IETF Logo Mail Archive

Re: [TLS] AD Review of draft-ietf-tls-tls13

Yoav Nir <ynir.ietf@gmail.com> Mon, 22 May 2017 17:45 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3151124E15 for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99Ks9F1IYec2 for <tls@ietfa.amsl.com>; Mon, 22 May 2017 10:45:47 -0700 (PDT)
Received: from mail-wr0-x241.google.com (mail-wr0-x241.google.com [IPv6:2a00:1450:400c:c0c::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4F4912009C for <tls@ietf.org>; Mon, 22 May 2017 10:45:46 -0700 (PDT)
Received: by mail-wr0-x241.google.com with SMTP id w50so7693882wrc.0 for <tls@ietf.org>; Mon, 22 May 2017 10:45:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=yV8Yqa1DB1oFXn5EhqAtOrQkb15qc3fysSvTk/jpeqo=; b=f/AfdiD4OX/bwGidndhR+3OUlP7bQa2nRqF/YOKaNi9URIMmcKQQ/gTY6ms9z3rZB0 6cUyNDQgDDhMoyxvRI/PldePYdh1oLCGyiLPv2cb3AMkul0Kb5oI4zOnXFcVRyd+IxRn PeHht0tmB2+KrqIPe4o2jS5NYGS4kkwQKLdwisXq9k+zYPYGyxI9m+YcicEFb3h661/f XIagiZFa7Ba4dBIaYqGbe86EIM/T8fW1/53SRTzvemDteJHehoWTVlZep7Hc67YrkdTj 3MF33tHPfqVQmuF7q1qEfxRwqH38n+BogcXGM3wQPoDHGbR/TLS/xsMaFX8G9deEhVdv RV7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=yV8Yqa1DB1oFXn5EhqAtOrQkb15qc3fysSvTk/jpeqo=; b=DiDONfI/rLtuRO8r+Tw+7obUByz7+5Hu9hfj4XiIi/kskKwyZUC73EbBcjK6GD/qEo 6XGmNV7sD1aQ6eVcmDQpRJCYLKLSrSWv0nILuQS4HBFED7ql/ItHo4dOCz0fvRHsRwXl yLItDu6ke7tAMQ67nzU3+a/oXhh2TgTDP1cZHFBXUeUndHBMApbCu/tGvBAIHA4Ec/s5 zgCTMKDM+aqa8nZfb1GyoZ/tGgyWRK+ltP1RbQBrZNY3nngtWYZXNo8N5tYWF/wUWqY4 kjJYVgwZNe8xk+RLOTL1MTXvpLe/YSQJY8g9YFkaDudlPLmOHA+5iSUZf9Qc4Tu7JMfW Yb9w==
X-Gm-Message-State: AODbwcAwlcvLnNF7CpeBLfR4mFiJnhywJb6Dz+oaDFgBiJ/V1lMTwcf3 nqiF7h2DC8DWDg==
X-Received: by 10.223.179.199 with SMTP id x7mr13740153wrd.72.1495475145290; Mon, 22 May 2017 10:45:45 -0700 (PDT)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id 137sm19699979wmi.19.2017.05.22.10.45.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 May 2017 10:45:44 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <2120907F-7488-46DA-B5BA-76A89A2E6236@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_97085B6D-9C66-49EE-A0DF-5A5DAE856F8E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 22 May 2017 20:45:41 +0300
In-Reply-To: <89704888-5f4d-0021-74cb-4cea28c773bd@akamai.com>
Cc: TLS WG <tls@ietf.org>, Viktor Dukhovni <ietf-dane@dukhovni.org>
To: Benjamin Kaduk <bkaduk@akamai.com>
References: <CAPZZOTgizE2n06V9wEtARFCXB7FP_eikW-K1k67bZG11kNhSAw@mail.gmail.com> <44AED5C2-B21C-442A-8412-9134D1C10BCD@dukhovni.org> <201705192143.19490.davemgarrett@gmail.com> <20170520054117.GM10188@localhost> <80AB5C55-41BA-471E-A55A-86E98299B652@dukhovni.org> <f262447d-5bd1-68c8-dac6-ad2224733235@akamai.com> <35E448DD-7F74-4563-9707-DFAB66125FAA@dukhovni.org> <89704888-5f4d-0021-74cb-4cea28c773bd@akamai.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RB8v4bo7qiHPRIqRZW7XW8mRJfI>
Subject: Re: [TLS] AD Review of draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 17:45:49 -0000

> On 22 May 2017, at 20:27, Benjamin Kaduk <bkaduk@akamai.com> wrote:
> 
> On 05/22/2017 12:17 PM, Viktor Dukhovni wrote:
>>> On May 22, 2017, at 1:06 PM, Benjamin Kaduk <bkaduk@akamai.com> <mailto:bkaduk@akamai.com> wrote:
>>> 
>>> Given the apparent strength of opinion against removing these supposed restrictions entirely, it seems like this text (or something similar) is probably the best we can do.
>> Perhaps so, but I saw only one strong objection from Dave Garrett.  Is that
> 
> There was also some discussion when this text was originally going in, IIRC.  But I do not remember well enough to say who/how many people wanted it.

This came up in one of the F2F meetings. I believe I argued that we shouldn’t have PKIX policy in a TLS document, because if signing certificates with SHA-1 is bad, it’s bad for all users of certificates, and should be prohibited by a PKIX document, not a TLS document.

The room was against me then. So it may look now like it’s just Dave (and now Rich), there was more support for this at the time.

Yoav

v2.23.0 | Report a Bug | By Email