Re: [TLS] Update on TLS 1.3 Middlebox Issues

Richard Barnes <rlb@ipv.sx> Sat, 07 October 2017 14:57 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62927134292 for <tls@ietfa.amsl.com>; Sat, 7 Oct 2017 07:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZvd7to-Zlat for <tls@ietfa.amsl.com>; Sat, 7 Oct 2017 07:57:19 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A7891321F5 for <tls@ietf.org>; Sat, 7 Oct 2017 07:57:18 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id m72so5942485wmc.0 for <tls@ietf.org>; Sat, 07 Oct 2017 07:57:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=h0wfIaGzqLvRg6adU9Ud5T0hDcqwBmfZk5/V817eZZg=; b=z1KWnjmL+sxjR2aE5ejFutof6SQynp6lh09mcd/OqNmCl0tFZ7BPkCTN0se92qpOnO 8qkYMh14smNOdYhuScuEkLqSrclu5WbTa29Ne9c1Fw1yRuZ06V2e5c79D50edFXQ7HM1 +BNcoOdwhmD+qoqbGCE/Rlaf+OJ4/nsBn52TSVnsZ/R7oavnORbtwSyy8vMKfERoB+hl +W5lyGEE4i46k0qmBsVGNPsY6mM38HC3+12S4bSTq+wo8axxFsDIviqV962bb95aBvVv hNc1F3JiHyTF73ZuKvtWgQp2Ga0vWGmvdHSyOmVk+YcwT8kFAT/wQMymermLuHILTIuP O+Zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=h0wfIaGzqLvRg6adU9Ud5T0hDcqwBmfZk5/V817eZZg=; b=XCEUas+exWVGOttF3Ze9KPhQnUbamm1T8WyBmg8gP2LI8v+c52jwykUXFhETfYPf96 fwJXZT0kk/PhPq4iKjY14AwMWep+RsDVWRRlqa7D9NPIODgKcTxUKo+jkDExeXzEJBvd cf3SjVTSdZmP5qxS9k/d5mfCcMMFOOJlhSt2Yb6D4qT6D/VK02IZPWDhCQ80PI6YqyHo l+4sPIsmZFO16s9iHLkJ80Mj1MgRzpgwwz7yjs7uElWcKDmNvDQx2HBb54So9tA77TdI 5o4Hj0HJNYKl2X5RyU6/Qc1rPep95gmPAUOTpUWZhqY/ucgPolNxR2HfcOCLR1fr6oAH opDA==
X-Gm-Message-State: AMCzsaVi49Axa9rmVD79AXpOZb2cL+8zYfJoPxPRf4jngh/0kdXXx24b QvX8rg9tAUv5nIhoI/rcvP40kWEwnSShJffFSFe30A==
X-Google-Smtp-Source: AOwi7QD4GGH8r1mBbYgDDY1E3yOjkKqfAgftolAtxZGX7JfTEMqCYB0bbyBfwJtjx6foSVjn82XzSAc2sXDiAU0gfSw=
X-Received: by 10.28.21.10 with SMTP id 10mr1822626wmv.41.1507388236977; Sat, 07 Oct 2017 07:57:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.184.210 with HTTP; Sat, 7 Oct 2017 07:57:15 -0700 (PDT)
Received: by 10.28.184.210 with HTTP; Sat, 7 Oct 2017 07:57:15 -0700 (PDT)
In-Reply-To: <A6896A64-A0B3-409A-ABC2-1EF1D7DD0E7D@akamai.com>
References: <CABcZeBMoW8B78C5UmLqAim4X=jQ8jVRYTP-L7RVnU3AScdFvFw@mail.gmail.com> <EAD84CE1-41A9-40FE-B882-18F077FFD691@akamai.com> <17791E16-1E12-4E8E-A098-31E961C2B2CB@gmail.com> <CAOjisRx9rwtbwBOTB+PegrKim2Q3bDmwbZi6KAu0aFMEaYSxRw@mail.gmail.com> <A6896A64-A0B3-409A-ABC2-1EF1D7DD0E7D@akamai.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Sat, 7 Oct 2017 10:57:15 -0400
Message-ID: <CAL02cgQc2UriU7EZzpYpdxMrj15fDrfsD3adS0TeqhTe8ZEcBA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>, Nick Sullivan <nicholas.sullivan@gmail.com>, Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a1145a932676e7e055af62c80"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_HYSitve_LBhNizXlczPsLmJQ48>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2017 14:57:20 -0000

On Oct 7, 2017 10:43, "Salz, Rich" <rsalz@akamai.com>; wrote:


➢ I don't want to speak for browser vendors, but history suggests that
Option 3) may not be a viable one for browsers with a significant market
share.

They can do what they want, but if they’re “in the rough” on the consensus
call, I hope they’ll go along.


Rich, I think you may be forgetting that IETF standards are voluntary.
They may be in the rough with regard to Publishing an RFC, but if they
can't ship that RFC, they won't, and publishing an RFC that can't be
shipped doesn't do much good.

Better to take the time to figure out how to make this deployable (with a
blend of 1/2 and 3).   We're still a decade ahead of the 1.2 roll out
timeline.

--Richard


As for yoav’s point about “not during Q4” freeze; that happens to both
clients and servers :)

I ask that everyone who is involved in these “middlebox failure
experiments,” collectively or individually, work on a presentation for
Singapore.  Unless there are some big surprises, I am going to ask for a
consensus call on just moving it forward.




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls