Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 18 May 2018 00:20 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9521252BA for <tls@ietfa.amsl.com>; Thu, 17 May 2018 17:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.599, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbb2vkk41iUI for <tls@ietfa.amsl.com>; Thu, 17 May 2018 17:20:30 -0700 (PDT)
Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59F97124C27 for <tls@ietf.org>; Thu, 17 May 2018 17:20:30 -0700 (PDT)
Received: from [216.82.241.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-11.bemta-8.messagelabs.com id FB/90-30468-D4C1EFA5; Fri, 18 May 2018 00:20:29 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTfUgTYRzH99zd5mVOrqn5a1rhWWSWokI06YW gN6Go/opYRd70csO92G7GoqAxQkotS2Yvoi1RS6ZSlFlZMZuptaSlq+hNypaRFpSGWQrW3W69 /fPweX7f7+/lee45ElccD1OSrNXCmo2MnpaFE77UWlPKxvgpdZr9cKSqt7pKpvrUdBdTfX7Rh 6lGfcVoFZFlf3Q+LKuu7geW1Vd7VZo1fhbbQqilOqPGZM2Wak9fayQKxnKt/pJYG/LvKkbhJE GV4vCt3i0VNgqqDIOfRW2oGE3jN68RVN/bL7CMSoOnt7sxgaOpBCjveUsUI5LEqRw4cTVJCEd R66DMfYgQLevhbumpMJE3QVvVM6nABDUfWoueBD1yagdUtz4mxL5uDI401gaFadQKcF55HmRE zYRxb1OwL07Fwot3ziADFQ0DvQ9kIsfAUGBKKvr5ol89oTgNPS9thMizoc9ZgoRmQLVg4HVW4 6KQAl8qKnBRaEfw0HUnlJEMvb2lIVM+OL6PSkXeDt2njoU6zAHX0QFCTL6NQ2vHrVBCPLSX2U NV62Tg6xqViXeaCw6XMJ8gBBD0Oz3oOFpU+c/5KnkNp5wIbrodeGXwpmbA/TPvCNGkBtuN/jC Rk6GieTgUXwTnaz7yfuGjLIQuP/1/WOBlcHrijkzkBHCUDITKLIGPnSPoHJruQkkca97LmlPS M1M1Zl2e1mJgdPqU9DRVqoHlOCaP1TMaLjXHZLiM+Bd5UCJB19HJm+s9aBaJ0THyY1OTakWkx pS7T8tw2l3mQj3LeVA8SdIgN8VNqRUzzGwea92t0/PP+rcMZAQdLV8gyHKugDFwujxR8qJM8l VLeSlOej47+PWhsCoIo8nIKmPlB4QESkjQFhr/lPv9o/Sh2cooOZJIJIqIAtZs0Fn+14dRLIn oKPluoUqEzmj503WYHwjjB0Ltk8JAFuavpLShosXewsH8nf3dr2tGMiKz3V5NTEdVnT+AxW9z rduzocGDg8K+pvxa4oXBzaY3ga7Vk371F0l054kIX9HahtEjgXkTVOJwW+W8D1tpe1xGe2dPv i1bOnemciJh6ELzjZXLP9FL7Un3L733LXzwdOxiVfdja2PcznqXPY6pn26raaEJTsukJ+Nmjv kFljSPNSMEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-8.tower-220.messagelabs.com!1526602827!196526756!1
X-Originating-IP: [207.46.163.111]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 7479 invoked from network); 18 May 2018 00:20:28 -0000
Received: from mail-sn1nam01lp0111.outbound.protection.outlook.com (HELO NAM01-SN1-obe.outbound.protection.outlook.com) (207.46.163.111) by server-8.tower-220.messagelabs.com with AES256-SHA256 encrypted SMTP; 18 May 2018 00:20:28 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dQ0K0J6Em/vhpruKzUlFDHQUKZ668b19sArHQj1XVj0=; b=hNZq4rdwbBDIhEvUab1/qIfIEm1L/n+OjxalSn1aVN/PoOgL1HXDzhEBkfpLKZZUV2Os9pzo3+Xajoxb0VLyaa5WNtSxZmRcsAIjdo2Sl0SWV6MWQLvVtfo87qf055RPnBgD8tGKa990BpydUJR39ObN4S+1uNFaDaIaq9NVYAo=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1315.namprd14.prod.outlook.com (10.173.163.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.776.11; Fri, 18 May 2018 00:20:26 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e%3]) with mapi id 15.20.0776.010; Fri, 18 May 2018 00:20:26 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Paul Wouters <paul@nohats.ca>
CC: James Cloos <cloos@jhcloos.com>, Ted Lemon <mellon@fugue.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] TLS DNSSEC chain consensus text, please speak up...
Thread-Index: AQHT7QmbIQKQEvxNFUCQ6qh7cVr1J6Qyc2kAgAB6y8uAAamNkIAACXCAgAAAiyA=
Date: Fri, 18 May 2018 00:20:26 +0000
Message-ID: <BN6PR14MB110695743BBD593CE5DA75C083900@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <CADyc_gYyyOiBPTMvfm4EkmN3z+8QjzC6WGjzXeEmnXGgKiP_qA@mail.gmail.com> <CAPt1N1kv2S+0ZfdXR4DKJphC4O7xruNdB-rGEBO=N8PzwnSucQ@mail.gmail.com> <m3tvr7450c.fsf@carbon.jhcloos.org> <BN6PR14MB11065C19155D61983D1954C283910@BN6PR14MB1106.namprd14.prod.outlook.com> <AA4DAC01-24D2-4D42-8C70-43ED07771FD3@nohats.ca>
In-Reply-To: <AA4DAC01-24D2-4D42-8C70-43ED07771FD3@nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [173.71.184.143]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1315; 7:e+aioo8CuJrsKWV7djqTrCEjdbFFzTXoB22jWo7CvHYk2EkfxPgFIxB/gUgd3ptDbuXPw9I+MrueMI/gxVI3ruslRcxSi2uP62i41EaWEjQT/dQsn7TueTP0eVQ/A8exSYZydJsaO4oN3ySlPYIzp1a3JAMXjVoj2mpPppncUP/mFNYRf8FMdKGG8l5UaglReUc7kkdz/iW/5+VEWRngh7TxhgiX1jSJDqRY1bknJ/7eAbVoB3aj20FoOFwvFEKU
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1315;
x-ms-traffictypediagnostic: BN6PR14MB1315:
x-microsoft-antispam-prvs: <BN6PR14MB131520F60AA3BDE93579717B83900@BN6PR14MB1315.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(100405760836317)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231254)(944501410)(52105095)(93006095)(93001095)(3002001)(149027)(150027)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:BN6PR14MB1315; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1315;
x-forefront-prvs: 0676F530A9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(39380400002)(376002)(346002)(366004)(199004)(189003)(44832011)(81166006)(229853002)(186003)(74316002)(76176011)(26005)(5250100002)(8936002)(486006)(53546011)(11346002)(6506007)(99286004)(606006)(8676002)(14454004)(476003)(102836004)(478600001)(66066001)(7696005)(7736002)(446003)(966005)(81156014)(6436002)(3846002)(6916009)(790700001)(6116002)(2906002)(6306002)(99936001)(316002)(3660700001)(93886005)(3280700002)(53936002)(4326008)(55016002)(105586002)(33656002)(54896002)(25786009)(9686003)(6246003)(54906003)(68736007)(236005)(5660300001)(86362001)(2900100001)(97736004)(106356001)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1315; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: usOpsV9o5L1TNZMPhpVvdXG/gTau/trOlHT7cmeq9MaaZ8hgsDOBNqYHLfubpeS9KLnhVo1zjJvePNg8Y6KQM4MIso0oNi4CTiom7PmhzNsRBpA8PUcuePDAlREyBI/j0FNj4Yo8F4P6j7cV4TVqakUqUKDQrJOu1rjsmTztwYcMleu4+5FDMEFeF3r/kpL0
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0BC3_01D3EE1C.7CFDA910"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: c00dcab9-56e9-4870-769d-08d5bc552799
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c00dcab9-56e9-4870-769d-08d5bc552799
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2018 00:20:26.4032 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1315
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LJ1brIbl44d0EIBaFeew3gR4x3k>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 00:20:36 -0000
I’m actually fine with that. You have to consider P_{extension implemented and used}.
Different people will disagree about the value of P.
-Tim
From: Paul Wouters [mailto:paul@nohats.ca]
Sent: Thursday, May 17, 2018 8:18 PM
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: James Cloos <cloos@jhcloos.com>; Ted Lemon <mellon@fugue.com>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
On May 17, 2018, at 19:44, Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote:
Making things more complicated with no obvious benefit just makes things
more complicated.
I oppose adding two bytes for some nebulous future purpose.
The consequence of this opinion would be this:
https://tools.ietf.org/html/draft-asmithee-tls-dnssec-downprot-00
Which is a lot of complexity for one TLS extension to define the behaviour of another TLS extension. And it still adds two bytes in the 2nd extension.
So if you believe more simplicity is better, then you made the wrong choice.
Paul
- [TLS] TLS DNSSEC chain consensus text, please spe… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Thomas Lund
- Re: [TLS] TLS DNSSEC chain consensus text, please… Ted Lemon
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tom Ritter
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… James Cloos
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Peter Gutmann
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Paul Wouters
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek