Re: [TLS] RFC 5878 - why?
Yoav Nir <ynir@checkpoint.com> Tue, 17 September 2013 08:13 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA20C11E83A6 for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 01:13:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.191
X-Spam-Level:
X-Spam-Status: No, score=-10.191 tagged_above=-999 required=5 tests=[AWL=0.409, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u8ygJipJ1jef for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 01:13:04 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 38E1B11E83A4 for <tls@ietf.org>; Tue, 17 Sep 2013 01:12:55 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r8H8CqZS028301; Tue, 17 Sep 2013 11:12:52 +0300
X-CheckPoint: {52380F04-4-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.30]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Tue, 17 Sep 2013 11:12:52 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Marsh Ray <maray@microsoft.com>
Thread-Topic: [TLS] RFC 5878 - why?
Thread-Index: AQHOs1y8abmHM3OiDk6g9BgUFzOgq5nJTD8AgAAFJACAAAVLgIAAC7qA
Date: Tue, 17 Sep 2013 08:12:51 +0000
Message-ID: <101DBCB0-FA04-42C3-B370-1979D5726292@checkpoint.com>
References: <CAGZ8ZG3cNi3FSb879yumEt5etXWCoy1LOcxFAgNzrp9zeriJdA@mail.gmail.com> <0f476a6eb1e64519bb37001b02fddd4c@BLUPR03MB166.namprd03.prod.outlook.com> <CAGZ8ZG3R2-Egermz5Vefu18mD2KAvXOXcG++HJut_rLKapeH4Q@mail.gmail.com> <072c2f95d4fe4031bdc1a114a9b810ce@BLUPR03MB166.namprd03.prod.outlook.com>
In-Reply-To: <072c2f95d4fe4031bdc1a114a9b810ce@BLUPR03MB166.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.201]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F71A78D7A635E04BAEF0FF64247AF59D@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RFC 5878 - why?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 08:13:11 -0000
On Sep 17, 2013, at 10:30 AM, Marsh Ray <maray@microsoft.com> wrote: >> From: Trevor Perrin [mailto:trevp@trevp.net] >> Sent: Tuesday, September 17, 2013 12:12 AM >> Subject: Re: [TLS] RFC 5878 - why? >> >> But those specific types (or any others) could just have been defined as TLS >> Extensions. >> Also, note 5878 only has an 8-bit space for "authZ types", which seems >> *much worse* than just using 16-bit TLS extension numbers in terms of >> number exhaustion or risk of collision. > > The WG must have felt that it was worth establishing a separate IANA registry for this specific purpose rather than piling them into the extension registry. An entire protocol could be defined in terms of exchanging sets of (ID, optional scalar value) pairs, but TLS tends to like structures that are nested a little deeper according to their semantics. s/WG/Authors/ - This was not a product of the TLS working group. It also has some interesting history, and was the cause for some quite heated debate on the IETF list: http://www.ietf.org/mail-archive/web/ietf-announce/current/msg05617.html Yoav
- Re: [TLS] RFC 5878 - why? Darshak Thakore
- [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Marsh Ray
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Yoav Nir
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Martin Rex
- Re: [TLS] RFC 5878 - why? Trevor Perrin
- Re: [TLS] RFC 5878 - why? Peter Gutmann
- Re: [TLS] RFC 5878 - why? Ben Laurie
- Re: [TLS] RFC 5878 - why? Salz, Rich
- Re: [TLS] RFC 5878 - why? Simon Josefsson
- Re: [TLS] RFC 5878 - why? Russ Housley