Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13
Colm MacCárthaigh <colm@allcosts.net> Sun, 14 January 2018 20:15 UTC
Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC1A12D853 for <tls@ietfa.amsl.com>; Sun, 14 Jan 2018 12:15:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jeS7dSMRfQB for <tls@ietfa.amsl.com>; Sun, 14 Jan 2018 12:15:22 -0800 (PST)
Received: from mail-yb0-x22b.google.com (mail-yb0-x22b.google.com [IPv6:2607:f8b0:4002:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A69E12D82C for <tls@ietf.org>; Sun, 14 Jan 2018 12:15:22 -0800 (PST)
Received: by mail-yb0-x22b.google.com with SMTP id k189so4940143ybc.12 for <tls@ietf.org>; Sun, 14 Jan 2018 12:15:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IUpWFJEt2LL5ZtXmdRAzCDFvv8XFiCJBSbcxEFe+wCY=; b=rpiBV2vzywCmMq0WoKTPXeIK77ru6UmLy109WGEOZB/i3z3ZZIpCQAU1gCs5YTy6ob pWMq6Bxr+K3cA/+OuPUw1N172u8UUkgvOBXSN9QZhx6YvCnQ15L8+YnDdrHISqtiAkeK VoOClJZmwDw4fMwzS7WZafyC/vGaWKQp60kqIT3b4j5SfCMk9FFNvnkzP+wOsyYDANPM MktjYhG8Bsha1fmqhMzkBk77kM/43xHoruJVIltgIYOKDoRqzv/czpbilHP3pMBFWFgw qAueA8jz6ScsmcUxMeYVEy3I4349R4xDVQre74OB1bDvMbkPy5HMx4eZgMTn4GNLBZQx ll8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IUpWFJEt2LL5ZtXmdRAzCDFvv8XFiCJBSbcxEFe+wCY=; b=XFB17rlq/Ezz7Y7jKTkpChVbY3Tv0yIw0BQBqFzEbgOVlLbsFyNnGJ1J5zWSD/cjRt E3hMJPdgiZ/pkMsbU506ISxZOTyL1eBIZhGM269AhQylGxq0iISq1hxTk19OHuX8Zldo CxsKFnNLJaaZ80K+0cFlU38TRolGdj8/PZXiZ6khH1pdaAlY9MN3uq1qvmNHVXXUpd3t bxIGYLdb6EUceJ3+d+pJFuR1c3LETotb9FDROYhI7AsHMSddJEa8qsQsSD3VzLnhAey7 7Z1v15i1ot6VJ8kL2HqRqD7fu09Ozigw5Mq7IGFd90/gJ6x9aDn0wWjjLLlEj9qy2G3E 83+g==
X-Gm-Message-State: AKGB3mKmDgtjK0AIF1tNKgUY1RAaKNycBtkUhCpKIiwiI2ktYydUNR+n oYff3R2hNDi7V/kzEM3fsfnoloA69mYHJbYYxok+4A==
X-Google-Smtp-Source: ACJfBosZz07e2NLcufoXUR+DoXaxj0C7XrD4V1CwqYxdqO69Fv/N+HwDE04LcygrwYhmAYeSzYplmYRV5d7BIPwe0Ao=
X-Received: by 10.37.201.71 with SMTP id z68mr29948975ybf.140.1515960921309; Sun, 14 Jan 2018 12:15:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.42.6 with HTTP; Sun, 14 Jan 2018 12:15:20 -0800 (PST)
In-Reply-To: <DE3D47D0-140B-45FF-8B25-BD3675886613@sn3rd.com>
References: <DE3D47D0-140B-45FF-8B25-BD3675886613@sn3rd.com>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Sun, 14 Jan 2018 21:15:20 +0100
Message-ID: <CAAF6GDePwzJBHcuELUHwccfi3r7VyakQcnjeoBYoR-WgYX=8qA@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d74f83559bc0562c22837"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KrdAk1Gd3JJHKvB00Ij90zpXHXk>
Subject: Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jan 2018 20:15:24 -0000
Back during the previous last call, I felt really guilty about bringing up the 0-RTT stuff so late. Even though it turned out that middle boxes turned out to be a bigger problem to deal with anyway, I just want to say that I'm really grateful for the 0-RTT related changes in the document and for the time and effort that went into all that. I think those changes are sufficient to make a TLS1.3 implementation that handles 0-RTT in a forward-secret, secure and safe way. The changes represent a good compromise between having a secure state and supporting vendors who want to be a bit more loose because their application environment can tolerate it and forward secrecy is not as valuable to their users. Thanks especially to ekr for inventing the fixes, for stewarding the clarifications, and for being awesome about it. At the same time, I just want to add a small note of caution to vendors; if you're going to accept 0-RTT, trying to cut corners by tolerating replays - even a little, is really likely to bite you! I've found even more examples of application protocols and web protocols that implement transactions. Also, if the secrecy of trillions and trillions of users web requests are going to rest on how well session ticket encryption keys are managed, protected, rotated and revoked, we really owe it to users to come up with some collective guidance for vendors on how to do that well. On Fri, Jan 12, 2018 at 9:10 PM, Sean Turner <sean@sn3rd.com> wrote: > All, > > This is the 3rd working group last call (WGLC) announcement for > draft-ietf-tls-tls13; it will run through January 26th. This time the WGLC > is for version -23 (https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/). > This WGLC is a targeted WGLC because it only address changes introduced > since the 2nd WGLC on version -21, i.e., changes introduced in versions -22 > and -23. Note that the editor has kindly included a change log in s1.2 and > the datatracker can also produce diffs (https://www.ietf.org/rfcdiff? > url1=draft-ietf-tls-tls13-21&url2=draft-ietf-tls-tls13-23). In general, > we are considering all other material to have WG consensus, so only > critical issues should be raised about that material at this time. > > Cheers, > > spt > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Colm
- [TLS] 3rd WGLC: draft-ietf-tls-tls13 Sean Turner
- Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13 Tony Arcieri
- Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13 Colm MacCárthaigh
- Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13 Eric Rescorla
- Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13 Colm MacCárthaigh
- Re: [TLS] 3rd WGLC: draft-ietf-tls-tls13 Tim Jackson