Re: [TLS] Fixing TLS

Eric Rescorla <ekr@rtfm.com> Tue, 12 January 2016 20:35 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34CF01A8899 for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 12:35:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xxgi-EU-bzFz for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 12:35:53 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 401791A8898 for <tls@ietf.org>; Tue, 12 Jan 2016 12:35:53 -0800 (PST)
Received: by mail-yk0-x231.google.com with SMTP id v14so371773331ykd.3 for <tls@ietf.org>; Tue, 12 Jan 2016 12:35:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=OtyyA9ZgGd3Z0ZoRFO5ucoHrr3oNPe3+3daeq2Bk6Ec=; b=hL9Shn+4h8RvFEHF/HDtVSkehquaVPCuAYqPD4VsHJzgq5QwnQFsXtoX+RDnjD2kFp HY8Y+aZXiek1hPpEKAhDClDf6tHotRT36p2zOA5RkWFGKcnqCS72Jg/I89OMegdi9R40 QikvC1baDfDQ7jFGQPEzVeibfIll3x+bKYIE47QAt56kS0JCjCCUS9LaTM1uMLoGejRI PQJelqKitZ3ObguS2yuiW2NOvEsdh+oo1Q07MsWMJBs5CVFiHarwqtEO0JwpNLVUrfo4 Pk+mHD+uaddwKRWSdCoMwkx98xHQWdM3h9udAwWqPk/+HnwQSttEwBNC75QtKb/eD2Nb J7gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=OtyyA9ZgGd3Z0ZoRFO5ucoHrr3oNPe3+3daeq2Bk6Ec=; b=B0XFmfVmiDNRzWshnREw7WdwxOe/sQ7tkEN/qgdk8nMZQcRKO6R07X3X1SpXlfQuPs 51RHPZdq1VG9DLX+OX0py8lDb7D4dLMY4vZOHedzuZpF2PEQxsX+k+nzzhCF6sE3x+fH TkMrlUlMKD88dYWffxh8QhyD6knIRUaM3GjcTg2tjaT/5yrxg6uIMak68ncRdw9lIA+F ugUgvTGIJmOCtVqZvzWvi6yUV1dNh2mqNY8Rjo3y1Yk811O9msZ5nDbcHYArlZAkgzTr L9vqKbYlKmvDz4Un7VZU6PfHz5WeoUQh01/YSveaIsMOArAp578AZP7M203KhqrLVtOp RfSA==
X-Gm-Message-State: ALoCoQl4hiIE6Gj5uIvKjGZOIWOHhyKc4gbfRxFuhJ7vYzkZ6HRDYf0VS+aopy0u8VoBjN7NLs1jYoCVOKjH2ZOGoLS47xSEbA==
X-Received: by 10.129.79.87 with SMTP id d84mr96945645ywb.115.1452630952572; Tue, 12 Jan 2016 12:35:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.197 with HTTP; Tue, 12 Jan 2016 12:35:13 -0800 (PST)
In-Reply-To: <201601121533.59799.davemgarrett@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BC6849@uxcn10-5.UoA.auckland.ac.nz> <CAH9QtQHu_TiC2SfdurCfv__yBRVJLdiyn58g-A940nvPnC8EAw@mail.gmail.com> <CABcZeBOrKWa+Fqf9fsqGqeZnHH_jL=mZPu7wUJ6QtM5vrVkXyg@mail.gmail.com> <201601121533.59799.davemgarrett@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 12 Jan 2016 12:35:13 -0800
Message-ID: <CABcZeBMqNFLN9AWS6TVu7tmdu0e-SUXbxzUTyuF-sf7qufjaqA@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary=001a114dc360eb2e3c052928ffc7
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LtjtOKL5VtT7oIOu-boPZqGQdwQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fixing TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 20:35:55 -0000

On Tue, Jan 12, 2016 at 12:33 PM, Dave Garrett <davemgarrett@gmail.com>;
wrote:

> On Tuesday, January 12, 2016 03:18:11 pm Eric Rescorla wrote:
> > On Tue, Jan 12, 2016 at 12:12 PM, Bill Cox <waywardgeek@google.com>;
> wrote:
> > > I wish that were the plan (to upgrade QUIC crypto and eventually make
> that
> > > the new crypto platform).  If I am not mistaken, QUICK crypto is going
> to
> > > be archived, TLS 1.3 will replace the crypto code, and QUIC will
> remain the
> > > transport layer.
> >
> > This is my understanding as well, based both onconversations with the
> QUIC
> > folks, and Adam and Jana's public presentations. A number of us (MT, I,
> > Jana, Ian, AGL, Christian) have already started some initial
> conversations
> > at how to do that.
>
> I'm quite interested to hear what the plans are there. I'd appreciate it
> if, whenever there is a fleshed-out starting point, an outline could be
> posted to this list to keep us in the loop with what's going to be the
> initial design. Not necessarily for debate here, but just so we can have an
> idea of where things are going.
>

We definitely would post that somewhere, but thanks for the reminder to
send a pointer
to TLS WG.

-Ekr




>
> > With that said, I don't think there's a plausible story in which QUIC
> becomes the only
> > transport protocol in the world any time soon, so I don't think
> standalone TLS 1.3
> > is going away.
>
> Yes. Whatever the discussion for future work, TLS 1.3 is the current
> direction. One step at a time so we don't trip over our feet. ;)
>
>
> Dave
>