Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1

Darin Pettis <dpp.standards@gmail.com> Fri, 06 December 2019 17:10 UTC

Return-Path: <dpp.standards@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2EA12007C for <tls@ietfa.amsl.com>; Fri, 6 Dec 2019 09:10:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8x4s74ybi1og for <tls@ietfa.amsl.com>; Fri, 6 Dec 2019 09:10:00 -0800 (PST)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 298AC1200CD for <tls@ietf.org>; Fri, 6 Dec 2019 09:10:00 -0800 (PST)
Received: by mail-ot1-x329.google.com with SMTP id 66so6395530otd.9 for <tls@ietf.org>; Fri, 06 Dec 2019 09:10:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pJsMgwpTFHmLcN7pkXvpm/GPNYlpJAZy43SVpEn79Ys=; b=NtIFvW7s3fJySGkfbxqrXBV0LJFT/afmDNawqBdWiZY1s5ODB1fB/PpF1cr6A+cBt1 8eGm7C3ZgKxjZLdROP2Ul+36n1bEFMvOAm2GsKkic8itbVgIVUYuV1ngEbOuqTsVcIB3 3FbawfFQoPfvC6KIafvLVaXC5oMLEVoT/Rvm1GmzBO3pnQKbQB7C3L4iKdixo8myW7sF Jhe39EecrtuatUihs9yKH4Pb3SAcedcGO+2Dm0mQPkGnqVU9lD1D0kWeRCNLpHsPW9hO g2SFpCkjWMmaJdjjH2EamUyccvl/jROt93rIlqqIKaLo4ORlniZHVkxzpFxy0UcxiccJ e8lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pJsMgwpTFHmLcN7pkXvpm/GPNYlpJAZy43SVpEn79Ys=; b=sjWWQZYd/o8J0qkwNARP9E1ClbZv5C0x4ZOph2vQctnFdHYJ30nn4hg3pvCcZD54vj yjhbP82OAbYYi8z8VZYlISE/baVOp7lS5REQEV849y+oLXqeDoXq9tzWQi1OVEQ4UO6L cLRBs9BlyA1YoVfHDG6Z3y9VzBdRzRp0F928zICfF8RYgtTBHLuNEwxhJZNTeWeKdiyT SmfzpEVCzUxe+7S1rqb1fYNV41OHyiZWk8nWzNsMCDH+7wMy9vR3ZuHwOP63mD+mnKZJ A/XLj5/G+TzKuAnW4bhaoBQO0Tq4bCZM9IXw7/yNO3DiAN20UuDBy2FVq2LiqDCH9kSh Yjpg==
X-Gm-Message-State: APjAAAUkSPNVNyWAudsajAXU+a1CL6b2W7wrCStutd5AMLwD+sQlOSEW fqAPjFtQOMJ4a/gQTbsKdk2bpiqrmQkcbXnZAn5kGQ==
X-Google-Smtp-Source: APXvYqwL4OoUlytD0iktme4Ykr3ZMzsvsBsxwoptFBt616Wz6MRlTQ8JY9aSZL8BON2U2RUYsoA25msx7eINkIByZ+A=
X-Received: by 2002:a9d:630d:: with SMTP id q13mr11082863otk.31.1575652199472; Fri, 06 Dec 2019 09:09:59 -0800 (PST)
MIME-Version: 1.0
References: <843cc437-4c6d-43ce-b634-527a287c4e27@www.fastmail.com> <c4bab542-f1fd-4c80-89b8-1b7a3ef883a7@www.fastmail.com> <CAMfhd9W_+1i=Q48GKAxT=TtHm+fKxUKUepqCtfJ7xQ6LgM4h_w@mail.gmail.com>
In-Reply-To: <CAMfhd9W_+1i=Q48GKAxT=TtHm+fKxUKUepqCtfJ7xQ6LgM4h_w@mail.gmail.com>
From: Darin Pettis <dpp.standards@gmail.com>
Date: Fri, 6 Dec 2019 11:09:48 -0600
Message-ID: <CAEMoRCshwo1vsb+bYbJLpOCMWGcJ15sz8COXeXbxmX-KDbY8Mw@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a3a08505990c1d4e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_3OkZQJ-89Wv7fFf1t6Ky_VnQ3c>
Subject: Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 17:10:02 -0000

On Thu, Nov 14, 2019 at 4:43 PM Adam Langley <agl@imperialviolet.org>
wrote: People on this list who manage large corporate networks may wish to
pay attention to this: while you may not have updated servers to TLS 1.3
yet, eventually it'll happen and I suspect some will find a significant
amount of things like TPMs, in which you currently have client-certificate
keys, which only sign with PKCS#1 v1.5. Without this draft adopted and
implemented ahead of time, it's going to be painful.

Adam - Wanted to thank you for the call-out to people on the list managing
large corporate networks.  Looking into the mutual authentication supported
protocols issue that you and David raised.  Will evaluate potential future
impact.

Cheers,
Darin

On Thu, Nov 14, 2019 at 4:43 PM Adam Langley <agl@imperialviolet.org> wrote:

> On Mon, Nov 11, 2019 at 11:33 AM Christopher Wood <caw@heapingbits.net>
> wrote:
>
>> The adoption call is now (belatedly) finished. At this time, there's not
>> enough interest to take this on as a WG item. We encourage further
>> discussion on the list, perhaps based on subsequent draft updates, and will
>> revisit adoption in the future if interest grows.
>>
>
> People on this list who manage large corporate networks may wish to pay
> attention to this: while you may not have updated servers to TLS 1.3 yet,
> eventually it'll happen and I suspect some will find a significant amount
> of things like TPMs, in which you currently have client-certificate keys,
> which only sign with PKCS#1 v1.5. Without this draft adopted and
> implemented ahead of time, it's going to be painful.
>
>
> Cheers
>
> AGL
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>