Re: [TLS] RFC 5878 - why?
Marsh Ray <maray@microsoft.com> Tue, 17 September 2013 07:31 UTC
Return-Path: <maray@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id D766611E8391 for <tls@ietfa.amsl.com>;
Tue, 17 Sep 2013 00:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8lyYukors6V for
<tls@ietfa.amsl.com>; Tue, 17 Sep 2013 00:31:00 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com
(mail-by2lp0243.outbound.protection.outlook.com [207.46.163.243]) by
ietfa.amsl.com (Postfix) with ESMTP id AD75F11E8390 for <tls@ietf.org>;
Tue, 17 Sep 2013 00:31:00 -0700 (PDT)
Received: from BLUPR03MB166.namprd03.prod.outlook.com (10.255.212.142) by
BLUPR03MB165.namprd03.prod.outlook.com (10.255.212.139) with Microsoft SMTP
Server (TLS) id 15.0.775.9; Tue, 17 Sep 2013 07:30:58 +0000
Received: from BLUPR03MB166.namprd03.prod.outlook.com ([169.254.4.249]) by
BLUPR03MB166.namprd03.prod.outlook.com ([169.254.4.249]) with mapi id
15.00.0775.005; Tue, 17 Sep 2013 07:30:58 +0000
From: Marsh Ray <maray@microsoft.com>
To: Trevor Perrin <trevp@trevp.net>
Thread-Topic: [TLS] RFC 5878 - why?
Thread-Index: AQHOs1y6IKGSQTOxB0uEDKlWZcM0bZnJfDCwgAAHfQCAAAKG8A==
Date: Tue, 17 Sep 2013 07:30:57 +0000
Message-ID: <072c2f95d4fe4031bdc1a114a9b810ce@BLUPR03MB166.namprd03.prod.outlook.com>
References: <CAGZ8ZG3cNi3FSb879yumEt5etXWCoy1LOcxFAgNzrp9zeriJdA@mail.gmail.com>
<0f476a6eb1e64519bb37001b02fddd4c@BLUPR03MB166.namprd03.prod.outlook.com>
<CAGZ8ZG3R2-Egermz5Vefu18mD2KAvXOXcG++HJut_rLKapeH4Q@mail.gmail.com>
In-Reply-To: <CAGZ8ZG3R2-Egermz5Vefu18mD2KAvXOXcG++HJut_rLKapeH4Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::2]
x-forefront-prvs: 0972DEC1D9
x-forefront-antispam-report: SFV:NSPM;
SFS:(199002)(189002)(377454003)(51704005)(81542001)(53806001)(46102001)(51856001)(33646001)(83072001)(56776001)(65816001)(74706001)(54356001)(80022001)(81686001)(81816001)(83322001)(19580405001)(19580395003)(80976001)(47976001)(47736001)(50986001)(49866001)(4396001)(54316002)(76482001)(63696002)(74876001)(59766001)(79102001)(77982001)(31966008)(74662001)(74502001)(47446002)(81342001)(76786001)(74316001)(76796001)(76576001)(77096001)(69226001)(74366001)(56816003)(3826001)(24736002);
DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB165;
H:BLUPR03MB166.namprd03.prod.outlook.com; CLIP:2001:4898:80e0:ee43::2; FPR:;
RD:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RFC 5878 - why?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 07:31:06 -0000
> From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Tuesday, September 17, 2013 12:12 AM > Subject: Re: [TLS] RFC 5878 - why? > > But those specific types (or any others) could just have been defined as TLS > Extensions. > Also, note 5878 only has an 8-bit space for "authZ types", which seems > *much worse* than just using 16-bit TLS extension numbers in terms of > number exhaustion or risk of collision. The WG must have felt that it was worth establishing a separate IANA registry for this specific purpose rather than piling them into the extension registry. An entire protocol could be defined in terms of exchanging sets of (ID, optional scalar value) pairs, but TLS tends to like structures that are nested a little deeper according to their semantics. I agree, a single octet seems stingy. But if it runs out the code space can be extended with only minor ugly. > (Does anyone actually use SAML in TLS?? or X.509 Authorization certs?). Well, it'd be a lot harder without an interoperable spec for it! :-) - Marsh
- [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Darshak Thakore
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Ben Laurie
- Re: [TLS] RFC 5878 - why? Salz, Rich
- Re: [TLS] RFC 5878 - why? Simon Josefsson
- Re: [TLS] RFC 5878 - why? Russ Housley