcZeBPgmrDo37sRpRos6pFkeoG6QjMGeLhYkpXCHsEw7GCtYQ@mail.gmail.com> <CACsn0cmP9_2zufm0dmgkQJkpwn=b7Y2cZ13N_zDfhggLYunMRQ@mail.gmail.com> <CABcZeBOJzEWtES9FYp2gvQriK_gsWWE8qrv9xKQZE0aGH+stEg@mail.gmail.com>
In-Reply-To: <CABcZeBOJzEWtES9FYp2gvQriK_gsWWE8qrv9xKQZE0aGH+stEg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR22MB3096:EE_|SN4PR22MB2840:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1mkqyNE4Su0QxCwfB2PTbrTBndEfN3xsBs78f0RFqYiymrJRdE8xkKX+sN9AF21PupdALFcEcUfYJqQzZxve9/UZu26ZhxCGH6yi2y+rDyb6iCGitW3jYmIYFc3S25/HRMnTCh08yNj7/Uxhlp9HJ1o4a8xpT+xIRu2j4/UhhNuunCiUOYc7p5ZNK8HCGl8MimMVMvoZJN6XYDee6NynpvXRcHC2KBTfTq48iv3BGZoZMPE+07V6u5xH+ByV+vaaapdYw/X5wk9U4aol/uzAAmL/ogjWT96OjwCyFQxMkC1MLmMjDP23GXPT12zMvmwUSt4eEUHlSSSfQSUliuwxIv+bsl19gKBqE3ymXYsUJaMiv2/d5o7PCZ6y1KKnTeRdR8HzCwz0YTZeTtW/3nifQ3FKZebzjgFju/37kRwa94Lb6M5H3unWjVAXUdd4ljcoNeMkilQAhIzKxHgXQXJPIGhnN9+7oRkTS7EMPjID5F36bgaDOu4x8r8x+ShkcxGEGV69srcfYnJy/zzM3Z+1yYKJjvNjY725O40UgMCEE1fKb3BSSj1b44yRAazqQDSNNLD7d2DGS+rK8ZsesZit+evq4L9ILLZDUHD6I4WLPnk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR22MB3096.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Q//VJr6Jd6Er9pYOF5Pmb0Xyd0O4FAOPZz4N5Nr9vDuxNq/lIdyJ5i8xq5bNGzfH/K6DelkYk+1WVCPcwfPIe5KKJGac7Tvh+WGy9Zt0UAUWJwK/PH7GUvsqjF9RxbKV9Wf4yGUfW6J43oNM5cw8NqBrVDGN6zAODzgQMtnD72DCxPy3mu2vw0fzvxdCr/ioVkyP3DaRgizFXeYZ0kWKBoAXG6hj0rmdtVy4/gSNAlqXAxDQSNbY63uB1WoCelfXWBBXOZ0bmpX/ouF4SJa/R//pwxlhsaun8LorP0pg1QpiJydDkBHHywZRhoHO++ztOpnpwuzRBYiOw0D0COJ9seKxCQkDqRUHlVW/6KWBzs6NQKuCA8og/h74cfOD6cGoofjaNcldCkEaPnJk+0zx52bCRa/p++//9ARA2Dex+65xVbB5Bq3ak7SSuf32e2K/bUk8/yI9A05y/xs1OZI7OS/UXuPAJqQq0PyRs8sx3aKkWXbnKcI3wJZQi90W5U7mKMN5gI6K5MLjz8WwuXXTe7ogLlrUVeXiztBy/quN/SMvHUyxboVeNkEpvikSMf+6BpgbRKA96Er/1kdE74s5jC7d6F/azN93FBOeBeLI3DPDt7GYLXJyzhmLnxLBJH00InYGZBiruosFLYeLLpIvfST6FujMAz3bNEapRJmL+WXGC6ZanDZS2lhvdjgKVdq24WbmBB9K6N0G2m9uuxEaS5RDwYrXiTIQgKq5Orz+KDycZyWZ7PP2KYEcctxz6Zp/B5XZ5lFmFIny0Mlh4BMW8GuR+KZOKNGUt+OjYzRuf8HyUjyJrkHuIX5T/leNHG0r3040rMumYmp7x69sJnikFzR5yfQ4tgRfy733umOzqZv6/lipmKSkPzKUFbW2oEPPHSEf9xO73TiJa/cpeU3chT55AOT+dXayAZzx7tDyZICKRcA5aMu+PdAFbpXDX0A7zbPVJhxSN8aW442iqAwcchmdgICFvs422A0OXhzZGY6fGdPzdMMNuFEoxOg2Auk6SEe2cYUwnZVY9W1lUINEgrn0APi5WGcqqSxt3r0jj8p+TSjSKuHW7f7ot1HosuoiolhG1S+YaIN8mde2NYEyflDpOq9zQDg9BBIuaJWwVkK2uwENGT98WkCrFMtcd4HjZreA2Iyf8XTJmdio5Ww2jCi2mac6Z8UBPKCaEYtiWKAvof96+wLYNYuQ1ZrdB4LmTQNSAVIt+Qoqw2BLQnkHMSzbtT9e57f7j+qb6fBhT4K5/nNmEO7HWhEUMSB4Z9ex6ZbPe328xkaKvnaRfPgrtSPfZcjki/lXOEyWJzQ2sme9huosaoiP1CxYcZ9x4xjOxoU6Wvzelwf+sN1tJGKswK4jZ3+2cNfgmdAJTOH3zdmW+rPCbV5VDPU5F/Msaspc3JwSjLv1bdBlC1gWYhzdzsnu6ewgxhBbUKZE95U9mPm7LRh99nEVpaZ08wWCy2BDR+WSFlwbVgqeZZes+yxNATVHTvQhKsvVFsnykrrj7YSk3sXFH/MsP/Md2MlU0coKX/oQ/+rhSUTOA1vsHzH9eWDlNOe5SSDgOt3Yjg/bHNhY7Vs44bfxOjkFxwwfdsnb
Content-Type: multipart/alternative; boundary="_000_SJ0PR22MB3096BA38B9318777E11D19B3DA032SJ0PR22MB3096namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR22MB3096.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f5f46e4b-68f0-414d-2998-08dc55197bfd
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2024 02:38:32.2448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: M2NRyKCHqNFX0mjX/McOt1isXyqBGHB9CnHYlQWBh8Tg/SEDktppb/Y/jLa/KBnWk64dzD4SuOlYoLi5/Gs6/g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR22MB2840
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DGn1a4RMCG6OPzBCZl4YHzMoygI>
Subject: Re: [TLS] Adoption call for TLS Flag - Request mTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 02:38:39 -0000

Ekr, can I ask you to clarify this a little? I fully agree that extensions to TLS which support a particular application-layer protocol should be done in that protocol’s working group unless and until it’s demonstrated that many unrelated applications will need something similar. (At which point, it probably makes sense to build the general thing, either in TLS or a new WG.) But this isn’t that.

For something that concerns the TLS exchange itself, the TLS WG does still seem like the natural home to me. Where are you suggesting the standards work happens instead? Are you suggesting that this should be registered to the I-D, or go to a new/different working group? The former path seems like it won’t get the review it needs, and I’m not sure any other WGs are appropriately chartered for the latter.

Personally, I support adoption for the use case. It sounds like there’s an alternative design that might need to be hammered out, but since it appears a document may be needed for either path, let’s adopt and argue about that later.

From: TLS <tls-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Wednesday, April 3, 2024 10:28 AM
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>; TLS List <tls@ietf.org>
Subject: Re: [TLS] Adoption call for TLS Flag - Request mTLS



On Tue, Apr 2, 2024 at 10:36 PM Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>> wrote:

On Tue, Apr 2, 2024, 5:08 PM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Adoption should not be required to register a code point [0], as the policy is Specification Required.

I'm mildly negative on adopting this document. What is the reason we need to spend WG time on this, rather than just having a code point assignment?

Well, don't we want to say how this is supposed to work somewhere?

Why? The attitude I am trying to get away from is that the TLS WG has to
be involved in every extension to TLS. Rather, we should decide what things
are important and spend time on them and then let others extend TLS independently
in areas we don't think are important.

-Ekr

I doubt this will take much time.

-Ekr

[0] As an aside the IANA considerations of draft-ietf-tls-tlsflags-13 should clearly have
a policy which matches 8447 S 7, which is to say that an I-D is sufficient.


On Tue, Apr 2, 2024 at 12:59 PM Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org<mailto:40cloudflare.com@dmarc.ietf.org>> wrote:
I'd like to see this problem solved. There was some discussion about whether an I-D is needed or all we needed was to register a code point somewhere. If most agree that an I-D is needed, then let's adopt it. I'm happy to review.

Chris P.

On Tue, Apr 2, 2024 at 12:22 PM Sean Turner <sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote:
At the IETF 119 TLS session there was some interest in the mTLS Flag I-D (https://datatracker.ietf.org/doc/draft-jhoyla-req-mtls-flag/); also, see previous list discussions at [0]. This message is to judge consensus on whether there is sufficient support to adopt this I-D.  If you support adoption and are willing to review and contribute text, please send a message to the list.  If you do not support adoption of this I-D, please send a message to the list and indicate why.  This call will close on 16 April 2024.

Thanks,
Deirdre, Joe, and Sean

[0] https://mailarchive.ietf.org/arch/msg/tls/9e2S95H9YgtHp5HhqdlNqmQP0_w/
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email