Re: [TLS] TLS process thread
Trevor Perrin <trevp@trevp.net> Tue, 15 April 2014 07:55 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA181A0222 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 00:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.722
X-Spam-Level:
X-Spam-Status: No, score=0.722 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYesQJhSdskx for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 00:55:27 -0700 (PDT)
Received: from mail-wg0-f52.google.com (mail-wg0-f52.google.com [74.125.82.52]) by ietfa.amsl.com (Postfix) with ESMTP id 71ECA1A0389 for <tls@ietf.org>; Tue, 15 Apr 2014 00:55:27 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id k14so9202188wgh.35 for <tls@ietf.org>; Tue, 15 Apr 2014 00:55:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hyWFAZ9/pp/KMyphWrBP49WO25416QZEF29ousesd3Y=; b=QphRUhNszIo+EmmgNMqw32Fvuqhn9arMadxHpolOQ5Vp4+DeqjWP/uz2QYNwty2s2E IJMOjiz2YAbmtfz4MNpzxl1sspUmSQ3gI4bk+/Wpk6oReQYG1OTKdJs/4lGpXk8o6GkN xG1O5J1KNsyl9nx6pusx2w7pj8AWyK9hnd4ZKPg7CzCZeMAjfW0anIJ92+CrpShnc/+L MCWtRQaUL37MReNi2WFeyMfpG8blQzBtJL6NQLpWvDLWSUpPhoWAjqRciMZWyi6H83Br SoHg8d+DiTk39X4fX3svf1oSpD7AUXUzZ62z7jrvHwnQDDKZNrTl4VeOjSMbPku0Aurw 9zlQ==
X-Gm-Message-State: ALoCoQlS1uzs3hCmQ6CkUtePx9+ee3gBWNxjXXEV2cknGEdqXbfIQQsA55jAVKywxIgRfXyaTogk
MIME-Version: 1.0
X-Received: by 10.195.12.14 with SMTP id em14mr273003wjd.15.1397548524224; Tue, 15 Apr 2014 00:55:24 -0700 (PDT)
Received: by 10.216.45.146 with HTTP; Tue, 15 Apr 2014 00:55:24 -0700 (PDT)
X-Originating-IP: [184.23.29.222]
In-Reply-To: <C8C4F44E-0557-4B9D-81A6-C5C171DD5D14@ieca.com>
References: <C8C4F44E-0557-4B9D-81A6-C5C171DD5D14@ieca.com>
Date: Tue, 15 Apr 2014 00:55:24 -0700
Message-ID: <CAGZ8ZG1_2yprXcmmOA8+Ly-Hz=rja-Bzmnre31+_fy1Jket2+Q@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Sean Turner <TurnerS@ieca.com>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/MBMfEBPg9G0mM8k4BgTTGtgKgu8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS process thread
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 07:55:31 -0000
On Wed, Apr 9, 2014 at 1:49 PM, Sean Turner <TurnerS@ieca.com> wrote: > > While the IETF certainly has used competitions in the past, they are > generally used to select one document from multiple starting points > and then the documents undergo substantial revisions. Even then, there > is a fairly mixed track record as WGs often find it very hard to come > to a final selection and instead get bogged down in the selection > process. Hi Sean, Have there really been enough IETF crypto-protocol competitions to draw this conclusion? Could you give examples? IKEv1 was mentioned by Stephen Farrell [1]. But Dan Harkins and Peter Gutmann argued its problems were less due to the ISAKMP/SKIP competition, and more due to what happened afterwards - "option being piled on top of option" creating a "design-by-committee mess" [2,3]. As for getting "bogged down in the selection process" - having so many strong candidates it's hard to choose sounds like a good problem to have. If the designs are similar, we'll have more confidence in them. If they're different, we'll have context to argue the trade-offs. > In this case, however, our charter provides a clear starting point, > namely RFC 5246, and a mandate to minimize the changes to that > document. This does not mean that ideas for significant changes are > are not welcome, but they should be phrased as revisions to RFC 5246 > rather than as a wholesale replacement. As Nikos and Paul pointed out, the charter doesn't mention 5246. It mentions minimizing changes, but only as one goal among several, and only "gratuitous" changes. I think minimizing changes is one of many goals in tension with others (minimizing diffs vs minimizing complexity / adding features; handshake encryption vs handshake latency; new features vs. ease of analysis; merging layers vs. modularity; etc.) Instead of presuming the answer to any of these, or tackling them in isolation, it makes more sense to explore such a complex design space through different proposals. > The chairs do not believe > there is a convincing reason or support to deviate from the plan > described in our previous message [1]. Reviewing the "TLS 1.3 process" threads [4,5], I see more support for alternatives: * Adam Langley suggested a "TLS 1.3 that is a tidying up of 1.2 [...] The more significant changes could be 1.4" [6]. Peter Gutmann endorsed this, and Watson Ladd and Rich Salz seemed somewhat interested in such an approach [7,8,9], as am I. * Nikos, myself, Peter Gutmann, Watson, and Daniel Kahn Gillmor expressed interest in soliciting multiple proposals [10,11,12,13]. * Bill Frantz suggested having a set of "use cases to test our proposals against" [14]. Support was expressed by Watson, Peter Gutmann, and Andy Lutomirski [15,16,17]. It also seems these discussions were cut short by extended_random and heartbleed revelations. I don't know whether the WG has consensus for any of the above, but it's not clear there's consensus for your process either. Perhaps the chairs could try to clarify the main alternatives and put it to the WG for a decision? Trevor [1] http://www.ietf.org/mail-archive/web/tls/current/msg11679.html [2] http://www.ietf.org/mail-archive/web/tls/current/msg11701.html [3] http://www.ietf.org/mail-archive/web/tls/current/msg11709.html [4] http://www.ietf.org/mail-archive/web/tls/current/msg11657.html [5] http://www.ietf.org/mail-archive/web/tls/current/msg11655.html [6] http://www.ietf.org/mail-archive/web/tls/current/msg11691.html [7] http://www.ietf.org/mail-archive/web/tls/current/msg11711.html [8] http://www.ietf.org/mail-archive/web/tls/current/msg11694.html [9] http://www.ietf.org/mail-archive/web/tls/current/msg11685.html [10] http://www.ietf.org/mail-archive/web/tls/current/msg11677.html [11] http://www.ietf.org/mail-archive/web/tls/current/msg11670.html [12] http://www.ietf.org/mail-archive/web/tls/current/msg11655.html [13] http://www.ietf.org/mail-archive/web/tls/current/msg11656.html [14] http://www.ietf.org/mail-archive/web/tls/current/msg11717.html [15] http://www.ietf.org/mail-archive/web/tls/current/msg11723.html [16] http://www.ietf.org/mail-archive/web/tls/current/msg11720.html [17] http://www.ietf.org/mail-archive/web/tls/current/msg11792.html
- [TLS] TLS process thread Sean Turner
- Re: [TLS] TLS process thread Nikos Mavrogiannopoulos
- Re: [TLS] TLS process thread Paul Hoffman
- Re: [TLS] TLS process thread Stephen Farrell
- Re: [TLS] TLS process thread Peter Gutmann
- Re: [TLS] TLS process thread Watson Ladd
- Re: [TLS] TLS process thread Dan Harkins
- Re: [TLS] TLS process thread Brian Sniffen
- Re: [TLS] TLS process thread Eric Rescorla
- Re: [TLS] TLS process thread Eric Rescorla
- Re: [TLS] TLS process thread Trevor Perrin
- Re: [TLS] TLS process thread Douglas Stebila
- Re: [TLS] TLS process thread Klaus Hartke
- Re: [TLS] TLS process thread Paul Lambert