Re: [TLS] New drafts: adding input to the TLS master secret

[Dean Anderson <dean@av8.com>]

On Fri, 29 Jan 2010, Paul Hoffman wrote:

> The first document changes the TLS/DTLS master secret calculation when
> there are particular kinds of extensions present. Of course, it does
> not change the calculation when those extensions are not present, and
> there are no extensions yet that would kick in the change.

Unless I misunderstand what you plan to change, te master secret
calculation is a core subject of TLS and thus the TLS Working Group
activity.

I am concerned that this is an out-of-WG framework change that
effectively alters WG standards on the master secret calculation and
impacts subsequent extensions; and that as it is outside of the WG
standards process.  Independent submissions are not allowed on WG
subject matter. It would seem to me that the RFC editor ought to reject
this independent submission because it is related to WG activity, and
amounts to an end-run around WG decision-making on master secret
calculation and how TLS extensions affect core facilities. Merely
bringing such work to the attention of the WG before independent
submission seems to be insufficient to comply with the requirement that
Working Groups decide on standards in their chartered area.

Changing the master secret calculation in a nonstandard way is a
proprietary change.  The WG gives approval by accepting the document,
reviewing it, and deciding on it. Saying "Hey WG, look at this" isn't
sufficient.  Putting an "RFC"  imprimatur on your change via independent
submission doesn't alter the fact of WG non-standardization, but merely
confuses both implementers and the public, and constrains WG decisions
in the future. But of course, that's why the RFC editor is supposed to
reject independent submissions that overlap WG work.

		--Dean




-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494