IETF Logo Mail Archive

Re: [TLS] Call for Consensus on removal of renegotiation

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Wed, 25 June 2014 20:03 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F05E21B2E59 for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 13:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uyidcsHhcDZy for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 13:03:08 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0949F1B2E58 for <tls@ietf.org>; Wed, 25 Jun 2014 13:03:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2797; q=dns/txt; s=iport; t=1403726588; x=1404936188; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=P9pQ9uVaYasr9j72mS5T6Li5bR8osDoTSDyyaDcMeAk=; b=RY6n1X0e4QBA3oy4ZTk3EKVh5Z36IPUxm+71C8KewyFATfEpc7Rhy6Mk C2lh1InlmLy4AZksqDsKKoxcvLafB/nqXdd2KjCZg0YkkCLPIvR6cjIFG O/rsYZBbzBUmn8xn696cGp1vrcEswnSDTQDiStjpx0A1FpRKm28tue0JU Q=;
X-Files: signature.asc : 495
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnAFAE4qq1OtJA2L/2dsb2JhbABZgw1SWqoSBQGReodAAYEOFnWEAwEBAQMBAQEBGlELBQsCAQgYLicLJQIEDgUOiCwIDcMzEwSFY4kZB4MtgRYFkgiBQYcIk2uDQoIw
X-IronPort-AV: E=Sophos;i="5.01,547,1400025600"; d="asc'?scan'208";a="335723733"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP; 25 Jun 2014 20:03:07 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s5PK37Xj002118 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 25 Jun 2014 20:03:07 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.143]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.03.0123.003; Wed, 25 Jun 2014 15:03:07 -0500
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Thread-Topic: [TLS] Call for Consensus on removal of renegotiation
Thread-Index: AQHPkKQi2ibdHwQZAU+UoLazXGbTxJuCfkiAgAAVKgA=
Date: Wed, 25 Jun 2014 20:03:06 +0000
Message-ID: <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com>
References: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com> <53AB192F.2040001@fifthhorseman.net>
In-Reply-To: <53AB192F.2040001@fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.248.35]
Content-Type: multipart/signed; boundary="Apple-Mail=_24927898-5E06-4552-B0A4-5D8A1BCC788F"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/NL-JDDPe-XYEkRZmOI-Mh7iJaXs
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jun 2014 20:03:14 -0000

On Jun 25, 2014, at 11:47 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

> On 06/25/2014 02:34 PM, Joseph Salowey (jsalowey) wrote:
>> We would like to see if there is consensus on removing renegotiation in TLS 1.3.  We had rough consensus at the interim to remove renegotiation. Please state your position by indicating preference for one of the following (we will have a separate consensus call to decide on rekey approach). 
>> 
>> 1. Do you favor removing renegotiation from TLS 1.3 either with or without an additional facility for rekey?
>> 2. Are you in favor of not removing renegotiation regardless of the addition of a separate rekey facility?
> 
> If we're supposed to select either 1 or 2, i wouldn't feel comfortable
> with either one.
> 
> If we aren't providing an additional facility for re-keying, then i am
> not OK with removing renegotiation.  TLS needs a way for high-traffic,
> longstanding connections to stay up without "dead air" (as i think Sean
> called it earlier).  So i can't choose (1).
> 
> OTOH, if we have a separate rekey facility, i think that the semantics
> of TLS will be clearer (easier for application developers to understand
> and work with; easier for cryptanalysts to evaluate) if we get rid of
> renegotiation.  So i can't choose (2).
> 
> Maybe this question needs to be re-framed, or we need an option 0?
> 

[Joe] to simplify:

1.  In favor of removing renegotiation
2.  In favor of removing renegotiation with the addition of rekey facility
3.  Not in favor of removing renegotiation 

(the first attempt combined 1 and 2)


> 	--dkg
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email