Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Benjamin Kaduk <bkaduk@akamai.com> Thu, 21 November 2019 06:54 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F37A120143 for <tls@ietfa.amsl.com>; Wed, 20 Nov 2019 22:54:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pB0FGrZCfVB4 for <tls@ietfa.amsl.com>; Wed, 20 Nov 2019 22:54:20 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B2DA1200B5 for <tls@ietf.org>; Wed, 20 Nov 2019 22:54:20 -0800 (PST)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xAL6rVjn014728; Thu, 21 Nov 2019 06:54:19 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=xi4cBzo57WTiMFA4IF2LiwFMEs/mk4e1mutRNyHfI20=; b=f9NKu9KNAGu41uX8Ao+EwqU1aZn+Xn/C1aTKbE+Ylxq9OhbpSUKzx8dpacY2qCzQ2wWS kOJh6O71+ps9Sf+6oJW8T4uv5wIS+j9xh1CfGlLEdHblUaTwhBtY/w3dsJ2PI7yg4SW0 UTkjfLU62NtSCjIAGLYg7Ku9mMkMrFciMeB5HT57dYB4H7tNLssHv/DO67qW9Sm5IIGH Im+svUrxXzfqUuK+5nTGycn+Obgcz/IHSCueqkvTd6KSVKK12EsCzdYnHM6+Wi0eisOv tqxRRKCLggBwETjktOi4CfTCHZStKtifTQpy6L5TM6c79wND45ETXoYBt7EDBWgFfOJV 9Q==
Received: from prod-mail-ppoint3 (prod-mail-ppoint3.akamai.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2wafq0e4qh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Nov 2019 06:54:19 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id xAL6lKGB004882; Thu, 21 Nov 2019 01:54:17 -0500
Received: from prod-mail-relay15.akamai.com ([172.27.17.40]) by prod-mail-ppoint3.akamai.com with ESMTP id 2wadb2j6wp-1; Thu, 21 Nov 2019 01:54:17 -0500
Received: from bos-lpczi.kendall.corp.akamai.com (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay15.akamai.com (Postfix) with ESMTP id 2D38320073; Thu, 21 Nov 2019 06:54:17 +0000 (GMT)
Received: from bkaduk by bos-lpczi.kendall.corp.akamai.com with local (Exim 4.86_2) (envelope-from <bkaduk@akamai.com>) id 1iXgM3-0005UC-RY; Wed, 20 Nov 2019 22:54:15 -0800
Date: Wed, 20 Nov 2019 22:54:15 -0800
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, "TLS@ietf.org" <tls@ietf.org>
Message-ID: <20191121065415.GX20609@akamai.com>
References: <14690874-E301-4BC0-B385-00DEBCBA94C2@apple.com> <20191120034812.GQ34850@straasha.imrryr.org> <5FBFE820-8C53-4B32-9520-343279C1A6CC@apple.com> <20191120064819.GR34850@straasha.imrryr.org> <CAPDSy+6DFJ+OYRtYK6eEiUt1noiik4KxqrGFx0ro_RL2Mft_VA@mail.gmail.com> <67c2ed4f-ce87-4d63-87bf-c38a36c8fb70@www.fastmail.com> <CAPDSy+4NQeVpmawRAOnC=whQ6S25Lc7GZMT2syTStqEt8a7XRQ@mail.gmail.com> <CAChr6SxooRW-8hdp-JtjLVNy1jq3SDK+PK0Y=4qYyVVa_nOOTw@mail.gmail.com> <CAPDSy+5Bes=kCi7WjbETJgBVu_TpM0n==9J7TVg0ha_4udhVvw@mail.gmail.com> <CAChr6Sx=y24kBcWCNVhPvhpEbLNtwTL0T4S-cBpY=MGL1SCYfg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAChr6Sx=y24kBcWCNVhPvhpEbLNtwTL0T4S-cBpY=MGL1SCYfg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-11-20_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=749 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-1911210058
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-11-20_08:2019-11-20,2019-11-20 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 phishscore=0 malwarescore=0 spamscore=0 adultscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 clxscore=1011 mlxlogscore=762 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911210058
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EMfqPgt00i1cB76P9X-_t704QPY>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 06:54:22 -0000

On Wed, Nov 20, 2019 at 10:35:09PM -0800, Rob Sayre wrote:
> On Wed, Nov 20, 2019 at 10:25 PM David Schinazi <dschinazi.ietf@gmail.com>
> wrote:
> 
> > The SHOULD from (2) is indeed not required for interoperability, but
> > important
> > to ensure servers put this protection in place.
> >
> 
> In that case, this issue belongs in the Security Considerations section. I
> understand that the concern is valid, but a "SHOULD" in this part of the
> document is not the right way to communicate it.

Is it more of a security consideration or an operational one?

-Ben