[TLS] The beauty of asking implementors
Watson Ladd <watsonbladd@gmail.com> Fri, 11 April 2014 16:01 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FF5E1A0701 for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 09:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJo_RgMK2Aos for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 09:01:24 -0700 (PDT)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1A81A06FC for <tls@ietf.org>; Fri, 11 Apr 2014 09:01:23 -0700 (PDT)
Received: by mail-yh0-f48.google.com with SMTP id z6so5479334yhz.7 for <tls@ietf.org>; Fri, 11 Apr 2014 09:01:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=oymUCVY0GERK3x2YVa0gzcclHulwQavKai3Gp0l0WK0=; b=URU+zbqZXGampfoj0b1cJl9vnoY2DzoiNd8FNwvERlmYlIyJPgU1fHhwhQNKnsS7yB 1PtODsf0NzzzhYnE2RCldsdSUhweDCl2dM7IlQieQWDW0AsuFQji47Sd9gbuNm/cZavS u4XQ8WVeSS3dBcQxCt1lwHmqWBanW+1fCz5GOXgT+C6ss2O7giNlQmxHJHfVtwB0Wf6/ 2iUg2KOhDbCxWE19ew4DW6gP+H4qyDY3VUp/N8GxvyOnAQkFXY8Yd/OYvKyTSs/i0dhL XN5EvuIn1zjomGYNU5f8xYCnO/DtnnVXyVMg2zV/PnLOtAEA59jNl/0Uqi+OlJfF+Br/ IPoQ==
MIME-Version: 1.0
X-Received: by 10.236.139.70 with SMTP id b46mr33270450yhj.63.1397232081940; Fri, 11 Apr 2014 09:01:21 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Fri, 11 Apr 2014 09:01:21 -0700 (PDT)
Date: Fri, 11 Apr 2014 09:01:21 -0700
Message-ID: <CACsn0cmBg5rKaHgjhOBRKzO=ivUvVD-yeeuG=U9ez4mmGNi4+A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_xpqUfld-M6ie7DEUAA4uI6XXxE
Subject: [TLS] The beauty of asking implementors
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 16:01:26 -0000
Dear all, Rich Salz, after listing three options from conservative to radical, "I put myself in the first group (except for SNI encryption, which will get a separate post :), could be convinced to support something from the second once it's written down, and am probably not qualified to evaluate anything from the third group (few people are)." AGL:"I would rather like to see a TLS 1.3 that is a tidying up of 1.2: merging the various RFCs into one, editing and pulling in some of the drafts that are floating around. The more significant changes could be 1.4." Peter Gutman: "Absolutely! I don't want to have to add yet another parallel implementation of a protocol that's just different enough that it's yet another set of code and functionality to test, alongside SSLv3, TLS 1.0, and TLS 1.2. All of the previous updates have been compatible enough that you don't want to do a new implementation, but incompatible enough that it's a different protocol. Make 1.3 purely fixes for 1.2 and then start again with 2.0 so we can ditch all the old baggage, complexity, and attack surface." So that's the biggest site using TLS, the Chromium TLS person, and Professor Gutman all stating their lack of interest in TLS 1.3 as currently imagined. Currently the chairs are working backwards: fixing the handshake (which has one secure mode) and not the record layer (which has AES-GCM) first. (Of course, the TLS 1.2 document describes neither: you need to look at the Suite B for ECDHE_ECDSA, and somewhere else for ECDHE_RSA, and AES-GCM) I don't see how this is at all the right set of priorities. Fixing known bugs should come before new features in any security project. The implementers seem to agree with this perspective. I'm not seeing a compelling argument from the chairs, explaining why they think TLS 1.3 should take priority over fixing TLS, just "trust us". Sincerely, Watson Ladd
- [TLS] The beauty of asking implementors Watson Ladd