IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 07 December 2016 21:28 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46FC9129BDE for <tls@ietfa.amsl.com>; Wed, 7 Dec 2016 13:28:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.796
X-Spam-Level:
X-Spam-Status: No, score=-4.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFKo8IB1-qyi for <tls@ietfa.amsl.com>; Wed, 7 Dec 2016 13:28:33 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id C7694129BDA for <tls@ietf.org>; Wed, 7 Dec 2016 13:28:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 951A3158D9; Wed, 7 Dec 2016 23:28:30 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id KAYk4C8_3brj; Wed, 7 Dec 2016 23:28:30 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id EFE392310; Wed, 7 Dec 2016 23:28:29 +0200 (EET)
Date: Wed, 07 Dec 2016 23:28:22 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20161207212822.GA859@LK-Perkele-V2.elisa-laajakaista.fi>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com> <4CFC10D6-CB4B-496C-89AF-87340B0822D9@sn3rd.com> <CABkgnnVTSbrKZfi0V0aL04Ww=EcXg5zJawU1PJ72iLriXEK-pA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnVTSbrKZfi0V0aL04Ww=EcXg5zJawU1PJ72iLriXEK-pA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NLmsxOp_XqePQjnbqEM1S1amA2o>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2016 21:28:35 -0000

On Wed, Dec 07, 2016 at 07:18:56AM +0900, Martin Thomson wrote:
> On 7 December 2016 at 03:24, Sean Turner <sean@sn3rd.com> wrote:
> > Just a reminder that this WGLC will close on Friday December 9th.
> 
> A timely reminder :)
> 
> I reviewed the document and it looks pretty good.  I'd have sent a PR
> with some minor changes to grammar.
> 
> The question I wanted to ask was how we wanted to manage the
> relationship with TLS 1.3, particularly for EdDSA.
> 
> The draft asks for a NEW codepoint in the hash and signature
> algorithms structure.  That clobbers a whole bunch of space that TLS
> 1.3 is going to rework.  I don't think it's a good idea to perform
> concurrent surgery on this registry, particularly since new codepoints
> have the effect of taking out new swathes of space.  At best we send
> confusing signals to IANA.
> 
> I would prefer to take the arrangement that we have in TLS 1.3 and
> backport it here so that we have a consistent story.  I also think
> that taking a single 2 octet codepoint from the SignatureScheme space
> is better all around.

I actually reviewed the document and noticed the exact same thing.


Also, in my TLS implementation, doing EdDSA in TLS 1.2 by backporting
the TLS 1.3 mechanism (using ECDSA legacy type) just fell naturally
out of the implementation. It was easier to have all the machinery
needed to handle it than not to have that machinery.


-Ilari

v2.23.0 | Report a Bug | By Email