Re: [TLS] Consensus Call on MTI Algorithms

Dave Garrett <> Thu, 02 April 2015 20:12 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 7AF901A0366 for <>; Thu, 2 Apr 2015 13:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ak6WWipkjLX3 for <>; Thu, 2 Apr 2015 13:12:39 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A77981A065C for <>; Thu, 2 Apr 2015 13:12:38 -0700 (PDT)
Received: by qgeb100 with SMTP id b100so38347444qge.3 for <>; Thu, 02 Apr 2015 13:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=8YZW2tNwovo019gfBscyUenqCqtJydkZfyX4tzSC5aI=; b=lujqKZGPP4ohgsTUaBYOlm0l+bcF8rtxMrQa4PSnrhnvXEfxNJOBSHc77DyCKJGjUF vBghlSZGTswPIJOW/Hq9hxYyiTpcsQFhw5bqAjY0VUzCDlZlTHxbbP4eUI/mFidzYTJI zq3VgUADsfCgV4838O+UNDbtiKvgv+VJChv+JkDNVdAmyhaBeyWuoJNHL5p5y3issSdH P5RjSzvS2C2Wwtvrr2SD2W3miLowL1zLsOtRb1JdsbZcDtImUG6+ItREQOK/CcuEi+KX KQPMJx5REfB8eIYlVLSE9OXltXCGCjptB37f3yjCn9jtdcvDxyCmU64rGcbFQcUjZ3W2 IA0A==
X-Received: by with SMTP id 145mr12376868qhw.100.1428005557939; Thu, 02 Apr 2015 13:12:37 -0700 (PDT)
Received: from dave-laptop.localnet ( []) by with ESMTPSA id x10sm4192687qha.2.2015. (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 02 Apr 2015 13:12:37 -0700 (PDT)
From: Dave Garrett <>
Date: Thu, 02 Apr 2015 16:12:35 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-73-generic-pae; KDE/4.4.5; i686; ; )
References: <> <> <20150402194417.GJ10960@localhost>
In-Reply-To: <20150402194417.GJ10960@localhost>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <>
Archived-At: <>
Subject: Re: [TLS] Consensus Call on MTI Algorithms
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Apr 2015 20:12:40 -0000

On Thursday, April 02, 2015 03:44:18 pm Nico Williams wrote:
> The answers don't really matter.  Suppose that you are implementing such
> a library, you don't implement the required algorithms, and that you
> call the result something like YoavTLS, or FooLangTLS ("TLS for the Foo
> programming language").  Will the IETF police drag you to the IETF jail
> for doing that?  No.

Fortunately for you, the IETF police are only armed with water balloons made out of an over-engineered rubber that doesn't break on impact, and whilst the IETF jail was agreed to be on an island in the middle of nowhere that nobody can really get to, it has never been constructed because they've been arguing over the color to paint the roof for the past 30 years. :p

Serious answer: Just write a separate IoT TLS spec that just contains modifications for whatever isn't viable because you're creating a system not designed to necessarily interoperate with the general Internet. General TLS implementations could implement it as well, or not, depending on needs.