Re: [TLS] confirming AUTH48 changes to draft-ietf-tls-cached-info

Sean Turner <sean@sn3rd.com> Thu, 14 July 2016 17:58 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CEC412D13D for <tls@ietfa.amsl.com>; Thu, 14 Jul 2016 10:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1kGaDP9dApX3 for <tls@ietfa.amsl.com>; Thu, 14 Jul 2016 10:58:13 -0700 (PDT)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB90412D08D for <tls@ietf.org>; Thu, 14 Jul 2016 10:58:12 -0700 (PDT)
Received: by mail-qt0-x231.google.com with SMTP id w38so46696466qtb.0 for <tls@ietf.org>; Thu, 14 Jul 2016 10:58:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=O2MPg7f0Pg/Y9kCdMP2AyLCE4tmzN5ilHjiQ6f/oXPk=; b=bk4GgglsTIF8LTm+JVGNT3ZbzcYZam319twM3U4FJzvurng9ojTVfQAvhSsd8u0HLI XRZI+s3HdRK5jZeyEeRVf/AWRF7sQ0HEIBipOivhCVyBpmmKLWfl8pSiOjWLhJ5ToW3F xYisat05KlbyVzVeWiWIfUAwvfGQGC6Bn/mt4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=O2MPg7f0Pg/Y9kCdMP2AyLCE4tmzN5ilHjiQ6f/oXPk=; b=R9A1KuSXt0W/jIY5b8ayVGvFszqS+A3hp5JJn0NlfzRU84MH/8NDSrWm5tmxZrQS5t Z25yOlw+nnRZKCpHQTdcD5YW9WVEMoMGviAhOcWmmYvfhAEnp0wntaBcCHWjdsRINCWR lBNs2tkeP0wR9FtDwsrFcn2WqAUX8F40Iux0gNBFgTFqCqgoZazl0J9Z4ODH+I7fGxRc WohKh+qkTO0y6l8qYjO/xyY5UU8vp9k/4Up9k5/fG9urNu0lS03cILbkwL3pePVGxDsQ hbxOuUOyXQpqJrqMIT32aCezVmYJNMfWJRkgDnmqRVzDDqz7EEGOu8FEqPfjEcSKUxHP UDqg==
X-Gm-Message-State: ALyK8tJW/7MYQJVYmM3gfYgY6KlzTVRxxj3WZyBV0KIf6GkkUV9LF0Qts7ZXxIT2SdOeTA==
X-Received: by 10.200.52.182 with SMTP id w51mr13024895qtb.90.1468519092010; Thu, 14 Jul 2016 10:58:12 -0700 (PDT)
Received: from [172.16.0.112] ([96.231.230.69]) by smtp.gmail.com with ESMTPSA id 128sm1539150qke.10.2016.07.14.10.58.11 for <tls@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 14 Jul 2016 10:58:11 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <7E71298A-1B25-452A-BDC0-DCC5616CDF98@sn3rd.com>
Date: Thu, 14 Jul 2016 13:58:10 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA2D5DAA-82DA-444F-8577-AF88ED1FF60F@sn3rd.com>
References: <7E71298A-1B25-452A-BDC0-DCC5616CDF98@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/agcbojVKanM1FugDrBZ_4KunJls>
Subject: Re: [TLS] confirming AUTH48 changes to draft-ietf-tls-cached-info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2016 17:58:14 -0000

The consensus of the WG is to not make the changes to the referred to by this msg.

Hannes,

Please respond to the RFC Editor to complete AUTH48 processing of this draft.

J&S

> On Jul 06, 2016, at 13:45, Sean Turner <sean@sn3rd.com>; wrote:
> 
> Anirudh noted [0] that existing implementation practices in TLS stacks may lead to additional complexity when implementing TLS cached info on the server side. The main issue is that the server needs to prepare the ServerHello (and list the CachedInfo extension) saying which payloads will subsequently modify. However, most implementations create each message somewhat independently and so it is not clear whether a certificate message, for example, will indeed contain the full payload or the fingerprint at the time of creating the ServerHello.
> 
> We need the WG to verify an AUTH48-proposed change to s4 of cached-info [1].  Please let us know whether you agree with the following changes by 14 July.
> 
> The proposed changes can be seen in the diff:
> http://www.tschofenig.priv.at/Diff_rfc7924-before_after.pdf
> 
> Cheers,
> 
> J&S
> 
> [0] https://www.ietf.org/mail-archive/web/tls/current/msg19493.html
> 
> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-cached-info/
>