Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Richard Barnes <rlb@ipv.sx> Wed, 18 April 2018 19:23 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E241126C26 for <tls@ietfa.amsl.com>; Wed, 18 Apr 2018 12:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATMx8tykEQjE for <tls@ietfa.amsl.com>; Wed, 18 Apr 2018 12:23:04 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69D85126CC7 for <tls@ietf.org>; Wed, 18 Apr 2018 12:23:04 -0700 (PDT)
Received: by mail-oi0-x22a.google.com with SMTP id 126-v6so2650939oig.0 for <tls@ietf.org>; Wed, 18 Apr 2018 12:23:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+ZVMXmRgL3IjprEor8CI0k4B2DYolx9XxwM9XTcqUGc=; b=Hc1FlAydxdnfrAwxC6Lv9ZPchpv0dTPOOu+64/ssEXdbFBcNEUyBEcLmq3TqZB3YxL tWsKlQaPhwBNoKRaUeENkN9d6tBXgAW8wW39NiPsEK6ZsWpte4XZI1G1mhoiFfYTz6I7 3YxuwxlnVrci7PXyuZfLb+DNYEvBIlysDPm5Br4fKIiaqDijbVmPZEyLGXcR8Zso65qp AzkVdOzxSAEEG5MGXP89CXooLB2yqbJQBNCEkgpXM6/3vMplSkkdWwzSgjJuZMsjob4v B1RqL62INJlY1adXMPSbhY1I3gPLnUuc7lbCyZ5IJcimY3S7MQjrhG/DJe+f755f8I3/ lt5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+ZVMXmRgL3IjprEor8CI0k4B2DYolx9XxwM9XTcqUGc=; b=VzFVOIIfaQMsr+05nmkMRlmNBop/1XEExR/21IM3E+vFU4TNm/MF1oDVsu8cMsKph4 bFJiwd+VoIL9EMODUUUq1UlsBAvJH5GbVcXL1KyAw3p5I0yBJQ9wD/11OtmM0lCloFrA fP9Yn1iyjR4FB5vpRMuMi/ljRYdMModYWVi7E+NDvpOwDUoq8fJbBvbIjvfROorZUGQt GLuWnIZeVz1LuOaT3tmRAnJcvyFiQqxPRJP3YEMgqdT7hdMstPuQq72w1RYaxtW9q8mj c1+4Xqs8LV5nQYFw6DVK4bivX2eIOupbjiashj5rDXvYiN3J1NHvtsi8v6/Dv7jcne20 8SOw==
X-Gm-Message-State: ALQs6tDWqnYezvF2Bz3AsoKRITqcf/c4NKunVw2zfolySIaTYDamTIsr Y2jc2ttMqAOgoZPm3Mb4gfs8pLwGwM0cWIaPusFxQg==
X-Google-Smtp-Source: AIpwx49ylyPCtfy0HvFAO+CxAWNtbFSmkelVXWE93gDSywfZ4/gkWjVgJl5T3FHlDNLv4gFmfTnH4Yz6nseC2LRoeNo=
X-Received: by 2002:aca:b985:: with SMTP id j127-v6mr1870336oif.6.1524079383600; Wed, 18 Apr 2018 12:23:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.93.90 with HTTP; Wed, 18 Apr 2018 12:23:02 -0700 (PDT)
In-Reply-To: <CAOgPGoCbHzuAZra5+i647gtLbR9ZV0-nEE+A7K6e8cUMNjNYtA@mail.gmail.com>
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <CAOgPGoCbHzuAZra5+i647gtLbR9ZV0-nEE+A7K6e8cUMNjNYtA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 18 Apr 2018 15:23:02 -0400
Message-ID: <CAL02cgQx0Y+YyyVK8aOw85QYmzRy5sznHySD5OnLaFkYbgWnyg@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000044f46e056a24624c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MsOuk4AwhpLL8ixtQqnoykuSSao>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 19:23:13 -0000

On Wed, Apr 18, 2018 at 2:22 PM, Joseph Salowey <joe@salowey.net> wrote:

> We've had a lot of discussion on this thread that has pointed out that
> there are enough issues with the current document that we should recommend
> that the AD pull it back from the RFC editor.
>
> Concerns have been raised about the trade-offs associated with pinning and
> I do not think we currently have consensus to add pinning.  While I think
> it may be possible to come to consensus on pinning I think it may take some
> time.  I believe we can quickly get consensus for the following approach:
>
> 1. Scope the document to the assertive use cases
> 2. Explicitly allow (but do not require) DoE be included
> 3. Remove current text about pinning
> 4. Re-submit the document for publication and start work on a separate
> extension that supports pinning
>

SGTM



>
> I understand that not everyone is happy with publishing the document
> scoped down in this way, but there is a community of users who would find
> it useful.  I am soliciting suggestions for text for the 1-3 and I
> encourage proponents of the more restrictive use case to get a draft
> together that we can consider for adoption by the working group.
>
> I also want to thank the participants for keeping the discussion mostly
> civil and having patience as we go through this process.
>
> Joe
>
>
> On Wed, Apr 4, 2018 at 10:50 AM, Joseph Salowey <joe@salowey.net> wrote:
>
>> Hi Folks,
>>
>> Some objections were raised late during the review of
>> the draft-ietf-tls-dnssec-chain-extension. The question before the
>> working group is either to publish the document as is or to bring the
>> document back into the working group to address the following issues:
>>
>> - Recommendation of adding denial of existence proofs in the chain
>> provided by the extension
>> - Adding signaling to require the use of this extension for a period of
>> time (Pinning with TTL)
>>
>> This is a consensus call on how to progress this document.  Please answer
>> the following questions:
>>
>> 1) Do you support publication of the document as is, leaving these two
>> issues to potentially be addressed in follow-up work?
>>
>> If the answer to 1) is no then please indicate if you think the working
>> group should work on the document to include
>>
>> A) Recommendation of adding denial of existence proofs in the chain
>> provided by the extension
>> B) Adding signaling to require the use of this extension for a period of
>> time (Pinning with TTL)
>> C) Both
>>
>> This call will be open until April 18, 2018.
>>
>> Thanks,
>>
>> Joe
>>
>>
>>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>