[TLS] consensus call: draft-ietf-tls-ticketrequests
Sean Turner <sean@sn3rd.com> Wed, 04 March 2020 16:06 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF723A11D6 for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 08:06:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYLLpknqjgxM for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 08:06:54 -0800 (PST)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4A453A11CC for <tls@ietf.org>; Wed, 4 Mar 2020 08:06:53 -0800 (PST)
Received: by mail-qk1-x732.google.com with SMTP id f198so2104101qke.11 for <tls@ietf.org>; Wed, 04 Mar 2020 08:06:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=6I26jjRBe99j/IL0ymjOZtpwqppHE0pbO38ia/SoMrg=; b=X3C1g/EmtFc14VCIhffkuGWzzPN8FkCljpzJrQoWtDWMwLe+igT9bd3MLfdXV9FKWC 9hJDXhIuAX0z1/AXTe0PkVpKmcSUvJKQtJ/xqbERdBOEynKvHfKlzQMSDefxHekisYKJ 1GeTWXGCIbfRZzAG139QiNnBEzHdrI4iT/HUY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=6I26jjRBe99j/IL0ymjOZtpwqppHE0pbO38ia/SoMrg=; b=FVpi70xQJdoclqlE8GCNEvtUOI6+pcfKNkmDU+hWRDpiAFRF8z3XhM9o2tBu7CMbiX bl8p+VjO7rKSQOEXbKxKjMc11NoSQwVIQxzb5H+bC9zYC7iiXQ9WQuE2znQnve/duD1k NsfkleHeCenKnJmhQSD/I/EBvHAbiBCzFKJn1VAPerfmX9lpSRowwZGYoUZknRQzZoiR bRtisWIrsfW48LuXRFuKejfai3nzEUqXz1Hy8IWJQslZgYXsE3w6qVSEC2Zw7X7xAYTK IX5L1Bi5ZHwhDc6y94Sqb0RP4G2kIlGmsMLMCQQC0EjtowGE5QqfZU26EKG3G/O90on1 swdA==
X-Gm-Message-State: ANhLgQ3ayXJlN+ctw/92D2d00X0HDoC0DZuE2V7gOg78vT9AL8oNa+5L ariJCBKARGEcmoakEJORoOEzBcD3tNo=
X-Google-Smtp-Source: ADFU+vtJTgcxt3JZDPZVV5W52L4526T9VFQ28AaqoeyubhnPowkDhONFdDwVcX49HfwZO8JrUhRT4g==
X-Received: by 2002:a37:6cc7:: with SMTP id h190mr3722595qkc.358.1583338012710; Wed, 04 Mar 2020 08:06:52 -0800 (PST)
Received: from sn3rd.lan ([75.102.131.34]) by smtp.gmail.com with ESMTPSA id p2sm13388120qkm.64.2020.03.04.08.06.50 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Mar 2020 08:06:51 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 04 Mar 2020 11:06:50 -0500
References: <4E07012F-AB53-4727-A309-D8A15222A433@sn3rd.com>
To: TLS List <tls@ietf.org>
In-Reply-To: <4E07012F-AB53-4727-A309-D8A15222A433@sn3rd.com>
Message-Id: <0E7E2E43-CC46-488E-981E-BF8417821D85@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JBUVa91JVzFzQ-YCUqSlq3PAAfI>
Subject: [TLS] consensus call: draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 16:06:56 -0000
one more time ... All, The purpose of this message is to help the chairs judge consensus on the way forward for draft-ietf-tls-ticketrequests. The issue at hand is whether the client-initiated ticket request mechanism [0] should be modified to add support for ticket reuse, see [1] lines 160-214. As we see it, the way forward involves either one draft or two. To that end, we would like your input (YES or NO) on the following question by 2359 UTC 18 March 2020: Must the ticket reuse use case be addresses in draft-ietf-tls-ticketrequests? Full disclosure: RFC 8446 recommends against ticket reuse to help protect clients from passive observers correlating connections [2]. The PR supports ticket reuse for use cases for a server-to-server connection that has fixed source addresses and no connection racing; if adopted the WG will need to ensure that the security considerations are properly documented. Note: There have been at least three threads on this draft [3][4][5]. Please, let’s try to avoid re-litigating the points made therein. Joe & Sean [0] https://datatracker.ietf.org/doc/draft-ietf-tls-ticketrequests/ [1] https://github.com/tlswg/draft-ietf-tls-ticketrequest/pull/18 [2] https://tools.ietf.org/html/rfc8446#appendix-C.4 [3] https://mailarchive.ietf.org/arch/msg/tls/2cpoaJRushs09EFeTjPr-Ka3FeI/ [4] https://mailarchive.ietf.org/arch/msg/tls/-7J3gMmpHNw9t3URzxvM-3OaTR8/ [5] https://mailarchive.ietf.org/arch/msg/tls/FjhqbYYTwzgiV9weeCuxn0tHxPs/
- [TLS] consensus call: draft-ietf-tls-request Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-request Sean Turner
- [TLS] consensus call: draft-ietf-tls-ticketreques… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Salz, Rich
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Daniel Migault
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Watson Ladd
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Christopher Wood
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… David Schinazi
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Carrick Bartle
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Carrick Bartle
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Victor Vasiliev
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… David Benjamin
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Russ Housley
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Martin Thomson
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Christopher Wood
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Martin Thomson
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Watson Ladd
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Watson Ladd
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Nico Williams
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Rob Sayre
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Stephen Farrell
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Jeremy Harris
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Eric Rescorla
- Re: [TLS] consensus call: (not precluding ticket … Eric Rescorla
- Re: [TLS] [EXTERNAL] Re: consensus call: draft-ie… Andrei Popov
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Salz, Rich
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Kyle Nekritz
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Nick Harper
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Benjamin Kaduk
- Re: [TLS] consensus call: (not precluding ticket … Benjamin Kaduk
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Benjamin Kaduk
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Martin Thomson
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: (not precluding ticket … Benjamin Kaduk
- Re: [TLS] consensus call: (not precluding ticket … Viktor Dukhovni
- Re: [TLS] consensus call: draft-ietf-tls-ticketre… Sean Turner