Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Nico Williams <nico@cryptonector.com> Fri, 31 January 2020 23:55 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 998E0120105 for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 15:55:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjpo3Nr8Rs2M for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 15:55:47 -0800 (PST)
Received: from caracal.birch.relay.mailchannels.net (caracal.birch.relay.mailchannels.net [23.83.209.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D74F120A35 for <tls@ietf.org>; Fri, 31 Jan 2020 15:55:47 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 7E0FB5A129E; Fri, 31 Jan 2020 23:55:46 +0000 (UTC)
Received: from pdx1-sub0-mail-a53.g.dreamhost.com (100-96-217-5.trex.outbound.svc.cluster.local [100.96.217.5]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 120E25A0F98; Fri, 31 Jan 2020 23:55:46 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a53.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Fri, 31 Jan 2020 23:55:46 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Shade-Trail: 66a6e63451d299a7_1580514946309_3204282637
X-MC-Loop-Signature: 1580514946308:1297215797
X-MC-Ingress-Time: 1580514946308
Received: from pdx1-sub0-mail-a53.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a53.g.dreamhost.com (Postfix) with ESMTP id 82D797F61E; Fri, 31 Jan 2020 15:55:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=z6N7DYG8y/pYX2 7t0DMCFlDu/1g=; b=g7C/BX3siZfQQfF37OCsikok/tq+Azg+HVUspIovKpjR6r AeMqHysCPHDOwmdgvSsFRfMJPhsAmnJLVnP2n9VWHQ/INkaLPZV21SSAyVSTbscJ QcWNxSd3UEU04RvfbTOsZjSf/sYXvPe3n+AGcgUOpPOKFsZjYwpLWchUzvD9g=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a53.g.dreamhost.com (Postfix) with ESMTPSA id 8F9587F61A; Fri, 31 Jan 2020 15:55:37 -0800 (PST)
Date: Fri, 31 Jan 2020 17:55:35 -0600
X-DH-BACKEND: pdx1-sub0-mail-a53
From: Nico Williams <nico@cryptonector.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: tls@ietf.org
Message-ID: <20200131235533.GA18021@localhost>
References: <08A4B0CD-9903-4027-B672-E8C7AFB34B4D@akamai.com> <20200123005528.GA12073@localhost> <CAN2QdAH7t4fPgBfBSO7Ni1As2bVB9QvCw1s9j0ggqvTRUATE8A@mail.gmail.com> <20200123021455.GA73491@straasha.imrryr.org> <87427017-551e-4633-a0d3-75f378879aa9@redhat.com> <20200123124055.GF73491@straasha.imrryr.org> <CACsn0cngxBQTB+Pfw6t_+qsSFb0Kf8mV1U1J1UTsPJiUk=vg0w@mail.gmail.com> <20200123193250.GD12073@localhost> <20200123210151.GG73491@straasha.imrryr.org> <5F5F670C-A0BD-4F38-BEFF-192C171EDAC1@apple.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5F5F670C-A0BD-4F38-BEFF-192C171EDAC1@apple.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrgedugdduhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhm
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/X4brGqzhMvbLSGyG9OLMvqtnGTA>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 23:55:54 -0000

On Fri, Jan 31, 2020 at 09:06:12AM -0800, Tommy Pauly wrote:
> First off, thanks for the lively discussion on ticket reuse! I think
> it's a valid use case and something that should continue to be
> discussed.
> 
> However, for the purposes of the WGLC for this draft,
> draft-ietf-tls-ticketrequests, it may be best to separate the
> conversation. It seems that the negotiation of ticket reuse would be
> best served by another document that could be adopted by the WG. The

Viktor's comment came before the end of WGLC, so the WG needs to
consider his comments, and needs to reach consensus.  Considering the
fact that cosensus has not yet _obviously_ been reached (there have been
positive and negative responses), the WG's chairs may need to make a
call for consensus (or maybe the chairs think consensus is obvious?).

Consider this my encouragement to the chairs that they make a call for
consensus.

> ticket request document, as it was adopted, was specifically a
> mechanism to request multiple tickets so as to *avoid* ticket reuse.

TLS 1.3 already does that.

The adoption call is nowhere near as specific -- in fact, it says
nothing about purpose of the extension.

The TLS WG charter doesn't mention it.

The abstract of this I-D says, among other things:

   This extension aims to provide a means for servers to determine the
   number of tickets to generate in order to reduce ticket waste, while
   ^^^^^^^^^^^^^^^^^
   simultaneously priming clients for future connection attempts.

That number could be zero, and indeed, that's allowed.  "Zero unless you
won't allow me to reuse this one" seems clearly in-scope to me.  That
you have no need for it, doesn't make it out of scope or a bad idea.

Moreover, I posted an explanation of why this extension will cause
Postfix trouble.  That deserves a substantive response (and IETF process
may even demand it).

Nico
--