Re: [TLS] Consensus Call on MTI Algorithms

Yoav Nir <ynir.ietf@gmail.com> Thu, 02 April 2015 21:28 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47BE21A6EF4 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 14:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHDiIoILmbN8 for <tls@ietfa.amsl.com>; Thu, 2 Apr 2015 14:28:15 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EB341A6EE1 for <tls@ietf.org>; Thu, 2 Apr 2015 14:28:14 -0700 (PDT)
Received: by wizk4 with SMTP id k4so28289947wiz.1 for <tls@ietf.org>; Thu, 02 Apr 2015 14:28:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nNCqwHajq3ST+4CeHqe4d9gbO83evVR05VHKtn0D6Dc=; b=gd48r2WbqSGylN3hHfWeLERd36Qm/vIk451/yxAMsXhyTpiQcFNuhZHGpvtH0jwbUm lwbpXBmJETqqp1H2hlpTDTc1JtihXPNQhzUA86nKsuTOSeBJs0rLvYDRj1YVnWoAe3vH x7OZ7uQFYT2m1uOqTyqTDnd/dxqw8YA5F+YHaGZzoZ00oYwQihmBav784LLK1s8Fhce3 pL76J8wWSmOWf3PPG9JqKgofqnS9hJRzwOXwsRhtRsfnN/fCHxU3MfW1Mz0yZMASKnaD 7nZ9Ndse5m2o9A6vpOO8hdmcshvVAaHEUK0GFsDANIvrngdHMfLYITOxCFJHaYCRsYFN 7bVg==
X-Received: by 10.195.11.73 with SMTP id eg9mr95419043wjd.62.1428010093349; Thu, 02 Apr 2015 14:28:13 -0700 (PDT)
Received: from [192.168.1.17] ([46.120.13.132]) by mx.google.com with ESMTPSA id cj9sm8865037wjc.42.2015.04.02.14.28.11 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 02 Apr 2015 14:28:12 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <201504021612.35877.davemgarrett@gmail.com>
Date: Fri, 3 Apr 2015 00:28:09 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <45AA2438-891F-4B36-AD2C-EA06D57ED8EF@gmail.com>
References: <CAOgPGoBk+E=cNV1ufBaQ0n7=CJQ34zukPixKCEdpmMLBX=Kg_w@mail.gmail.com> <FDDE70B3-6AB0-4702-A713-70B118CA22C1@gmail.com> <20150402194417.GJ10960@localhost> <201504021612.35877.davemgarrett@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ECVHCUEBRY-LZ9V3j-dSuhGt1TI>
Cc: "TLS@ietf.org \(tls@ietf.org\)" <tls@ietf.org>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 21:28:16 -0000

> On Apr 2, 2015, at 11:12 PM, Dave Garrett <davemgarrett@gmail.com> wrote:
> 
> 
> Serious answer: Just write a separate IoT TLS spec that just contains modifications for whatever isn't viable because you're creating a system not designed to necessarily interoperate with the general Internet. General TLS implementations could implement it as well, or not, depending on needs.

I thought the whole point of IoT (as opposed to proprietary protocols) was that it *did* interact with the Internet. But that aside, “the web” as represented by the HTTP/2 document made its own profile. For applications other than “the web”, UTA made their BCP document. For the IoT DICE made their profile. 

So everyone has their own MTI algorithms, some of them contradictory to what we are proposing to recommend. So who takes their MUSTs and SHOULDs from TLS as opposed to their own niche document?

Yoav