IETF Logo Mail Archive

Re: [TLS] (draft) WG adoption call: draft-bmoeller-tls-falsestart

Bodo Moeller <bmoeller@acm.org> Wed, 01 April 2015 20:38 UTC

Return-Path: <SRS0=c0Xe=EO=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 840E51A90D3 for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 13:38:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dq6IbKG1Pkfu for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 13:38:16 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4AA21A90D1 for <tls@ietf.org>; Wed, 1 Apr 2015 13:38:15 -0700 (PDT)
Received: from mail-ob0-f171.google.com ([209.85.214.171]) by mrelayeu.kundenserver.de (mreue005) with ESMTPSA (Nemesis) id 0M3fOP-1ZUY5M36Nl-00rF6X for <tls@ietf.org>; Wed, 01 Apr 2015 22:38:13 +0200
Received: by obvd1 with SMTP id d1so99021973obv.0 for <tls@ietf.org>; Wed, 01 Apr 2015 13:38:11 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.230.75 with SMTP id sw11mr4811152obc.7.1427920691814; Wed, 01 Apr 2015 13:38:11 -0700 (PDT)
Received: by 10.76.144.230 with HTTP; Wed, 1 Apr 2015 13:38:11 -0700 (PDT)
In-Reply-To: <2BD5254C-89AA-46EA-BB03-93A250DD5CC7@vpnc.org>
References: <813475A8-DC71-42BA-A27E-DF11B0155FD1@ieca.com> <2BD5254C-89AA-46EA-BB03-93A250DD5CC7@vpnc.org>
Date: Wed, 01 Apr 2015 16:38:11 -0400
Message-ID: <CADMpkcLHiz+-dq64mn+Hc1Zm8wnudo3yZaFGy5v_4rf2Sc79pw@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1134b63a9a6ae40512afb122"
X-Provags-ID: V03:K0:Nc3TwBlbbb6hBVQOSMozTErKYq9Q1Azad1JXkmFRHe1wD9mG73n O5Ca4Ol3UJm8QBRyJpD/s7ly7yCjcp7wWuo1cyjMtUw3lgrkt79Fk2tuT0QHWZlHnTS5tMs ywC1FRopccRwjFpHx+pqbUzsdSjIBXrNZ3aQ4YDb/Lc3IIqR4MPMFZ+vVpAtMj4ukYUjWlS Ede0s440v4XKUF8U/D6aA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OGdNtY8Hju3YQJj6szphzz7BUZw>
Subject: Re: [TLS] (draft) WG adoption call: draft-bmoeller-tls-falsestart
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 20:49:48 -0000

Paul Hoffman <paul.hoffman@vpnc.org>:


> > There’s been some interested expressed in having
> http://datatracker.ietf.org/doc/draft-bmoeller-tls-falsestart/ adopted as
> a TLS WG item.  If you would like for this draft to become a WG document,
> and you are willing to review drafts as it moves through the process please
> indicate as much on this thread.  If you are opposed to this being a WG
> document, please say so (and say why). Thanks in advance.
>


> If the adopted draft becomes clearer that it is for TLS 1.2 (and possibly
> 1.1) only, but not for 1.3 (since we don't know what that will look like),
> I support its adoption.
>

Right, it makes complete sense to update the document to capture existing
deployment: in particular, explicitly exclude TLS 1.3 from its scope (not
just because we don't know what TLS 1.3 will look like but also because TLS
1.3 can speak for itself), and remove server-side False Start unless we
find any implementations.

(I'm not sure that we have to explicitly *disallow* False Start for
versions below TLS 1.2 as Brian Smith has suggested. After all, servers may
still encounter it with older clients, so that's a part of the reality of
existing deployments. The current *recommendation* could be made stronger,
though.)

Bodo

v2.20.0 | Report a Bug | By Email