IETF Logo Mail Archive

Re: [TLS] Proposed text for dnsssec chain extension draft

Joseph Salowey <joe@salowey.net> Thu, 26 April 2018 04:14 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69F0112DA04 for <tls@ietfa.amsl.com>; Wed, 25 Apr 2018 21:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fl6gTyqJFaSY for <tls@ietfa.amsl.com>; Wed, 25 Apr 2018 21:13:59 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0121127867 for <tls@ietf.org>; Wed, 25 Apr 2018 21:13:58 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id f16-v6so26021935qth.0 for <tls@ietf.org>; Wed, 25 Apr 2018 21:13:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ILWhUmVFr+iskCmhVujRW2LAx1E4mvd0C+5aEIpbZ4s=; b=l53Nx5pSuJjU8h/r44Eovp3/tIFLOkvXqOlmST4OL1LK5m9xFC5Eo1DW2vprISzxk5 XavmsCzjfRS8pRcxoILcWqMboDpi+GGS+ofy+aFUk8gB/Uhh7qzl6ytHegnre9mMKvoL nGL1En6SgxJBh+X/UTZ4EC+z7zyvi4Hrsc5At/KWJoFoLOA2m376ZrDcNaWlEFoeAuwx AGdXlWsGWj2L25w+sV8qDiftUeL2MUYj+NJsvewDdchtXAqmbU86/6NjihuCjqbUbAAl QZtO7+zz6iIduC65YLKp6zRY5CPoIMqNaZNJSKQKYy7QMfIOt7rFv8XndQfdqD93vgPc eqnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ILWhUmVFr+iskCmhVujRW2LAx1E4mvd0C+5aEIpbZ4s=; b=NRJZMBXtYFUJpo82oJONn5uRh692j/0rtCCOwLdOvmeSbB4exyGhoPOoTPKBpGqIkS fJ3RD09CDjKSixDbi1aYnhrDn68kdG9yYMnVK2E9/Qh+vNgAfR0iFQ9F4a/mTcVQ0Rsc zSzsB4bIw/zdzI4kiZG4z9Jn4Fd+9yRDY+QCxY5BPjWG14L/x1PZTmAo71/o9txkeHQn uThibBUC0hnrFmciVTiEhWHaTZ0fMi7/BPAzP9MaP5m/5OV4yKF+j+ZR/KkZTW40DAIN iu1zceNER91td2XlzGDFUMrCqhUgL+Rvn4WalLJTY+v4R5RuVU1L6GTIyckJKJuJi55H H7xQ==
X-Gm-Message-State: ALQs6tDOX3e4PRIu/pzUlA3SGwCIW4voxyXeNoSFV8CvmME5+u/jmcdj DzdqVr5T25EyXPogB2ePqAxWF9vxu/rjdb5rqD0f21Be
X-Google-Smtp-Source: AB8JxZr9HtgsXoNQdjfqjfzTUBioO1Rhh4c6q2UNz7amLUeZ+dvejlKAfpZQKBl71FqC4JLhFddofJYb9uWKkfk8qIQ=
X-Received: by 2002:aed:2a67:: with SMTP id k36-v6mr34589293qtf.302.1524716037742; Wed, 25 Apr 2018 21:13:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.112.211 with HTTP; Wed, 25 Apr 2018 21:13:37 -0700 (PDT)
In-Reply-To: <20180425154626.GJ25259@localhost>
References: <1D2EB7F1-B796-4459-93C2-443A7104F33A@dukhovni.org> <d5b94d58-e625-9fc0-faae-b202d10620fb@nomountain.net> <20180425145721.GH25259@localhost> <20180425154001.GI25259@localhost> <20180425154626.GJ25259@localhost>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 25 Apr 2018 21:13:37 -0700
Message-ID: <CAOgPGoBzx5PKzd=3=OhxXdV4bQHfxqM-4xGgsvip4-Fg1NfAUA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d03537056ab89d24"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NO21RHwzQmmBGpNCV5HvxwbzKbY>
Subject: Re: [TLS] Proposed text for dnsssec chain extension draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2018 04:14:01 -0000

This proposal is quite a bit more than just a two byte reserved field.

On Wed, Apr 25, 2018 at 8:46 AM, Nico Williams <nico@cryptonector.com>
wrote:

> On Wed, Apr 25, 2018 at 10:40:02AM -0500, Nico Williams wrote:
> > On Wed, Apr 25, 2018 at 09:57:22AM -0500, Nico Williams wrote:
> > > On Wed, Apr 25, 2018 at 11:51:58AM +0200, Melinda Shore wrote:
> > > > On 4/25/18 7:33 AM, Viktor Dukhovni wrote:
> > > > > Perhaps a concrete proposal will make it
> > > > > easier to reach a mutually-agreeable consensus position, and make
> it
> > > > > clear that the requested 16-bits are a reasonable consensus
> outcome.
> > > >
> > > > Hi, Viktor:
> > > >
> > > > This doesn't actually reflect the consensus called by the
> > > > chairs, as I understand what was posted.  It may be useful
> > > > to start work on a new draft describing your proposal.
> > >
> > > The chair said there is consensus for (A) with no pinning.  Viktor's
> > > proposal is (A) with no pinning.  It's not at all clear to me that the
> > > two reserved bytes are outside the consensus, and anyways, their cost
> is
> > > minimal.
> > >
> > > However, if you object to turning the extension contents into a struct,
> > > then I would propose a slight tweak to Viktor's proposal:
> > >
> > >    Two-byte elements of the AuthenticationChain are reserved for future
> > >    use.  Pending future specifications, clients MUST discard any two-
> > >    byte elements of the AuthenticationChain, and servers MUST NOT send
> > >    any such elements.
> >
> > Ay, never mind, this isn't XDR, so that wouldn't work.
>
> Actually, since the extension's body is an opaque<1..2^16-1>, and the
> extension is itself an opaque<>, it's possible to have data past the end
> of the body of the extension.  But at this point I prefer Viktor's
> struct proposal.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.15.0 | Report a Bug | By Email