Re: [TLS] New draft: draft-rescorla-tls13-new-flows-01
Eric Rescorla <ekr@rtfm.com> Fri, 21 February 2014 15:17 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2697F1A03CF for <tls@ietfa.amsl.com>; Fri, 21 Feb 2014 07:17:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Khy3zt0_CuMh for <tls@ietfa.amsl.com>; Fri, 21 Feb 2014 07:17:44 -0800 (PST)
Received: from mail-yh0-f42.google.com (mail-yh0-f42.google.com [209.85.213.42]) by ietfa.amsl.com (Postfix) with ESMTP id CFCFB1A01AB for <tls@ietf.org>; Fri, 21 Feb 2014 07:17:43 -0800 (PST)
Received: by mail-yh0-f42.google.com with SMTP id a41so2487977yho.1 for <tls@ietf.org>; Fri, 21 Feb 2014 07:17:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=OWlHDDmxjD16SvwL1OVH+5OehcGMnmYN9gVsJeL/2Ws=; b=A1oyMJ92zheqOQQ6lmz+lFiWqadcgOFuaN+wDiaJUnhXM5wT60OVddPS0Cw0hxkGZC y3nncNtr6o/eVL9gedBafz3JjkxwAjJfYCJYXbt5JNUb4t2ntVDiHN3aU2Vep63G7HYP /VZDAzaVgMIDz9VpxpISs/SAx64P4PXo491AFuq85xo2jzvAzbMg8ajUuNEOHLE/TsjB 5RGbrddc81gDoqmiZO03FluqChtxSMEYfCd16/CsyYy8U0I+2ameWxu+iX/vC/dX0g0O /CczdoU8N8MhPCV+6GLFgPtmLTk52+YBlWqk7UcZyPN0PN1L+gScfUYa7NAbwrt9avoE MdmA==
X-Gm-Message-State: ALoCoQkiiMJNhdIWCT0+sfWcnBWagyFAcY2SMCQ/xAbznFsqCIBm2bNiZtDCiQwcnJsg8ug6BHcg
X-Received: by 10.236.135.172 with SMTP id u32mr11590559yhi.107.1392995859745; Fri, 21 Feb 2014 07:17:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.170.173.205 with HTTP; Fri, 21 Feb 2014 07:16:58 -0800 (PST)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <1392993987.4494.46.camel@dhcp-2-127.brq.redhat.com>
References: <CABcZeBNUjg_Y3MKtRrAMmYAeYFLM1QyHvr1DCbOfA6MB2tJOYQ@mail.gmail.com> <1392993987.4494.46.camel@dhcp-2-127.brq.redhat.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 21 Feb 2014 07:16:58 -0800
Message-ID: <CABcZeBM8rjAPG79USBPZcbqeTB+3Bw5VPbhhrvQKKivKr_TmfA@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: multipart/alternative; boundary="20cf301af77364fdb404f2ec1f31"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/H9qWXnvaCw-Znuxpp9_2_Vy3_Cs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] New draft: draft-rescorla-tls13-new-flows-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 15:17:46 -0000
On Fri, Feb 21, 2014 at 6:46 AM, Nikos Mavrogiannopoulos <nmav@redhat.com>wrote: > On Wed, 2014-02-19 at 12:40 -0800, Eric Rescorla wrote: > > Folks, > > I have prepared a new version of the TLS 1.3 flows document which > > should appear in the repository shortly and in the meantime can be > > found at: > > Hello, > I haven't read it yet to comment, but may I suggest something > procedural? I think it would be better to first agree on the list of > issues that TLS 1.3 will fix, and the list of features it will bring, > and the security requirements for this protocol; as the charter is very > high level for that. > > I believe you have already done that as part of your presentation in > IETF 88, and there was some discussions on the list some time ago, but I > don't know what was considered or discarded. It would be nice to have a > draft that sets the desired requirements for TLS 1.3. (I'd volunteer > maintain one if that is the issue) > > Then it will be much more easy to check whether a proposed solution > satisfies the requirements, and input from other unrelated groups such > as CFRG would be more easy to get. > I'm certainly sympathetic to this, but I don't think it's really practical to do detailed requirements first. That's always a hard approach in IETF, but it's especially hard here because there are a lot of tradeoffs to be made in terms of feature set and once you get beyond the trivial mandatory elements it's hard to make them without understanding the implications of opting to include or not include any given features without understanding the effect they have on the protocol in some detail. So, instead we've been doing this as a cyclical design process, with the charter as the very high level goals and then trying to work downward. After Vancouver, I had a lot of feedback to the effect that we needed to work out the mechanisms more so that people could make an informed decision, so that's what I've tried to do here. What I'm hoping we can do in London is to use these more worked out mechanisms to reach informed decisions on a number of the big requirements questions (static RSA, encrypted SNI, resumption, etc.) and then we can work on a refined design that matches those requirements. -Ekr regards, > Nikos > > PS. As I believe that security protocol design is part of cryptography, > I'm still of the opinion that we should more actively seek for external > expertise (e.g., by a competition or other appropriate methods). >
- [TLS] New draft: draft-rescorla-tls13-new-flows-01 Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Kurt Roeckx
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Martin Thomson
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Kurt Roeckx
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Nikos Mavrogiannopoulos
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Tom Ritter
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Tom Ritter
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Hovav Shacham
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Stephen Checkoway
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Stephen Checkoway