Re: [TLS] RFC8447bis
Eric Rescorla <ekr@rtfm.com> Wed, 18 August 2021 01:32 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E3CF3A1C74 for <tls@ietfa.amsl.com>; Tue, 17 Aug 2021 18:32:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BNwiNVJPS8lh for <tls@ietfa.amsl.com>; Tue, 17 Aug 2021 18:32:29 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C98B73A1C75 for <tls@ietf.org>; Tue, 17 Aug 2021 18:32:29 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id i7so651719iow.1 for <tls@ietf.org>; Tue, 17 Aug 2021 18:32:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vazy7aNHD0YLIsk62PPYlrxoQ0BFp0XGtWMysiVqkGk=; b=0bbWkj84btsQr3cgpQFZ2sTJ5vhI8XfxIVIBEtIepVG2ICIgF3CSxnXZuGHzBejMhG WZaV0bT0GDCGYgr7xSVO/z2JjYQkBtN0N8bl90FsYyTPEst0l/e5HH9DHSHrgeqgqICb vBEA0M2OA4zukRCSHaz76j+ZyVZ4Hl/2uaOSizWRskW6malLBgr2O3o0lzbFOHGdJdn7 16d936+LgQ6wKrEVWGkNsDBmQVK25QqeIZx8hOcy5c97V0f8kgwvoKHYDvtf1vBThU9r TUk6o26PBAoIiuuFePTyKJdyYc4XG6f9+nHT7kOBrWq3coaL8UVbpWRx46Vxar2Tb5br qcPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vazy7aNHD0YLIsk62PPYlrxoQ0BFp0XGtWMysiVqkGk=; b=B2gOBCxo1wSoYJ8DyjkEQlgJfMyfRpDhT89PlEfCAufoBsLZhLFKd/Ral/Q3K83oon 3A4jTjsz6UmXLeYtYM4A1lWOSLLrCuAVzSoW7c+gXC3a/yBdul+/Ty/G8DhCaxBypPe8 DTGN3/P02MRci4NiKtyuD9+c3mZcB7YNLiEFXSbrRU6HZNSqiEWmwx02BBPtTSWFVzZ6 MSPMb5Qa1M/KXMm54+QoTJvPRg3RyjaDfy/ZJ7uxZE5h96IQBbeMfr0HFy58MjC1bBUF GQsYWdQm/68aJ8z/ix8zJHq3kbBjl3gSd0B3eIwUIv5ctXhrnXBh4sLP5UyNEXri72pD 66Ug==
X-Gm-Message-State: AOAM531T5tHugBl19fPerxesxvrxO4VcEl/TlrEDXpfJwCARSL30Jpjw 4nMQrwuULK5Rj7L2uiyEbqnpGnTVFxkPjUd+KqE53PDGr4he+w==
X-Google-Smtp-Source: ABdhPJzqCsqXhdyLHz8Y/n5Nme77X+w1D3vhcP8SsX2lmLH600fxmo+KsK1iYN9gK75ag+HOrzWM9w51LhRigpUEXsc=
X-Received: by 2002:a6b:b512:: with SMTP id e18mr5300640iof.98.1629250348327; Tue, 17 Aug 2021 18:32:28 -0700 (PDT)
MIME-Version: 1.0
References: <b2a65504-4d9b-40bd-b0bb-3b2fa5d37f26@www.fastmail.com> <03560d15-6b48-435b-a509-7cbebce153b9@www.fastmail.com>
In-Reply-To: <03560d15-6b48-435b-a509-7cbebce153b9@www.fastmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 17 Aug 2021 18:31:52 -0700
Message-ID: <CABcZeBM83hzic8CZVzna45MmBMEPp4e3FLLRi+qkT16KbMcUrw@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004337f605c9cb68ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/U4nCHL0R3evKrQ6DMh62-bIHEhk>
Subject: Re: [TLS] RFC8447bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 01:32:35 -0000
On Tue, Aug 17, 2021 at 5:09 PM Martin Thomson <mt@lowentropy.net> wrote: > I don't think that this approach is the best we could do. > > Experiments, particularly large-scale ones, turn into deployments. > Consequently the difference between "an experiment" and "a standard" is the > date at which you look. See also RFC 6648. > > In that light, why not use the entire unassigned space for experiments? A > registry policy that allowed allocations for experiments, but marked those > entries as temporary (the word "provisional" is usual here) would suffice. > Reclaiming these codepoints might be more challenging than the draft makes > out; the expiration time you have in the draft is fine, though I expect > that any dates will be roundly ignored if code is still shipping. > > The point of a registry is to avoid collisions and the interoperability > failures that follow. So I would also add that all new allocations > (experiment or otherwise) should draw from the unassigned space at random, > rather than sequentially. That should minimize collisions up until the > point where we have exhausted the space. > > I would also prefer to have no space reserved for private use (though a > very small space is tolerable). > > (It shouldn't be a surprise, but I'm advocating for the same general > approach that QUIC took.) > I agree with the bit about the unified space. I'm a bit less sure about randomly versus sequentially, but I could go either way. IIRC the QUIC thing leaned somewhat on the space being very big. -Ekr > On Wed, Aug 18, 2021, at 09:34, Christopher Wood wrote: > > Hi folks, > > > > Based on discussing regarding draft-ietf-tls-hybrid-design during IETF > > 111, it became clear that we need some mechanism to deal with > > temporary, experimental codepoints for testing out new features. To > > that end, Sean and Joe recently published this draft: > > > > https://datatracker.ietf.org/doc/html/draft-salowey-tls-rfc8447bis-00 > > > > This document obsoletes RFC8447 and updates a number of other relevant > > documents. The main changes in this document are: > > > > - Experimental codepoint policy and process > > ( > https://datatracker.ietf.org/doc/html/draft-salowey-tls-rfc8447bis-00#section-17 > ) > > - Updated Recommended registry values > > ( > https://datatracker.ietf.org/doc/html/draft-salowey-tls-rfc8447bis-00#section-5 > ) > > > > Please review the document, especially if you have thoughts about the > > experimental policy. Assuming there are no major objections, I'd like > > to propose that we proceed with the proposal to get things started. > > > > Thanks, > > Chris > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] RFC8447bis Christopher Wood
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Eric Rescorla
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Salz, Rich
- Re: [TLS] RFC8447bis Sean Turner
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis Salz, Rich
- Re: [TLS] RFC8447bis Martin Thomson
- Re: [TLS] RFC8447bis David Benjamin
- Re: [TLS] RFC8447bis John Mattsson
- Re: [TLS] RFC8447bis Eric Rescorla