Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)

[Yoav Nir <ynir@checkpoint.com>]

Hi Ralf

I don't think this is the majority of the WG. Those who argued for ALPN are pretty much quiet now.

Also, votes or hums at IETF89 won't change anything, because the chairs can only say at a meeting, "the sense of the room seems to be XXX, so we'll confirm this on the list". We're on the list now, so we might as well discuss it now. No reason to delay this one by another three months.

I preferred ALPN for the following reasons:

  *   ALPN leaks very few bits of relevant information. For starters, it's HTTP/1 vs HTTP/2, which is not interesting at all, as they convey the same information. There are suggestions to place more things there, like various mail protocols. Whether that happens or not, knowing that someone is reading mail rather than browsing the web is a small amount of information. This should be balanced against:
  *   NPN is a huge change to the state machine. ALPN is simple and straightforward.

I don't think NPN would be a great disaster - I would implement whichever one is chosen, but I strongly prefer ALPN.

Yoav

On Dec 12, 2013, at 3:32 PM, Ralf Skyper Kaiser <skyper@thc.org<mailto:skyper@thc.org>> wrote:

(not taking any sides but stating how it looks like. I personally do not favor one over the other)

Hi Eric,


"if there were materially new information available to the WG"

I think Brian made a good case that 'materially new information is available to the WG which became available after the WGLC'.
(This is where the chairs disagrees with Brian and others on the list).

It appears you are pushing ahead with something that the majority in the WG does not agree with _today_. (They might have agreed
with it when the WGLC happened but they no longer agree - because of new information which became available).

Nobody is saying that ALPN should be shelved. What people like to see is to have a vote at IETF89 I guess.

regards,

ralf
[https://mail.google.com/mail/u/0/images/cleardot.gif]



On Thu, Dec 12, 2013 at 2:58 AM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Brian,

You write:

  But, don't you think it would be better for the whole working group to
  make that determination, instead of just the chairs? I think that if
  you simply asked the working group if we (still) have have a
  consensus, and the consensus is "go ahead with ALPN," then the whole
  issue would be resolved within a week or two, and there would be no
  trouble with IETF LC.

This is the purpose served by the WGLC, which ended in September.
You are asking for yet another call for consensus; this would be appropriate
if there were materially new information available to the WG which
became available after WGLC (otherwise, people could just keep
asking for consensus calls).  Whether this is in fact the case is a
question for the chairs and the ADs.

We consulted with the AD prior to taking this action, so perhaps he
will respond to you separately.

-Ekr


On Thu, Dec 12, 2013 at 8:58 AM, Brian Smith <brian@briansmith.org<mailto:brian@briansmith.org>> wrote:
> On Tue, Dec 10, 2013 at 10:30 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
>> After reviewing your request, the chairs believe that it does not raise any
>> new substantive issues that were not known to the WG at the time of the
>> decision to adopt ALPN and the subsequent WGLC. Therefore, we do not
>> believe it is appropriate to re-open the issue at this time.
>>
>> Because the document has already passed WGLC, we will be asking the
>> AD for advancement. You should of course feel free to reraise your objections
>> during IETF LC.
>
> Thanks for the response Eric.
>
> I can understand that the chairs may not think it is appropriate to
> re-open the issue at this time. It isn't surprising, because you have
> lobbied for ALPN and against NPN, and you've also said that it is
> important for Cisco (the other chair's employer) to have its
> inspection appliances capable of learning which protocol is being used
> on TLS connections.
>
> But, don't you think it would be better for the whole working group to
> make that determination, instead of just the chairs? I think that if
> you simply asked the working group if we (still) have have a
> consensus, and the consensus is "go ahead with ALPN," then the whole
> issue would be resolved within a week or two, and there would be no
> trouble with IETF LC. But, if we don't verify that we actually have a
> consensus now, then during IETF LC there will be doubt about whether
> we still have a consensus.
>
> I remember somebody once saying that, when we have authority, it is
> important to avoid not just impropriety, but also the *appearance* of
> impropriety. We as a working group have the authority and
> responsibility to everybody that uses IETF protocols and products
> based on TLS to make sure we've made good decisions and achieved
> consensus. So, I still think it is important, before advancing the
> document to IETF LC, that we clarify and verify that we actually have
> a consensus.
>
> Thanks again,
> Brian
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls



Email secured by Check Point

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls