Re: [TLS] Protocol Action: 'Transport Layer Security (TLS) Renegotiation Indication Extension' to Proposed Standard

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 12 January 2010 03:40 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA11B3A6897 for <tls@core3.amsl.com>; Mon, 11 Jan 2010 19:40:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.925
X-Spam-Level:
X-Spam-Status: No, score=-5.925 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PI-CLebIl0cU for <tls@core3.amsl.com>; Mon, 11 Jan 2010 19:40:37 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id EB7963A696A for <tls@ietf.org>; Mon, 11 Jan 2010 19:40:36 -0800 (PST)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o0C3eVNi085150 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 11 Jan 2010 20:40:34 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240837c7719ebe83ca@[10.20.30.158]>
In-Reply-To: <4B4BE4AC.7090702@sun.com>
References: <4B4BE4AC.7090702@sun.com>
Date: Mon, 11 Jan 2010 19:40:29 -0800
To: Brad Wetmore <Bradford.Wetmore@Sun.COM>, tls@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [TLS] Protocol Action: 'Transport Layer Security (TLS) Renegotiation Indication Extension' to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2010 03:40:37 -0000

At 6:55 PM -0800 1/11/10, Brad Wetmore wrote:
>Simon Josefsson wrote:
>
>> Still there are no guarantees that technical changes cannot happen
>> even after this point (due to appeals, major flaws discovered during
>> AUTH48, or something else), so a conservative vendor may be better off
>> waiting until the RFC has been published.
>
>Ignoring any appeals/changes/flaws for a second and considering just the
>best case scenario here...
>
>In looking over the RFC-editor's queue, I note we're close to the
>bottom.  The RFC-editor is saying they process things roughly FIFO, and
>I notice many things in the IETF stream standard track are in states
>EDIT/RFC-EDITOR/AUTH48) from Jan/May/Sept/Nov 2009.  Is this going to be
>several more weeks/months before this RFC is finalized, or are we
>getting this expedited?

Nothing is definitive. It is "likely" that there will be no technical changes between now and when the RFC is issued and therefore deployment can begin now. If there is a successful appeal, it could change, but those are rare. If the authors find technical mistakes, they can fix them before RFC publication, and this is becoming more common in the IETF (a situation that many of us find quite unfortunate).

--Paul Hoffman, Director
--VPN Consortium