Re: [TLS] access_administratively_disabled v2

Benjamin Kaduk <bkaduk@akamai.com> Wed, 03 January 2018 17:05 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCBE1241F5 for <tls@ietfa.amsl.com>; Wed, 3 Jan 2018 09:05:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OT-FH5Ok6GvQ for <tls@ietfa.amsl.com>; Wed, 3 Jan 2018 09:05:41 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80257124D68 for <tls@ietf.org>; Wed, 3 Jan 2018 09:05:41 -0800 (PST)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id w03GcqlS020308; Wed, 3 Jan 2018 17:05:38 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=2J6cXx89LpsX1c3oZIpWuD0/HgIfSUOjetzKgX27tB0=; b=hb0UNtO73roa1l1/Iklb9Vhzeshn5aN07gVm8Ouj5Yl6dXmQ3X7hZnLBlpMOqLvd10fc z8p5zBqmt8Qj+PACdjYxP4Yhoymvu64/+/b+MMO13TJUy2be594IabRYzS4p4keN/0EH E3NTHNf5PTMNiwrqBcQ9Iu9Tih8WasoOj7eGcWDHzBUKAwzeP7N8CihLtp0j48b32HfP c1+1wKeZ40oWfOY9ekW31t5uwarBiF4+2dOGrISet67BSPtqUI3kb7ubQjCDNCsTZFbh UE6qWTGJlfXjOPs5jhtIpe4UeYr8/JN1WZrPmDaD+/coDS1JmcMRlII7TJAWKV4L4994 HA==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0b-00190b01.pphosted.com with ESMTP id 2f63awhwxu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jan 2018 17:05:38 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w03GuNqZ027364; Wed, 3 Jan 2018 12:05:37 -0500
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint2.akamai.com with ESMTP id 2f670yx663-1; Wed, 03 Jan 2018 12:05:37 -0500
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 2C4D52417E; Wed, 3 Jan 2018 17:05:37 +0000 (GMT)
To: =?UTF-8?Q?Mateusz_Jo=c5=84czyk?= <mat.jonczyk@o2.pl>
Cc: "<tls@ietf.org>" <tls@ietf.org>
References: <60555d44-340d-8aa7-eb45-3a23b758e5d2@o2.pl> <CABcZeBN=JHV3gY_JCkCUHHASEqcUQTUmmpRY5i66Dv53k=Z3Ag@mail.gmail.com> <3685a850-03ec-5162-414b-c2676022d661@o2.pl> <CABcZeBO0nzmfcA+1ujxceDtNKPGUBZQtBg4-yN-OpOSyEJ3bNg@mail.gmail.com> <eb4530ad-2e6e-d5b6-72e7-4f84dae635e3@o2.pl>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <5afdbc7f-30bb-4de2-6a72-588b8edc55d8@akamai.com>
Date: Wed, 3 Jan 2018 11:05:36 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <eb4530ad-2e6e-d5b6-72e7-4f84dae635e3@o2.pl>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-03_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=596 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801030236
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-01-03_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=586 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801030233
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_e-_jUm0PDozXz2Xul9FSCPOkQ0>
Subject: Re: [TLS] access_administratively_disabled v2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 17:05:43 -0000

On 01/03/2018 10:17 AM, Mateusz Jończyk wrote:
> Judging from TLS1.3's problems with middleboxes, content filtering isn't so
> rare, especially in the corporate world.
>
> The provider of filtering services (for example OpenDNS) / middlebox
> manufacturer would have to recognize if the client supports this mechanism.
> Having support for TLS1.3 could be one such flag.

Cherry-picking this one part just for enhanced clarity: I do not think
support for TLS 1.3 can or should be such a flag -- there does not seem
sufficient reason to block TLS 1.3 finalization for this proposal.

-Ben