Re: [TLS] Fixing TLS

Dave Garrett <davemgarrett@gmail.com> Tue, 12 January 2016 20:14 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01D891A8859 for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 12:14:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YXIMVgWcYM-W for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 12:14:17 -0800 (PST)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A136D1A885C for <tls@ietf.org>; Tue, 12 Jan 2016 12:14:16 -0800 (PST)
Received: by mail-qg0-x230.google.com with SMTP id e32so349286126qgf.3 for <tls@ietf.org>; Tue, 12 Jan 2016 12:14:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=ta3IXvYFdqjJso4q9Pk/i5B2QSn4m29x9J4okLSBac8=; b=1BcPU9IuzSdrGcsrYAEHIhY0IIAxHj53HnduCI6/oUondXK7eeW0XKoqqiggO2sCW6 VIHjwuJLsa1U2h6VfP7QnPCY4V2pB5Mpcz5SizBot7v3N+nF5VN22VjYB5DnHtopwLvW 5OHDQ6hfhBgFvl3h1lU8sxlppNRmsy65UUPT3vel/oFtbrXm5kZztJrTX1ubPzrU1ZMp SCgVHaXuoVZ5dQFZrpsMxOrUyBh3AUZ6Su5mxS8R4N4nyMPpQskF4KPVkvHuMFqYo5p5 oyvkEFNq6qPSWjMVkv9P6CvXcAzVa5e5o7T18N6RVuEj5EZwAmS+BrZiaCX6uO3GGHI6 JYAA==
X-Received: by 10.140.96.8 with SMTP id j8mr168197610qge.93.1452629655894; Tue, 12 Jan 2016 12:14:15 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id f132sm38986458qhe.6.2016.01.12.12.14.15 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 12 Jan 2016 12:14:15 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Date: Tue, 12 Jan 2016 15:14:13 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <9A043F3CF02CD34C8E74AC1594475C73F4BC6849@uxcn10-5.UoA.auckland.ac.nz> <201601121439.15891.davemgarrett@gmail.com> <BLUPR03MB13968C36D7067208424946018CCA0@BLUPR03MB1396.namprd03.prod.outlook.com>
In-Reply-To: <BLUPR03MB13968C36D7067208424946018CCA0@BLUPR03MB1396.namprd03.prod.outlook.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201601121514.14360.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Nx11QEgKcRBJEiHxZ9GrKFUDcXU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fixing TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 20:14:19 -0000

On Tuesday, January 12, 2016 03:03:42 pm Andrei Popov wrote:
> On Tuesday, January 12, 2016 02:39:15 pm Dave Garrett wrote:
> > I hope that Google's efforts to get QUIC as-is specced out go quickly and smoothly, and that it can be used as a basis to develop an official total TCP/TLS replacement.
> 
> If this were the path forward (and I doubt that it is), I would very much prefer Peter Gutman's evolutionary TLS 1.3.

I was just chatting a bit off-list, and apparently I wasn't aware of QUIC's latest plans, so it's not as clear as I previously said. Unfortunately, it seems that they have yet to actually write anything down (a too frequent pattern with QUIC), so I can't really comment on what I'd like to see happen in this realm anymore.

In any case, ~whatever~ comes after TLS 1.3 will hopefully have some major changes. I have no idea what that will be, but TLS 1.3 comes first. That's a discussion for a future time.


Dave