Re: [TLS] [tls13-spec] relax certificate_list ordering requirements to match current practice (#169)

"Salz, Rich" <rsalz@akamai.com> Mon, 11 May 2015 18:20 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B32D11ACE95 for <tls@ietfa.amsl.com>; Mon, 11 May 2015 11:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.511
X-Spam-Level:
X-Spam-Status: No, score=-1.511 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sCACSVAM1VFR for <tls@ietfa.amsl.com>; Mon, 11 May 2015 11:20:55 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 2AF991ACE6B for <tls@ietf.org>; Mon, 11 May 2015 11:20:55 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 044812857A for <tls@ietf.org>; Mon, 11 May 2015 18:20:54 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id E330528532 for <tls@ietf.org>; Mon, 11 May 2015 18:20:53 +0000 (GMT)
Received: from email.msg.corp.akamai.com (ustx2ex-cas4.msg.corp.akamai.com [172.27.25.33]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id BE0DA202F for <tls@ietf.org>; Mon, 11 May 2015 18:20:53 +0000 (GMT)
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Mon, 11 May 2015 13:20:53 -0500
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1076.000; Mon, 11 May 2015 13:20:53 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Thread-Topic: [tls13-spec] relax certificate_list ordering requirements to match current practice (#169)
Thread-Index: AQHQieY/gmukibBgKEmnwP9D0xEiS513auKA//+u2OA=
Date: Mon, 11 May 2015 18:20:52 +0000
Message-ID: <8425a2f40ddc46ac91aca136a955fc53@ustx2ex-dag1mb4.msg.corp.akamai.com>
References: <tlswg/tls13-spec/pull/169@github.com> <tlswg/tls13-spec/pull/169/c101001652@github.com>
In-Reply-To: <tlswg/tls13-spec/pull/169/c101001652@github.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.44.48]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RL9YUMRVWeOrYgNYB8g8bpGmvxw>
Subject: Re: [TLS] [tls13-spec] relax certificate_list ordering requirements to match current practice (#169)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2015 18:20:56 -0000

> If you'd like to explain how formally documenting existing behavior (that we are not otherwise proposing be changed) will somehow reduce interoperability further, then please do so on the mailing list.

Okay, I'll try.

We already have non-compliant behavior, even though the spec is pretty clear and some implementations rely on compliance with that spec. And nobody has said that it's a BAD requirement, just that it's not universally implemented.

Sliding back from the current requirement seems like it will only add to the wiggle room and allow even more aberrant behavior.  The collapse of Western civilization, dogs and cats sleeping together, etc.  Okay, perhaps I exaggerate.

Rather than giving up, we should be spending any effort to get compliance.