IETF Logo Mail Archive

Re: [TLS] IANA Registry for TLS-Flags

Christopher Wood <caw@heapingbits.net> Mon, 13 December 2021 14:31 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93C503A07DB for <tls@ietfa.amsl.com>; Mon, 13 Dec 2021 06:31:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=oHccacgF; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Iby8Rbdk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPxvEOpbhFHS for <tls@ietfa.amsl.com>; Mon, 13 Dec 2021 06:31:29 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 103CA3A07CA for <tls@ietf.org>; Mon, 13 Dec 2021 06:31:28 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 53EBC320102F for <tls@ietf.org>; Mon, 13 Dec 2021 09:31:27 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute1.internal (MEProxy); Mon, 13 Dec 2021 09:31:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=rQwm6 VMIsh+NA1v/QqJzfx/5TGoS8JV0N8dw0cJsSEU=; b=oHccacgF+9taHxq0b1T+z LKQ4cj6R2ZNsY8TvS7M/3A3XQXmpS0kS6W8DYJTo50+QG9vcUcOIdSL114vVSuer I9SpGRM7CfS7egGJYpqeT/CdiQBiOwE1B+x1B8O7JG9sraFXwa9J9TlETunvfrTE h7dGz19I1Xf3I15XK8dyUq+FSkuExK4Iw1tOFieF5iiKvRE6r0AdsFopli7GbMG4 mlQYOrCYM/AMeI1u56L/M8p/EdM76G4FuGML3yqfMCujlevFZix1OWcMQlYscW4D kNEQqmnC9SXrfkMVmJBPAEwXtjj8Ai9f7U1fna34bQBRZ0M+s5QCBMGjrMtdfOCj w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=rQwm6VMIsh+NA1v/QqJzfx/5TGoS8JV0N8dw0cJsS EU=; b=Iby8Rbdk4V5W7ISq1JG4bEElMtaWWuSZxgzAeDfC3jhlFosGnuFvVcH7p esUI4+iTdgJY14GBV3idD6Od/Y7aFK37ATda3Uitn4no64yM2YW9AKPKMeUH0w99 4VWD8THJdOpzHcOA/W9ZsqDMnw1RgTLpdPnH2HQETjpHRNvMU7OMqK2jZwZx5rJJ +nGjcBlrKWglhVq6mnPi28UKwuDCcQxOt7sADlP3ahU5PiNQ0K3XAiZ0+IUiTNqw LHOewrbCSELLMl+4e8xpkKTpE7gOliRuTQBSAbXAsBksrDCIdQAdVGgLR+SQ/VE5 v08x+i07oJd3WGrq7i3S9UNkvxwrA==
X-ME-Sender: <xms:Plm3YRpqYITouQLLeB-rDNd8kRy3_vizV6PSi3FGsRHWtvkFCh8Plg> <xme:Plm3YTqlTqDElX_u5332uc7o-nFGOkSZMzaf02w4wYCIIoQWsR1-sb6dr5MwlKsH9 6PXrF1TGkkow5rk6uc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrkeekgdeiiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeffkefhudethf elleeuteelkedvfeehleefvdefieeggeejteevhfegffejffettdenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:Plm3YePNxn5fB5hJ9TMOjqsANShhjBBmG6JCgFHela9fm90HXC2Xrw> <xmx:Plm3Yc4Hx4NR0sjDAV0agbkDbWqVG8c0G4sGf3Cq_yydNCA5GpCyOg> <xmx:Plm3YQ4r7f633nJPRX3Di_PLpTrmjNEJOCakz7Ecs0yFCHvM-i82gg> <xmx:Plm3YSE-ZvoRuaN6gd7URWKoSSZmvV6CeNuW0RTvntVKI39LkmoCSA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 387183C031B; Mon, 13 Dec 2021 09:31:26 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4514-g2bdc19e04f-fm-20211209.002-g2bdc19e0
Mime-Version: 1.0
Message-Id: <9b5bd4c9-171f-40da-b04b-0996ff4361b5@www.fastmail.com>
In-Reply-To: <CABcZeBP0vYktj8GjMKxgN2q15AKvU2CRH_CiqUa55mL_COv7GA@mail.gmail.com>
References: <A3B1B532-912A-4135-BCC8-6F48A9AE2C4D@gmail.com> <789BD7B9-F369-4DB8-95E3-89FAEC7F6D51@gmail.com> <CABcZeBP0vYktj8GjMKxgN2q15AKvU2CRH_CiqUa55mL_COv7GA@mail.gmail.com>
Date: Mon, 13 Dec 2021 06:31:06 -0800
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZRQihh4EBYfLa42C-qE3GZLgW_A>
Subject: Re: [TLS] IANA Registry for TLS-Flags
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2021 14:31:34 -0000

How about we split the difference and go with the first 0-15 flags for standards action? We can keep the initial value of 8 for cross-sni-resumption since that document is going through the process. (We could also make it 7 or lower so we're not wasting an empty octet for this flag, should folks want to go that route.)

Any objections?

Best,
Chris

On Sun, Dec 12, 2021, at 2:22 PM, Eric Rescorla wrote:
> I'd probably reserve slightly more for standards action, maybe the 
> first 24 bits. Otherwise, I agree with MT.
>
> -Ekr
>
>
> On Sun, Dec 12, 2021 at 12:51 PM Yoav Nir <ynir.ietf@gmail.com> wrote:
>> Well, that’s two voices for Martin’s PR and just me liking the convoluted text that I wrote.
>> 
>> Chairs, care to call consensus?
>> 
>> Yoav
>> 
>>> On 7 Dec 2021, at 23:21, Yoav Nir <ynir.ietf@gmail.com> wrote:
>>> 
>>> Hi.
>>> 
>>> We have one outstanding issue about the TLS-Flags draft. It’s about the IANA registry. The way the extension is defined, low identifiers for flags result in shorter extension encoding. For this reason, we want the most popular flags to have low numbers. This is especially true for flags that everyone will use (think RI)
>>> 
>>> So the current text says this:
>>> 
>>> 4.1.  Guidance for IANA Experts
>>> 
>>>    This extension allows up to 2040 flags.  However, they are not all
>>>    the same, because the length of the extension is determined by the
>>>    highest set bit.
>>> 
>>>    We would like to allocate the flags in such a way that the typical
>>>    extension is as short as possible.  The scenario we want to guard
>>>    against is that in a few years some extension is defined that all
>>>    implementations need to support and that is assigned a high number
>>>    because all of the lower numbers have already been allocated.  An
>>>    example of such an extension is the Renegotiation Indication
>>>    Extension defined in [RFC5746].
>>> 
>>>    For this reason, the IANA experts should allocate the flags as
>>>    follows:
>>> 
>>>    *  Flags 0-7 are reserved for documents coming out of the TLS working
>>>       group with a specific request to assign a low number.
>>> 
>>>    *  Flags 8-31 are for standards-track documents that the experts
>>>       believe will see wide adoption among either all users of TLS or a
>>>       significant group of TLS users.  For example, an extension that
>>>       will be used by all web clients or all smart objects.  The only
>>>       entry in the initial registry is from this range.
>>> 
>>>    *  Flags 32-63 are for other documents, including experimental, that
>>>       are likely to see significant adoption.
>>> 
>>>    *  Flags 64-79 are not to be allocated.  They are for reserved for
>>>       private use.
>>> 
>>>    *  Flags 80-2039 can be used for temporary allocation in experiments,
>>>       for flags that are likely to see use only in very specific
>>>       environments, for national and corporate extensions, and as
>>>       overflow, in case one of the previous categories has been
>>>       exhausted.
>>> 
>>> 
>>> Quite verbose. Martin Thomson suggests a shorter version that only reserves flags 0-7 for standards action and leaves everything else for “specification required”. No reservation for special request. No private use reserve. No experimental or judgment based on the likelihood of wide adoption:
>>> 
>>> https://github.com/tlswg/tls-flags/pull/14/files
>>> 
>>> Please comment.
>>> 
>>> Yoav
>>> 
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email