[TLS]Re: Adoption Call for draft-davidben-tls-key-share-prediction
Eric Rescorla <ekr@rtfm.com> Tue, 21 May 2024 12:54 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34902C14F712 for <tls@ietfa.amsl.com>; Tue, 21 May 2024 05:54:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6QOrS284S_T for <tls@ietfa.amsl.com>; Tue, 21 May 2024 05:54:19 -0700 (PDT)
Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EF52C14F6BE for <tls@ietf.org>; Tue, 21 May 2024 05:54:19 -0700 (PDT)
Received: by mail-yb1-xb2c.google.com with SMTP id 3f1490d57ef6-de6074a464aso3431496276.0 for <tls@ietf.org>; Tue, 21 May 2024 05:54:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1716296058; x=1716900858; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OgCh77vytokTxuhz6hYSftj1SvgsoVHvZZH64OXI3fk=; b=GpyJ853rYS0T82drq5Kd+mBarQniaVNwBednZf3MEUMeB1GSxVlKzSeOVc+IChQ/ZX g+BJRASSV4yZPN8Kyo6CE0BmfuIj6Gm9+gUn+sS5WaSuJoOecBlGuhfmZsUCiTqzQayh +XWaw/tVHmr42t9/30KYKgvfLv3xXHfrwIiK8hdEioWp2dkmBYMvTP3pwW18hQkskGOz b+PZLd2bad28CkcPORlUDTJrv2IFkhdGZjj3HlF9EDSrHrKlDe/fuMGyOz5TO09/AtqP jEpxl0ojfCDd4K5WN+uETTAAf34BsTKZoAa2C8FIkPXY3Ik5Rcpa6AQfyTFpkq3B43Gu zarQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716296058; x=1716900858; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OgCh77vytokTxuhz6hYSftj1SvgsoVHvZZH64OXI3fk=; b=qorBvbDIY39BBC7cj8Ppg+M1s8X/7oPrw9dJt0mSZC1JFhO0GEHdlpvK92QFZZ+QAI U4WfojteL4zYRKbCCl+E42M++8N3UCf0NIII9hITZVcQySBOdIYLqZeJsuDqNt6FxhIL 6wKjax0M9Z7uulfsy7p4sZx9Hlk7v9smmJeSzFPpBM2Bz3lxYKpIv064NfKOOj8xS5G3 0vJwRH8fRgesVzy8JV5wYo8q2eFKYF9YH6VWWSi9E3ErzCXPdZUFT5xM/Tr2yVfeMF1I ip3PbO3XZwrC86HCbMppVe8//+yD9cJRcoUyz0lhWOT+tqPxe5FeBpspH9YFnW2TSLu5 LGwQ==
X-Gm-Message-State: AOJu0YxfDRPYUSvje+Y2sKHIheVToorrG78XHTqmTWXQw0wuK7w6FAd0 mao+fQpB7tsyUAUibN0AYAi1KvF8K7A3HMKDK+m1HqBvM8862CI6jTyQVACTI1TjtvwyTXUBFMk Wipb56yjrr8LWcvdA6KwUpyhLNCzW40PCrQ+8A3nP2YRjt4mY
X-Google-Smtp-Source: AGHT+IHdXUL0K3+BHXSnYB0isKksT2ubeCmi3vNeoY2avdkApKaqZQ6rvs80eALca0vVHr+o8I/55bPwOKHkTu/GVus=
X-Received: by 2002:a25:74c8:0:b0:de5:51d5:dfad with SMTP id 3f1490d57ef6-dee4f1b7f71mr30495930276.6.1716296058176; Tue, 21 May 2024 05:54:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAOgPGoA8-t_x7WLOjZ7kWaoPn9n2m-RM3VGUFaVttBiFrbjZHw@mail.gmail.com>
In-Reply-To: <CAOgPGoA8-t_x7WLOjZ7kWaoPn9n2m-RM3VGUFaVttBiFrbjZHw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 21 May 2024 05:53:42 -0700
Message-ID: <CABcZeBNwEh7PDC9FC6FXj5tk1=_ULRCdaycYWGWBEE-7iVmq+g@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Content-Type: multipart/alternative; boundary="000000000000e0aa220618f65086"
Message-ID-Hash: AW5GY2JRX5DJPDB5WGTFZQ4QHHO6YQCO
X-Message-ID-Hash: AW5GY2JRX5DJPDB5WGTFZQ4QHHO6YQCO
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Adoption Call for draft-davidben-tls-key-share-prediction
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HeSK-HzFWqKY_pIujWBUx6_W4ks>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I agree that it's attractive to be able to hint in the HTTPS RR, but I'm less sure about addressing the basic insecurity of the DNS channel with the approach this draft takes. I don't have a complete thought here, but what if we were to somehow fold the hint into the handshake transcript? I suppose we can sort this out post-adoption, but I'd like the question to be on the table. -Ekr On Fri, May 3, 2024 at 3:05 PM Joseph Salowey <joe@salowey.net> wrote: > This is a working group call for adoption > for draft-davidben-tls-key-share-prediction. This document was presented > at IET 118 and has undergone some revision based on feedback since then. > The current draft is available here: > https://datatracker.ietf.org/doc/draft-davidben-tls-key-share-prediction/. > Please read the document and indicate if and why you support or do not > support adoption as a TLS working group item. If you support adoption > please, state if you will help review and contribute text to the document. > Please respond to this call by May 20, 2024. > > Thanks, > > Joe, Deidre, and Sean > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Adoption Call for draft-davidben-tls-key-sh… Joseph Salowey
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… David Benjamin
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… David Benjamin
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Loganaden Velvindron
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Salz, Rich
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Roelof duToit
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Dennis Jackson
- Re: [TLS] [EXTERNAL] Re: Adoption Call for draft-… Andrei Popov
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Dmitry Belyavsky
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Stephen Farrell
- [TLS]Re: Adoption Call for draft-davidben-tls-key… Bas Westerbaan
- [TLS]HTTPS-RR and TLS David Benjamin
- [TLS]Re: HTTPS-RR and TLS David Benjamin
- [TLS]Re: HTTPS-RR and TLS Stephen Farrell
- [TLS]Re: Adoption Call for draft-davidben-tls-key… A A
- [TLS]Re: Adoption Call for draft-davidben-tls-key… David Benjamin
- [TLS]Re: HTTPS-RR and TLS Ilari Liusvaara
- [TLS]Re: HTTPS-RR and TLS Watson Ladd
- [TLS]Re: HTTPS-RR and TLS Ilari Liusvaara
- [TLS]Re: HTTPS-RR and TLS Stephen Farrell
- Re: [TLS] Adoption Call for draft-davidben-tls-ke… Yaakov Stein
- [TLS]Re: Adoption Call for draft-davidben-tls-key… Eric Rescorla
- [TLS]Re: Adoption Call for draft-davidben-tls-key… David Benjamin
- [TLS]Re: Adoption Call for draft-davidben-tls-key… Eric Rescorla
- [TLS]Re: Adoption Call for draft-davidben-tls-key… Joseph Salowey
- [TLS]Re: Adoption Call for draft-davidben-tls-key… David Benjamin