Re: [TLS] Secdir last call review of draft-ietf-tls-exported-authenticator-09
Nick Sullivan <nick@cloudflare.com> Thu, 21 November 2019 07:20 UTC
Return-Path: <nick@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BAAC120048 for <tls@ietfa.amsl.com>; Wed, 20 Nov 2019 23:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8coAqQEC63gt for <tls@ietfa.amsl.com>; Wed, 20 Nov 2019 23:20:06 -0800 (PST)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B5471202A0 for <tls@ietf.org>; Wed, 20 Nov 2019 23:20:05 -0800 (PST)
Received: by mail-vs1-xe34.google.com with SMTP id x21so1587682vsp.6 for <tls@ietf.org>; Wed, 20 Nov 2019 23:20:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mExfAvRqmeylZLqd1K6FFmMT0/zp7uI3q0rWx7kTj28=; b=OWGEY1me1hdlw5lfzOMoi/ruKx7HPO0VrisMyk9mpw1GIek3kiKro98pTDhcf9oo+S qDVhHUbVh4K8X/YS0aBXEG/ljddSlCZYcHpJ3AFhiyCbGqfN/A2B3KuvHlMWm/2M/L78 /232VMUPJsXgLeBn6wjPHYPBjEA86UFZKHbOA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mExfAvRqmeylZLqd1K6FFmMT0/zp7uI3q0rWx7kTj28=; b=XVqahcukAPoxGbrS0TGP59eh6yGsC2P3CFNknN7TMIkv+YifdXw9+VBUY7tvHC5dGC /BxFnYEfSK6Cvm7Zko2Q++cEvQpTC2eB28rAjl2HgHo1GffRa/hK9CmGBN1wAoe6hWA1 pcjrqbgWBNsiz/7l5hSmcB7vnUaw27V42tizg9nAhS8OpJswzVcOAn6KS/FCwGN9sJwp heYloLFWx4TF4PKibIEoAT+8uZKxc7ajQdYCRj/S6w3o8Zhp0wr3UqLmZdtQ5olN8cQl 1w1WleTGxOrHkskaOrQvePPk6XLFFSwLnaQ7IbyW1cZDRWQJ8oz5mTn8KkdBFALwcxvt bLNw==
X-Gm-Message-State: APjAAAU0scPDi/eEVCD/loC9kbGyG2Dp/fEZEHRDoWMfTlaJxdS6HQzo X4Q+4uacm6wvAv57lp9PGE3sof3WtLcBTooxzknRMw==
X-Google-Smtp-Source: APXvYqwvuLBjNp62r+Ae1g1faagliHxv8WENkFzJEiHjvAaZ7rnNPdP5p9CyXdUZo28plKPWF3jwzUgNbeA7gdY3P8A=
X-Received: by 2002:a67:5d02:: with SMTP id r2mr4842822vsb.212.1574320804348; Wed, 20 Nov 2019 23:20:04 -0800 (PST)
MIME-Version: 1.0
References: <156330717256.15259.2193942101748847069@ietfa.amsl.com> <CAFDDyk_xvfDFK1_G3aqr9b5J6a-62=tjpdraXHGDpeiHdk10tA@mail.gmail.com> <CAFDDyk8sOw-G72KoJ76dS_etmO3zsJ58HuAkhAysFQPG2U-R0Q@mail.gmail.com> <D8E32D23-AE51-48BD-9B01-64F73DED0BFD@gmail.com> <CAFDDyk-s0jMnZy_mEAct15kwQG5cEZpyonDJxf+d9gQ6YBisGA@mail.gmail.com> <20191118225035.GS20609@akamai.com> <CAFDDyk86++0rn0KcrWixVGVc4wQ9G5vv+17Hx7ftvZuoAVs_9Q@mail.gmail.com> <430940ff-60f0-4ddd-9d71-9fe8b8ca9cae@www.fastmail.com> <ff1bff1b-049d-4e78-9533-4085c741fac8@www.fastmail.com> <20191121024019.GW20609@akamai.com> <892200AE-3D0A-4AF1-AD40-E3C46BE57F88@akamai.com>
In-Reply-To: <892200AE-3D0A-4AF1-AD40-E3C46BE57F88@akamai.com>
From: Nick Sullivan <nick@cloudflare.com>
Date: Thu, 21 Nov 2019 15:19:47 +0800
Message-ID: <CAFDDyk8BSb9kYdL1uf+3N=s_LmHuQRYcZoPv6mCQ6T=0Cs-M7w@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004e89d40597d62056"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FxR2etQJSCRuptoKn8G26gHUiXs>
Subject: Re: [TLS] Secdir last call review of draft-ietf-tls-exported-authenticator-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 07:20:08 -0000
On Thu, Nov 21, 2019 at 10:43 AM Salz, Rich <rsalz@akamai.com> wrote: > Likewise, I am okay with the "could be amended" text but in fact I > slightly prefer a new message type, for safety reasons. > How should we determine whether future extensions are permissible in the context of this new message? For example, draft-sullivan-tls-opaque-00 <https://tools.ietf.org/html/draft-sullivan-tls-opaque-00> defines a new extension that is valid in CH and ClientCertificateRequest, but is not valid in CR. Does it make sense to require future extensions that can be used in ClientCertificateRequest to include a new tag, "CCR", in the IANA TLS ExtensionType Value table <https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1> ? In any case, we can address that when/if we get to it. Here's the new proposed text: https://github.com/tlswg/tls-exported-authenticator/pull/55/files
- [TLS] Secdir last call review of draft-ietf-tls-e… Yaron Sheffer via Datatracker
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Secdir last call review of draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Yaron Sheffer
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Martin Thomson
- Re: [TLS] Secdir last call review of draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Martin Thomson
- Re: [TLS] Secdir last call review of draft-ietf-t… Martin Thomson
- Re: [TLS] Secdir last call review of draft-ietf-t… Benjamin Kaduk
- Re: [TLS] Secdir last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Secdir last call review of draft-ietf-t… Nick Sullivan
- Re: [TLS] Secdir last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Secdir last call review of draft-ietf-t… Christopher Wood