Re: [TLS] A la carte handshake negotiation

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 13 June 2015 21:44 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36F61B2A42 for <tls@ietfa.amsl.com>; Sat, 13 Jun 2015 14:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rD025wbDrIv for <tls@ietfa.amsl.com>; Sat, 13 Jun 2015 14:44:53 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A6EC1B2A3E for <tls@ietf.org>; Sat, 13 Jun 2015 14:44:53 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 3A7B8284B64; Sat, 13 Jun 2015 21:44:46 +0000 (UTC)
Date: Sat, 13 Jun 2015 21:44:46 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150613214445.GL2050@mournblade.imrryr.org>
References: <201506111558.21577.davemgarrett@gmail.com> <CAF8qwaCAvsrcb6UbcG67XdpFwsL2T-76ZwySbzS5O0Qd0ReLSQ@mail.gmail.com> <201506131459.31745.davemgarrett@gmail.com> <1ee9bd7cd68d4583aaa0415020825ada@ustx2ex-dag1mb2.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1ee9bd7cd68d4583aaa0415020825ada@ustx2ex-dag1mb2.msg.corp.akamai.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WZp8-FcWtk-3Hes3Vdl9-8FJFWo>
Subject: Re: [TLS] A la carte handshake negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2015 21:44:54 -0000

On Sat, Jun 13, 2015 at 08:43:18PM +0000, Salz, Rich wrote:

> > It wouldn't be quite as simple as you propose, though, because we'd
> > definitely have to add a new way to declare anon or PSK support via
> > extensions, but that's doable.
> 
> Or we don't support those features in 1.3.  Something we should think about?

I don't see any reason to kill them they don't add to the combinatorial
bloat of the client HELLO.  Most clients won't offer either in the
handshake, but those that need them, benefit from having a protocol
definition for them.  Especially if these are negotiated separately
from the bulk cipher-suite, they are easy to support.

-- 
	Viktor.