IETF Logo Mail Archive

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Dean Anderson <dean@av8.com> Tue, 21 July 2009 14:37 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 928FB3A69CB; Tue, 21 Jul 2009 07:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3z-zwV12xVyA; Tue, 21 Jul 2009 07:36:59 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 83C493A68DD; Tue, 21 Jul 2009 07:36:59 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id n6LEZRsb007195 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 21 Jul 2009 10:35:40 -0400
Date: Tue, 21 Jul 2009 10:35:27 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Douglas Stebila <douglas@stebila.ca>
In-Reply-To: <10B26916-E4EC-4678-B35E-0C09D58E4169@stebila.ca>
Message-ID: <Pine.LNX.4.44.0907211025100.6961-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: ietf-honest@lists.iadl.org, IETF Discussion <ietf@ietf.org>, rms@gnu.org, tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 14:37:06 -0000

Hi Douglas,

OpenSSL has implemented patented technology before, and distributed it
without license but with statement that it contained patented technology
that users weren't licenced to use.  While challenging the law can
sometimes be a good thing and no criticism of OpenSSL project is
intended, their actions do not improve our licensing options.  For many
years, I had to purchase Stronghold--a licensed version of OpenSSL.  

However easy these patented standards are to implement, they remain
patented.  And we continue to have the right in the IETF process to
demand other, non-patented alternatives, and reject those standards that
don't have suitable licensing terms.  RFC3979 requires the WG to
consider non-patented alternatives, and that didn't happen.

		--Dean

On Tue, 21 Jul 2009, Douglas Stebila wrote:

> I have implemented draft-ietf-tls-extractor-06 in the TLS v1.0  
> implementation in OpenSSL.  I found the draft easy to implement with  
> no ambiguities or concerns.  I believe that the functionality provided  
> by the draft will be extremely valuable for building application-level  
> security protocols and encourage its standardization.
> 
> It is my interpretation of the draft that it can be implemented in any  
> version of TLS, not just TLS v1.2.  Obviously the derived key may be  
> different if the underlying TLS PRF is defined differently (as it is  
> for TLS v1.2), but the draft is still well-defined for previous  
> versions of TLS.
> 
> For those interested in the OpenSSL implementation, I have posted a  
> page on my website with the patch.
> 	http://www.douglas.stebila.ca/code/keying-material-exporters/
> In addition to a patch for OpenSSL, I have also done patches to Apache  
> and PHP to expose a PHP function that allows a PHP application to  
> derive keying material from the underlying TLS connection according to  
> the draft specification.
> 
> Douglas
> 
> On 2009-Jul-21, at 2:48 AM, The IESG wrote:
> 
> > The IESG has received a request from the Transport Layer Security WG
> > (tls) to consider the following document:
> >
> > - 'Keying Material Exporters for Transport Layer Security (TLS) '
> >   <draft-ietf-tls-extractor-06.txt> as a Proposed Standard
> >
> > The IESG plans to make a decision in the next few weeks, and solicits
> > final comments on this action.  Please send substantive comments to  
> > the
> > ietf@ietf.org mailing lists by 2009-08-10. Exceptionally,
> > comments may be sent to iesg@ietf.org instead. In either case, please
> > retain the beginning of the Subject line to allow automated sorting.
> >
> > The file can be obtained via
> > http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
> >
> >
> > IESG discussion can be tracked via
> > https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

v2.23.0 | Report a Bug | By Email