Re: [TLS] TLS DNSSEC chain consensus text, please speak up...

Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 18 May 2018 01:25 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB59126CD8 for <tls@ietfa.amsl.com>; Thu, 17 May 2018 18:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.599, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTQyOMMKYs5s for <tls@ietfa.amsl.com>; Thu, 17 May 2018 18:25:09 -0700 (PDT)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 562DD126CD6 for <tls@ietf.org>; Thu, 17 May 2018 18:25:09 -0700 (PDT)
Received: from [216.82.249.212] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-14.bemta-12.messagelabs.com id 6D/75-07800-37B2EFA5; Fri, 18 May 2018 01:25:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa0xbVRzAe+697b1D7rxcXn8JLNpoMiAQ8JF g/KJ+UDSZcYkLsWLcLdzRhj7w3g5rgpOBoimVV6gT4mBKAwFZcLWYbdkGKwxCR2iowSHzEQLE CFomDxnP2NtTpnw5+Z3/7/845+ZchuQ/oVMY0W4TJYtg0mpiqOlHvf1ZUuaeLmekKydv+Ws3y lueCRJ5KwEHep7Md7s3ifyNNiI/9KWLfp3UqY0WvdV+Um3wdDiJMm8jsrctjqsrUeOnyIFiGI pzkvDPlWW1suG5BgIaWq5p8OY3BOuOPsKBDjEaLgd+vD4a4YQwr8xX0w7EMCT3Ivgr31TC8dx LUD/wEYVTXoZh5zkasw5CQ8NqhSnuCfj+9wVSKWW5QghdOKWEee4OCWuTssKHuOPg/WWKVBhx SbDh741MJblkmJlvjzBwCTA7eVuDORH+mNtT4/xCOL/qi8a1MH63ksKcBsH22siFgfMS4OkdQ FhkwT2Xi8RiEEGVe5XGIgM+dv0VnVYKLRv31ZjfgtFzddEJR6Dns1kKF18noaV/OlqcCoP1Vd GulzRw3rNE43sWQ3OPT4PFHILenU26AWW2/u9+rWFHcu0I+iachCJYLg7GWuap1sjn1sHPk4U 4PwNcFxcpzJnQ+dUSiVPSYeQH7cGwws/BF1s3NZgfg+baWRrzM7B06290AT3Ug47KolQuSlm5 edl6yVhisJkFoykrN/fJbLMoy0KJaBL0cnaR1exB4Yf4oUqFLqOms6/60CMMoU1k6/a2dfxhv bX4fYMgG96RTptE2YdSGUYL7OGMPR0fJ4klov2U0RR+zfsamFhtAjuUHtasXCaYZWMJVn70LL PjbXKSjG+5ObxOKCtPWawWMSWZfVjpxykFhtOWB+32/48gSkuJZ5FKpeJjy0TJbLQd9IsomUH aePY9pUus0WJ7MHUxfCAifCA0uK0cyCb8p1Iqkd33xpnP+6p3S+srjgSOX52riUv/7tg3fvnP 1ad/mnjXySchc3HT2Fiw9spTyB2v3/V+sEB7riWudfXemxtYfyH0yvTFioJt/dTIzNKdopGYI e/bW9bumsAx/9FvZ+uaOwsSL2WeKe+gh9qqujtu/Ho3EDgZetwjnyidcKwGXxN4i5aSDUJuBi nJwr9MXMP0GgQAAA==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-8.tower-219.messagelabs.com!1526606706!188224588!1
X-Originating-IP: [216.32.180.181]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 22212 invoked from network); 18 May 2018 01:25:06 -0000
Received: from mail-bn3nam01lp0181.outbound.protection.outlook.com (HELO NAM01-BN3-obe.outbound.protection.outlook.com) (216.32.180.181) by server-8.tower-219.messagelabs.com with AES256-SHA256 encrypted SMTP; 18 May 2018 01:25:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=shS3/5+ZPgh2NL/Qbuil87y2CjC2BQ0W9ytgiVd6zZs=; b=pbwZtEqieC2Klp/NyHieyGgFP24fftybaCokJiEbluaVQtiR1hUQrql7hswRSXDeDDd+ZP3sviowRNF02bye5Qj1IAWwD4VN0Ym9B2FCy/wv1IUKG554yCAs3S60xqONxLCMrcmsmI1T7LnDyJJKas3blwHeivXDSVUadr/eKuo=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1283.namprd14.prod.outlook.com (10.173.162.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.776.11; Fri, 18 May 2018 01:25:05 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e%3]) with mapi id 15.20.0776.010; Fri, 18 May 2018 01:25:04 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Melinda Shore <melinda.shore@nomountain.net>
CC: Paul Wouters <paul@nohats.ca>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] TLS DNSSEC chain consensus text, please speak up...
Thread-Index: AQHT7QmbIQKQEvxNFUCQ6qh7cVr1J6Qyc2kAgAB6y8uAAamNkIAACXCAgAAAiyCAABEegIAAAMYg
Date: Fri, 18 May 2018 01:25:04 +0000
Message-ID: <BN6PR14MB11063B329255CB79DBDE8AD983900@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <CADyc_gYyyOiBPTMvfm4EkmN3z+8QjzC6WGjzXeEmnXGgKiP_qA@mail.gmail.com> <CAPt1N1kv2S+0ZfdXR4DKJphC4O7xruNdB-rGEBO=N8PzwnSucQ@mail.gmail.com> <m3tvr7450c.fsf@carbon.jhcloos.org> <BN6PR14MB11065C19155D61983D1954C283910@BN6PR14MB1106.namprd14.prod.outlook.com> <AA4DAC01-24D2-4D42-8C70-43ED07771FD3@nohats.ca> <BN6PR14MB110695743BBD593CE5DA75C083900@BN6PR14MB1106.namprd14.prod.outlook.com> <CAO+QQRFYO0747SmzF2wvYzjKNYQsDtzKWbVHo9g8-_nGA+8MbQ@mail.gmail.com>
In-Reply-To: <CAO+QQRFYO0747SmzF2wvYzjKNYQsDtzKWbVHo9g8-_nGA+8MbQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [173.71.184.143]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1283; 7:pJvBdeqhUm6sYnKfdzdwEBxq0KeAE0j15+mw1rSRMjYHJXtF1gphJWkxZYw8Vo8z9p+obIWdrccWsi8hMBybKQa0IHv6s5jWorwF+mORsMXylr4+C7XIR9ukd2KjSYv0xbj8CPRhZISkOCOIxL0Y54xty0fpoflMivIMVd+ITV/KC6kUrUDcWGoc5Repz8qQvgaOa8byrxtm753GlAnsNYehRx7gOd6WXxexvZ1rmOEOZrR2ik/ccem48Lw9+iFL
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1283;
x-ms-traffictypediagnostic: BN6PR14MB1283:
x-microsoft-antispam-prvs: <BN6PR14MB128342F73D25B96938158D3A83900@BN6PR14MB1283.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(100405760836317)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(149027)(150027)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:BN6PR14MB1283; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1283;
x-forefront-prvs: 0676F530A9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39860400002)(39380400002)(366004)(199004)(189003)(14454004)(66066001)(186003)(59450400001)(6506007)(99936001)(478600001)(54906003)(606006)(2900100001)(5660300001)(6246003)(6916009)(68736007)(74316002)(2906002)(9686003)(33656002)(97736004)(486006)(966005)(55016002)(316002)(76176011)(99286004)(3280700002)(3660700001)(3846002)(6306002)(7696005)(54896002)(102836004)(6116002)(236005)(790700001)(26005)(53936002)(53546011)(229853002)(7736002)(44832011)(446003)(6436002)(105586002)(25786009)(8936002)(93886005)(11346002)(86362001)(4326008)(5250100002)(8676002)(81166006)(106356001)(476003)(81156014)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1283; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ozbH2jkGZs82WnVfyYu+R4AExTZ9puTU4Yh010NE2qqh+i3rkXu0L3jFgVf08sDEYblrdy9pTBNtXvvxAo3m1afbLK3VEbjknN4f5LnL722gZjBhAqludQ/sWdlOWJJ7ydGJQcPGhQFr/Z6Y7k/9q20E2vZbLSlgllycJ7sO4HdwFFp+G+5qem2Am9L0pmMO
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0BF2_01D3EE25.848585A0"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 3bb44c94-a4c2-4c00-9ec7-08d5bc5e2f50
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3bb44c94-a4c2-4c00-9ec7-08d5bc5e2f50
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2018 01:25:04.7631 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1283
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VIEOHhtbVzrU5-gBw9kkHJq3evg>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 01:25:12 -0000

I think there’s room for two people in front of the steamroller.  And I have a towel.  How many votes does that get me?

 

-Tim

 

From: Melinda Shore [mailto:melinda.shore@nomountain.net] 
Sent: Thursday, May 17, 2018 9:21 PM
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Paul Wouters <paul@nohats.ca>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...

 

And to be clear, it's not that nobody is going to implement the extension (it's already been done in an IETF hackathon and elsewhere), the work on the extension was funded by Mozilla, and there's been an outstanding request for this in Bugzilla.  What's not being implemented is the proposed changes.

 

But, it's clear that those guys don't intend to compromise and we're going to be deadlocked pretty much forever unless someone does something.  That's not going to be Viktor and it's not going to be the chairs, so I guess it's me.  

 

Melinda

 

On Thu, May 17, 2018, 16:20 Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote:

I’m actually fine with that.  You have to consider P_{extension implemented and used}.

 

Different people will disagree about the value of P.

 

-Tim

 

From: Paul Wouters [mailto:paul@nohats.ca <mailto:paul@nohats.ca> ] 
Sent: Thursday, May 17, 2018 8:18 PM
To: Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> >
Cc: James Cloos <cloos@jhcloos.com <mailto:cloos@jhcloos.com> >; Ted Lemon <mellon@fugue.com <mailto:mellon@fugue.com> >; <tls@ietf.org <mailto:tls@ietf.org> > <tls@ietf.org <mailto:tls@ietf.org> >
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...

 

 

On May 17, 2018, at 19:44, Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote:

Making things more complicated with no obvious benefit just makes things
more complicated.

I oppose adding two bytes for some nebulous future purpose.

 

The consequence of this opinion would be this:

 

https://tools.ietf.org/html/draft-asmithee-tls-dnssec-downprot-00

 

Which is a lot of complexity for one TLS extension to define the behaviour of another TLS extension. And it still adds two bytes in the 2nd extension.

 

So if you believe more simplicity is better, then you made the wrong choice.

 

 

Paul

_______________________________________________
TLS mailing list
TLS@ietf.org <mailto:TLS@ietf.org> 
https://www.ietf.org/mailman/listinfo/tls