Re: [TLS] Adoption of TLS-LTS
Hubert Kario <hkario@redhat.com> Thu, 09 June 2016 09:55 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF5712D0A0 for <tls@ietfa.amsl.com>; Thu, 9 Jun 2016 02:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.348
X-Spam-Level:
X-Spam-Status: No, score=-8.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imng64MmCxRt for <tls@ietfa.amsl.com>; Thu, 9 Jun 2016 02:55:42 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EADA12D0F0 for <tls@ietf.org>; Thu, 9 Jun 2016 02:55:42 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CFFB5C00B8E4; Thu, 9 Jun 2016 09:55:41 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-107.brq.redhat.com [10.34.0.107]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u599tdC2021184 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Jun 2016 05:55:41 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Thu, 09 Jun 2016 11:55:39 +0200
Message-ID: <22902566.AuEvmjhU12@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.10 (Linux/4.4.11-200.fc22.x86_64; KDE/4.14.17; x86_64; ; )
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4C9E044@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4C9CA49@uxcn10-5.UoA.auckland.ac.nz> <B91621AD-0775-4DE3-8808-DEF267E89573@vigilsec.com> <9A043F3CF02CD34C8E74AC1594475C73F4C9E044@uxcn10-5.UoA.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart5314317.AuqaekqFZz"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 09 Jun 2016 09:55:42 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_OBeW3SUcXGutj4Lt_XqUsqwEpc>
Subject: Re: [TLS] Adoption of TLS-LTS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 09:55:44 -0000
On Wednesday 08 June 2016 19:29:07 Peter Gutmann wrote: > Russ Housley <housley@vigilsec.com> writes: > >I do not think the TLS WG should take on any document that makes > >changes to the TLS 1.2 protocol. > > So how is that different from any number of other TLS standards-track > RFCs, say, RFC 7627 (one of the ones referenced in the draft), which > was adopted as a WG document and standards-track RFC? The tiny > changes in this draft (adding one field to the ServerDHParams, using > the full MAC for finished, and hashing the full hello instead of just > one field in it) are pretty trivial in comparison to the > aforementioned RFC 7627, or any number of other ones. <bikeshed> to be pedantic, the RFC describes itself "a profile" while in reality it modifies the protocol in a way that will make it incompatible with "vanilla" TLS 1.2 implementations (yes, I know it's negotiated using extension so it doesn't make it actually incompatible, just noting that the behavior with and without extension is significantly changed - it's not a strict subset of TLSv1.2) </bikeshed> -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- Re: [TLS] Adoption of TLS-LTS Watson Ladd
- Re: [TLS] Adoption of TLS-LTS Aaron Zauner
- Re: [TLS] Adoption of TLS-LTS Peter Gutmann
- Re: [TLS] Adoption of TLS-LTS Geoffrey Keating
- Re: [TLS] Adoption of TLS-LTS Hubert Kario
- [TLS] Adoption of TLS-LTS Peter Gutmann
- Re: [TLS] Adoption of TLS-LTS Peter Gutmann
- Re: [TLS] Adoption of TLS-LTS Russ Housley
- Re: [TLS] Adoption of TLS-LTS Peter Gutmann
- Re: [TLS] Adoption of TLS-LTS Yoav Nir
- Re: [TLS] Adoption of TLS-LTS Peter Gutmann
- Re: [TLS] Adoption of TLS-LTS Yoav Nir
- Re: [TLS] Adoption of TLS-LTS Hubert Kario