Re: [TLS] FYI: new TLS HandshakeType allocation, from draft-ietf-perc-srtp-ekt-diet

"Salz, Rich" <rsalz@akamai.com> Mon, 09 September 2019 15:07 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1330A12080F for <tls@ietfa.amsl.com>; Mon, 9 Sep 2019 08:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IklWIbpDnl-s for <tls@ietfa.amsl.com>; Mon, 9 Sep 2019 08:07:04 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05E6112080E for <tls@ietf.org>; Mon, 9 Sep 2019 08:07:03 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x89F6koi021594; Mon, 9 Sep 2019 16:06:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=vUwQQO/ti6ErQy2YHtzfykmCnbanzxlbFjx9lO9+bL4=; b=ERUZCe7PZl43ukVjoku4/+sG9p9oQ/LB2755WO8ICVWxwHNiN+E/p6BBZIEx4oMPV7pH 9hkYQZjJVW7fdZpS6m/ImH/xM+TYgZUHUVcvVwje1QyFV0mH1Zl+OUxdQTHBPZUA28O6 3e/AiTchReEfSV4e+76x26POd+VSAiK0edTTQIYzMOIJdz+2zm6FC61P9IjXseVP7rez NMpwpel6xSHIzZA8oKnSednFRoMpS3veeyhGh90qqA9j+77Yf9xQDQMis8USlLvPvL+g zEuEH9oftA/QP7gLtjzlUDbhlrycTTFyJs6P72xqSbTWgwluVD+vlo9GeH0tH0EnKY1Z SQ==
Received: from prod-mail-ppoint4 (prod-mail-ppoint4.akamai.com [96.6.114.87] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2uv1mda76p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Sep 2019 16:06:55 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x89F3JtK014913; Mon, 9 Sep 2019 11:06:54 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint4.akamai.com with ESMTP id 2uv7w0x9a4-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 09 Sep 2019 11:06:53 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Sep 2019 11:06:22 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Mon, 9 Sep 2019 11:06:22 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] FYI: new TLS HandshakeType allocation, from draft-ietf-perc-srtp-ekt-diet
Thread-Index: AQHVX4GzfVR7bKgCNkaZztWd2sWadqcUmFYAgAMuEICAC7rdgA==
Date: Mon, 9 Sep 2019 15:06:21 +0000
Message-ID: <0C801A3E-9166-4CA0-BD88-2390A0A7387D@akamai.com>
References: <20190830222401.GR84368@kduck.mit.edu> <948a07a6-87b1-9f91-d0a6-fa83a7a25e3d@cs.tcd.ie> <20190901235840.GN27269@kduck.mit.edu>
In-Reply-To: <20190901235840.GN27269@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190830
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.37.156]
Content-Type: text/plain; charset="utf-8"
Content-ID: <0393CE610FDA6F41A2DC693D67F377EF@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-09_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=833 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1909090154
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-09_06:2019-09-09,2019-09-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 impostorscore=0 mlxscore=0 spamscore=0 mlxlogscore=810 priorityscore=1501 bulkscore=0 lowpriorityscore=0 suspectscore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1909090155
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SHWdGwu1hWLEMvj_9n0uhXtTZMw>
Subject: Re: [TLS] FYI: new TLS HandshakeType allocation, from draft-ietf-perc-srtp-ekt-diet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 15:07:06 -0000

>    My crystal ball went missing, but I kind of expect lots of pitchforks if
    the security ADs tried to insist on formal analysis of any TLS extension,
    especially ones produced from non-security-area groups.
 

But it seems entirely reasonable for the Sec AD's to require that the security considerations mention that this has not had the extensive analysis that TLS 1.3 received.  Many people, not seeing that sentence, will conclude that this is just as good as straight TLS 1.3, which we don't know.