[TLS] Editorial process

Eric Rescorla <ekr@rtfm.com> Tue, 25 November 2014 22:39 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 572A01A1A64 for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 14:39:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASEFqLGUFMGL for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 14:39:32 -0800 (PST)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27C331A7013 for <tls@ietf.org>; Tue, 25 Nov 2014 14:39:32 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id l15so10704349wiw.8 for <tls@ietf.org>; Tue, 25 Nov 2014 14:39:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=/0171qWgOhmK8KmNaquP0oyYKmWrw2BlEY6vtP8ryD4=; b=hxfuuSe7Yc9DhUne3Vl5fQPkiph7aHxNi0Du4FQsOoKyiilPaTBhFJ48fNWXR6+vj4 GVue2XssJjMcjGzSRymQFCfPaE6JaJKu157OQhtkAxQ5WYIkrtM7LUzCXt6YXHgrSJ3R NfeJMwrjx28TqdjI/xXozl+Mj2ouXNg0N0ddy98kWonp5lJBWsF/RsjbZ+hYZoAvVLPi WfJo3Fpszh78Oe9QBCQoXLDNhap5Ggi9Tg7dtgYh4TKfvNRsa8fwAXh8b5sAGkfKR+8V s45Jm8TN8d1bk8AD5JfQ/rBQCsR8y1KwcfYcyDN1n2eGQYY002/tAAVcb7b83STVSbTP TmxQ==
X-Gm-Message-State: ALoCoQly8UqLcX24B0JK8JcRwGTzRmaVWcpN/Yngp2CCwFpWazNnA92d82cJ5MpqgDVOaSBuj2eg
X-Received: by 10.194.85.197 with SMTP id j5mr40568564wjz.106.1416955170914; Tue, 25 Nov 2014 14:39:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.27.130.34 with HTTP; Tue, 25 Nov 2014 14:38:50 -0800 (PST)
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 25 Nov 2014 14:38:50 -0800
Message-ID: <CABcZeBOA5f6jQ9SBMHKfGGExBRdZQWgUqpPxi-Vo5ovG_QU-gQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e0103eecaa01c730508b6957d"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OzeOkXFQElutPk8_xhRDeqc879M
Subject: [TLS] Editorial process
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 22:39:34 -0000

[Starting a new thread to change topics]

On Tue, Nov 25, 2014 at 2:19 PM, Watson Ladd <watsonbladd@gmail.com> wrote
>
> ... The current proposal has two distinct client auth mechanisms, one in
> the handshake and the other in update.
>
> Making sure the actual proposal is in the draft, and not spread out across
> pull requests would make life a lot easier for analyzing the protocol.
>
A few notes on the process here from my perspective:

The way I think about this is that there is a current proposal which is
what's
in Github and then people (whether me or someone else) suggest changes.
These changes go in Pull Requests so that the WG can see what exactly
is being proposed and then if the WG is happy, those PRs get merged
into the main document. Obviously, no process is perfect, but my experience
and my read of the experience with HTTP is that this is better than the
alternatives, which mostly involve big document revisions and then
comments on the whole document [0].

With regard to the specific question of client auth, the state is as
follows:
The existing document (i.e., the I-D and the version in git master) contains
a single client auth mechanism in the handshake. We have a proposal to
remove that and instead have client auth in an Update [1]. The intention is
that
we would only have one client authentication mechanism.

FWIW, I recognize that there are a lot of PRs outstanding right now and it
can be confusing. I plan on merging a number of them in over the next week
or two.

Best,
-Ekr


[0] Note that it's easy to get git/github to give you the state of the
document
as a whole after a PR is merged.

[1] The PR in question doesn't do that, but that's because I was asked to
do an initial treatment to see if people liked it and s I tried to do the
minimum
to accomplish that.