Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 20 March 2016 06:36 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549D912D565 for <tls@ietfa.amsl.com>; Sat, 19 Mar 2016 23:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPG7qoV9sdcp for <tls@ietfa.amsl.com>; Sat, 19 Mar 2016 23:36:12 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5AC912D54D for <tls@ietf.org>; Sat, 19 Mar 2016 23:36:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1458455771; x=1489991771; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=hldbE4Nvz4I9RmC85tUIgtrtdBRcv743CZuZklynAZU=; b=F0Jz2D4Cij7LB5ouywgrsywCsdTTsffuov+3R8JtTOkJSA0kHR+LHriS mRHaEi5Tk5iafkO9q4V2nqAWipDfn2VKWFIk99KDn+57B3lDF6cubRlNo HCvwQEC2w3pNhRgN5Rv7u/h0xSzczM6po8m68I/xB/0l9Xkg2L1zuwUqn 4hA64vxowEP2ZyXwFMsyedPhFOnDOmawZmRnh14rRMQW/Yg86/1SdOWNY 1XKGIZfThui+Q/6c36LwzpZBmUFv7fbtR1e4+UcEbm+hYhFQDnrDCOF1R tNi91/sZ57+cSEc5rYnDPQ71GuYnZGhftPO8pxNovPH/a8AjTW6zNDD37 Q==;
X-IronPort-AV: E=Sophos;i="5.24,364,1454929200"; d="scan'208";a="75286120"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 20 Mar 2016 19:36:09 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.241]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Sun, 20 Mar 2016 19:36:09 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Dave Garrett <davemgarrett@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS 1.2 Long-term Support Profile draft posted
Thread-Index: AdF/gGiJXC2ZI/lER3iVToFYg5p2egCSfaaAACoKC6o=
Date: Sun, 20 Mar 2016 06:36:09 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4C27783@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4C2374E@uxcn10-tdc05.UoA.auckland.ac.nz>, <201603191930.35445.davemgarrett@gmail.com>
In-Reply-To: <201603191930.35445.davemgarrett@gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.2.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OkCiAhpv2G8t4zMzD7PI1vsqCY0>
Subject: Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2016 06:36:16 -0000
Dave Garrett <davemgarrett@gmail.com> writes: >It would be a lot simpler, safer, and interoperable to just mandate use of >the Extended Master Secret Extension [RFC 7627]. > >https://tools.ietf.org/html/rfc7627 Yeah, in hindsight it makes more sense, I'll update the draft, although the update may not get in before the IETF freeze. I was trying to avoid having to run two parallel hashing operations throughout the handshake (the other one being for the Finished message), but EMS is just a much more comprehensive solution (like EtM, it's one of those things where you think "why wasn't this added to TLS years ago") even if it means running two lots of hashing. The other update is to clean up the wording around which extensions TLS-LTS implies, replacing the current wording scattered all over the draft. Peter.
- [TLS] TLS 1.2 Long-term Support Profile draft pos… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Wan-Teh Chang
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Sven Schäge
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Ilari Liusvaara
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Eric Rescorla
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… D. J. Bernstein
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Salz, Rich
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Yoav Nir
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Henrick Hellström
- [TLS] TLS 1.2 Long-term Support Profile vs HTTP/2… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Martin Thomson
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Yoav Nir