IETF Logo Mail Archive

[TLS] Re: draft-ietf-tls-dtls-rrc-13 ietf last call Opsdir review

"Joe Clarke (jclarke)" <jclarke@cisco.com> Sat, 14 June 2025 16:30 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 02B8834F7FDD; Sat, 14 Jun 2025 09:30:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -11.886
X-Spam-Level:
X-Spam-Status: No, score=-11.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cisco.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v7z3jTgGorqt; Sat, 14 Jun 2025 09:30:22 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F278734F7FD4; Sat, 14 Jun 2025 09:30:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=15708; q=dns/txt; s=iport01; t=1749918622; x=1751128222; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=TE0Dry0S+WuuMiITkQ/mEarjCGGjUPoFSaiUJdbW8Go=; b=YS+TVs4032TFnoZYAuCnAdRyrBWJFtb4JR6u4ieiFdKZHHHRHqiCshAF e+CJ8FzqRBMDP66iTswZOc7czyyOz6yJdiArckLUrJKtbcY3D+WDbilcy yGnSznt1rd35TtlHbSMocb42q554Vlgda6lz0S+Yd/bN/VNu6IUGq9hnG ACRWt98r/VhzrxG+6ekelhEjC8isTeP5pwVrFIDG9VuyzuDH7JsmAi53Q MZXedUCo61Mvy/WGQ/x5rYAnsT3gGFoWCT9auYDr8L8e4EXIClpReMSe7 9oS/xgw8hnv1b3XkDHniJ+ilZhz0HgVSv09onRj+XfYBuFifQ/nVlSJO9 A==;
X-CSE-ConnectionGUID: a17SrcnkSJahlWLe2Hxg+Q==
X-CSE-MsgGUID: tFQT3K/VSDiI4+yQlRhSWA==
X-IPAS-Result: A0AFAADkok1o/5H/Ja1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBZYEaBQEBAQELAYFAMSooB3mBHEmEVINMA4RNX4h2A5dBhlWBJQNXBwgBAQENAkQNBAEBhQcCFotQAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAQEBAQELAQEFAQEBAgEHBYEOE4VBATkNhloBAQEBAxIRQhQQAgEGAhEDAQIBKgICAi8dCAIEDgUIGoIIWYIcUgMBEAaTN49dAYFAAooreoEygQGDWgLcQwaBSQGIUAEqgTMCDoN/hHcnG4FJRIEVQoFJgR8+gmECAoFGGh6DOzqCLwSCDRdEPhQdboMZhCuFEYJfhHOLcFJyIgMmMywBVRMXCwcFgSBDA4EPI0sFLR2CDYUZH4FzgVkDAxYQhAIchGKESStPgyKBf2VBg18SDAZxDwZPQAMLbT0UIxQbBQSBNQWXIhwoGoMlCjxqBEMOAlYvBFUBJQYJGRwCLZJYhAeLV6I0gT4KhBuiCRepe2aZBKkNAgQCBAUCEAEBBoFoPIFZcBWDIlIZD4tIgWWKB7JDAXgCOgIEAwEKAQEDCZABLYFOAQE
IronPort-PHdr: A9a23:utnTOB2TAXbRWieBsmDPmlBlVkEcU/3cNwoR7N8gk71RN/3l9JX5N 0uZ7vJo3xfFXoTevupNkPGe87vhVmoJ/YubvTgcfYZNWR4IhYRenwEpDMOfT0yuBPXrdCc9W s9FUTdY
IronPort-Data: A9a23:muBogaBCa/QTwxVW/yHiw5YqxClBgxIJ4kV8jS/XYbTApD5xg2YPn 2QfXzqBO/ffZ2GnLopyb9iz9BgDuJXcydNjOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4eGdIZuCCaF/H9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7ZRbrVA357gXWthh fuo+5eCYAH8h2YuWo4pw/vrRC1H7ayaVAww5jTSVdgT1HfCmn8cCo4oJK3ZBxPQXolOE+emc P3Ixbe/83mx109F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq+kTe5p0G2M80Mi+7vdkmc+dZk 72hvbToIesg0zaldO41C3G0GAkmVUFKFSOuzXWX6aSuI0P6n3TEyqwxN1s9O44j2O93BV5q+ KY4OD9OV0XW7w626OrTpuhEnM8vKozveYgYoHwllWGfBvc9SpeFSKLPjTNa9G5v3YYVQrCEO pdfMGYyBPjDS0Un1lM/Cpk6lf2ri1H0ciZTrxSeoq9fD237l10ogee9aoeLEjCMbdl7p3rDh SX4xEj4I01ZJeWb8zq+zVv504cjmgu+Aur+DoaQ+uRjjkHWx2EPBlgKUUD+reW9kQukQdkZI kgQ0isjsaZ081akJvH5Vgak5XWNuho0WtdMHas98g7l4q3M+EOVB3IsTzNdZpohrsBebSAuz XeIks/nQzt1v9WopWm17LyYq3a2fCMSN2JHPX9CRgoe6N6lq4Y25v7Scute/GeOpoSdMRn7w iuBq241gLB7sCLB//zTEYzv6950mqX0cw==
IronPort-HdrOrdr: A9a23:esiWwKjioFZ0RlTU7X68ReSiHHBQX6d23DAbv31ZSRFFG/FwyP re/8jzhCWVtN9OYhAdcIi7Sde9qBPnmaKc4eEqTNGftXrdyRqVxeBZnMTfKlLbalfDH4JmpM Ndmu1FeaLN5DtB/IjHCWuDYqsdKbC8mcjC65a9vhJQpENRGt1dBmxCe3+m+zhNNXJ77O0CZe KhD6R81l2dUEVSRP6WQlMCWO/OrcDKkpXJXT4qbiRM1CC+yRmTxPrfCRa34jcyOgkj/V4lyw f4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKx334zzYJLhJavmnhnQYseuv4FElnJ 3nuBE7Jfl+7HvXYyWcvQbt4Q/9yzwjgkWSimNwwEGT4/ARdghKT/aptrgpNScxLHBQ+u2U5Z g7ml5xcaAnVC8o0h6Nv+QgHCsa5nZc6UBS4tL7yUYvELf3rNRq3NYiFIQ/KuZaIAvqrI8gC+ VgF8fa+bJfdk6bdWnQui11zMWrRWlbJGbNfqEugL3c79FtpgEz82IIgMgE2nsQ/pM0TJdJo+ zCL6RzjblLCssbd7h0CusNSda+TjWle2OBDEuCZVD8UK0XMXPErJD6pL0z+eGxYZQNiJ8/go 7IXl9UvXM7P0juFcqN1ptW9Q2lehTxYR39jsVFo5RpsLz1Q7TmdSWFVVA1isOl5+4SB8XKMs zDca6+w8WTW1cGNbw5qDEWAaMiXEU2QYkQoJIhV1qFv8LMLZeCjJ2oTB/6HsuYLQoZ
X-Talos-CUID: 9a23:6TlgmWpCs8y3CtXAIaCYx/zmUcl8LUbHx3HTGG2xCWJWbLDPaU+fu5oxxg==
X-Talos-MUID: 9a23:oKKhJQgNvNitVM2OV0wJ18MpKOlR3/+NT342vZQn54qVDChKOwyipWHi
X-IronPort-Anti-Spam-Filtered: true
Received: from rcdn-l-core-08.cisco.com ([173.37.255.145]) by rcdn-iport-4.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 14 Jun 2025 16:30:21 +0000
Received: from alln-opgw-1.cisco.com (alln-opgw-1.cisco.com [173.37.147.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by rcdn-l-core-08.cisco.com (Postfix) with ESMTPS id E5A13180001FD; Sat, 14 Jun 2025 16:30:20 +0000 (GMT)
X-CSE-ConnectionGUID: L32MEynhSBu5xzDWtZ2PjQ==
X-CSE-MsgGUID: O/ZXuS7GQUqkbTjC2WDUHQ==
Authentication-Results: alln-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.16,237,1744070400"; d="scan'208,217";a="49748527"
Received: from mail-bn8nam12lp2176.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.176]) by alln-opgw-1.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 14 Jun 2025 16:30:20 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ckqca6JXSCHFelIE2E5vupeTMmNCvjHlFbvw9hREeoFxvz0Wiot7f2LCZpGGV/Zgn7kXmEvcaV44D8Z9pWgjsGExTPK/zC3h2Vvx+e5ZTCX+c0Nd2w0BusxOHr7Yr/+IcioSan0T1ishDcxVmCI95WqAVdRZmp+HdYS662XeNHRwGXxh9kAUxoxagV7Al+1RidLS+NKbYd/FctLrm3KKBtZmlcc+gpFR4hMy4KjfNCS0ga/k9gD8Z4duhYgwDIgEL2c/m5u2/wRWJL3diCI8OMjX2KEilWAGFbvUgSW5hzYBmAK+I7P1RZI6CAgZrjHlioRMfXx08e/VnTX02CfaJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TE0Dry0S+WuuMiITkQ/mEarjCGGjUPoFSaiUJdbW8Go=; b=pbxsVJm49cGn0GpZ00+cgncfwcT+TYttNPvABOQMYiwOchthyApJKBVK4jh+KL9do/jFfmGd8Ua1tdc1li+qBSafzmYShQ0FdE/z8Ud/h+btsZz7+EeUcM9ONGgU63OuFWiZNu9TaYZbPJCPgeqVHs8yLZcuLsg36CfryQlKX6dQMvoKE3FbDrWd7c36EFI5oe2cmm7zzvEhFwtw2it5Gf8RU7UH03V3dwyXYfD8qayQZ5DRLDzQLPk7QkEbccOX2zo9FYDrmfC3yfHpK2OeQ7oIDxI7YTor+xaJ9MDOwIaWG69fqiDwXDkhFG2a7LB8uEiAo1zbaDsqfCwmZk06SQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from CH2PR11MB8867.namprd11.prod.outlook.com (2603:10b6:610:285::9) by CH3PR11MB7721.namprd11.prod.outlook.com (2603:10b6:610:12b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.19; Sat, 14 Jun 2025 16:30:18 +0000
Received: from CH2PR11MB8867.namprd11.prod.outlook.com ([fe80::9a8b:90dc:4fce:9bd6]) by CH2PR11MB8867.namprd11.prod.outlook.com ([fe80::9a8b:90dc:4fce:9bd6%4]) with mapi id 15.20.8835.023; Sat, 14 Jun 2025 16:30:18 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Thomas Fossati <thomas.fossati@linaro.org>
Thread-Topic: draft-ietf-tls-dtls-rrc-13 ietf last call Opsdir review
Thread-Index: AQHb06rMBzXG0ReVik6M7UdYM6v4t7PxfJjjgAGaaACACoU0gIAFT2ei
Date: Sat, 14 Jun 2025 16:30:18 +0000
Message-ID: <CH2PR11MB886706F9FE330695DB518C89B876A@CH2PR11MB8867.namprd11.prod.outlook.com>
References: <174861905887.2180719.14373569691399942951@dt-datatracker-59b84fc74f-84jsl> <pwsk5h3ttgqwmy25cixb7urjyyrudfja6ejgcstpksogr2tryl@top3oe6lebeq> <CH2PR11MB8867EE4132033FD6D0FF354EB86DA@CH2PR11MB8867.namprd11.prod.outlook.com> <do2iq7fhcn2xcficefbmu75klnnruperj35k3nigtgjrc6n7jr@s34djejwpsql> <4l3xuc4rvuii5ipda6l4733lej3bdispso4pxeq3yfr5zbudw3@vzzzrwour6k6>
In-Reply-To: <4l3xuc4rvuii5ipda6l4733lej3bdispso4pxeq3yfr5zbudw3@vzzzrwour6k6>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH2PR11MB8867:EE_|CH3PR11MB7721:EE_
x-ms-office365-filtering-correlation-id: 985953a4-2fa0-47b5-a990-08ddab60bff6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|10070799003|1800799024|13003099007|7053199007|8096899003|38070700018;
x-microsoft-antispam-message-info: s+cjIrw8O2MfkJ7j96cVYY+joXOfhWeuqWfG/dUjRUC6HC3WuiVPSSwr7JMrXMrnExgkMya1w6tan1nXSwr4PgQDIlVJBMf+PXDN5INMVmUU1JT+bohPrhGTL4OWUg8zOdKbbfvqnevxzB3e4boPN6li0k0Av9DOhGDN/4q1RrwptVGj7nLKq/AKBUzEK66JK9iOmgpDJ8IVWoZuzVbPsClmbzd3pSErUyaYbMTUZVgbI09LnxhiXSII8BPww/EproWoGCXpMxD8pgCNzP80HvL35P8mG3gusHh7o2lcq7HTM98QZwAYzL/5v4CJ0F9WPYAt7A37ojmPwilf1l1O1Xf/F58rf9LXb0VoMCYg+BFnNzPUGs/yTWul0FoB4lid7LInSOWcCz7aHWYBiRk7u+1q0RQYU47B2S9XlPxJzKUgwF/MKIhWSwtsnv7N1ImRz/cSSa9ng7HDiFRPyvQJEaef4hmROZstf/vDNVfLiiWA+t8nDrqTwtrRAfti6ixearbQIEkSybKhvX+p+pJY+dR8/0liTO4Rn8jCqDR9T2BScyzVJAcgUaiUw09TklOc/SEExiO0dkQ3sCjubOkI5uQn1ZNkqm7fVW5aadgw1LXzfv572NJa/+vfO/hYAfQ45qVtjQUyUm95DMv1AW3df6ttdFThsjPCAWuahaD5EpPB8k5CUOISAgSWjZgXCe5GKtefMqZOwn889tliCTv8azcy9EslZSSmMav+M4B+5M44tenI8oCKl+Imc1r68imZ/pKsHArrnteHGRxZE80HxvjE2k7XEqC2qtrmg8k8w3lhs0XgPC98AbRTV83yp5hzYo3KX8v63Dld7l8gF25Onxsjh5jtnslbPaHVvK03sfOZfXSA/R15Bp5k+VyeIOx+yM9GGoFXW520iTYTIFXG2489KVdFpH0j3iZqVNAiee49JS2jZ82ut6ZYpDYPSySlL5dymcEGfMJ8L90o4kqB7F1rkSkgG4cW5xIok3igUHCWu4+BngPGSk3jgq05A8xbTNHaJ2XJGWEQewQvcZMiRw9t+hzPQ2Q79mvjF+WsIo/s4NLD5alMLGLOC+jTEuHpaHHYXdoaw0irv46cwUojEXpuBpOKpkPMRbwNxwJWokmh6Eq+k9aO38DU0iDCwzvin8dauAqjq1x1gjsnie5UDpdY+PGUbuybYCUYX5uuGjDiKAuvs+kL6Dm5ZJaZZM2G1ZUcT/HJp3HaihlTcBhdkEDcWRaNUz24e4EPIFmb9JxycA4yjvmkSeY+o4m190ry5cE+OLllPC+JLSm7cUocy0JELMy/0s3+pmcvHHGP9ymus/DiIo3MsQRdwsXt4xz9qc1uKmuSch/5EXb8RSGbBzmLw7j+JNcHQpCoTTFKgbKXhYdBuXCAn6Jjnm1038EDlc1PzpW+rxn392WmpSM0tt+LjLieIsr2Vy73Oi88Ao8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR11MB8867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(10070799003)(1800799024)(13003099007)(7053199007)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Lvfl1+pPq1Hdm3tdgjqsi0czlvKkk43UZqwP9RXeY9uZX5lWTaRRia/BLKcWYP1xR4FAx7K74E0krE6VU15wnUs+BrKua+gOyVvO+KfNbUCePgez7bGdadGgoPC/0SmlN8DQaAu7IJvsKBNJxH4X26AZfTh1XR++1HzdhVhMAeQTcK11wrwGg9xtk8hoYHEitgSLRZT2sJB3yrh5/JKhUU49+qHhRpLetAOYOZkBXmL3eQqfOh0DzrOfa1KWwrGh0HkioW6RNRcFNA9U6KrMSYBriKDo3koksAHFtORPWrbIi3fhx44zDTTknMM+3/Z/1HPDkhbLeTeFdWe2S2I01xc2QcIinbQxOGzvB6MNyHZIg0knHdTxQSybko8FUxmuuXw0w1muiz+LbqI20Pn7pPz+AqrrC562+8n3At7fvcEbePMKEvNXEme2QNV/s7/qjBp8vO1Lh/OnTFnfcTQZ8Oo1yR42PRDLoUXk14DFzUtZKg5IIqLjafMeIJpFo5L2+3qQkljAQUcVkfEZ88z7iW61MoW/hQcOq2Q7w4YG+HPpNQ5bZwi65v+02UoXb3siXFAxDgHy1J28pGHH0VuSQuit6OQEICCpFJpd5hm0N9tJbMqevfpuhYGouZhVlWXrBRMotY8IOvTKeY+BIiVhmY5UpYJpPivQWkn4x2Z6ADG4OzyGxAus3JzOdn1HBRFVgZeH3DHPYb1xLOViyZYo1QPwJcBEhWtkyueGT88B67OS5iP4jHmQLYQtHvX2RDxG+meVwug3Bp7sReLh1oCwEW4a3sNQNV+j3rac8AAbKQkawaKoUW1vpzG8TIz59laQRL1rfVHf3ljAGn3wG8quOqwUdj1Wd+1c8H/2FzGXVpCt6YIssvDI78+HW4JHQGvrceAc+o+ppq4St3j/pbOiNLJeJJKwhnuTsNuET8L9hnn4SLmQZ6UaxDwPDcViwHMZTNH7MJop48EQ0BiGnDyy/Xdd7Og2cgnoeCEYYfgg9Df6TISDK9z1C6g+wenEoaO6RXzTRp09P1HoiBIsSpimcTIKrlewBQ5XCDtWcBks/yLft1FfsGw9wnj7/ws+DQIhM4sLtbqExAC4yO65pR3excD0cY/x31umxgokWoHMIOs6hONr6wQbiw4W51gNbAGn5h0YANcnTDarJNTIiT/adqpTeguDrn6CJM0Db0nNzjpjcdsyPJlPEnw0AzJxxdRjNUBnNyY2cE7T2ycjUJfRwEi+ZRf3J/ZCTWgCjUGQNX9IeHGFRLsfiD2TiT1mSsYs1qmZNmA2SEVoDpnbgrqCpgStp5Gvsq1KFaRmJJiZvkNKDIlNdHGGEByoUAQ4pOdOiLpGPc9yDT83b/giE+dghZoFhJGWtJ6fTmnjwPQjaiod5sNGnSkn+BEw0LtGZLnYKZYO3uXs9OpLj59rz6BWWmScN4Otkah3jgDgSLXKo2tq473LV94ZESBFTf37Xa/ecDrOMWVhiKNJYDB4s4Ajc4rW+7xZlL1sb/8XuOsJuMdYCWP02dvko4H3lW8YLPOE4DpNdXrD4C+EMEpNISctAAdd5uFhv8pKsBRwiHmRD83LweYeTFtQ6oos8BMl2Cz8M9ASygccgaPu/QYpR1U7WkkfX053qTasMo1lh24kjhBs+d1lAR6TQcAD1uEiK8CQG8xym88nX+9DW5G7iVwx7Q==
Content-Type: multipart/alternative; boundary="_000_CH2PR11MB886706F9FE330695DB518C89B876ACH2PR11MB8867namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR11MB8867.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 985953a4-2fa0-47b5-a990-08ddab60bff6
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2025 16:30:18.2241 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: frZvszoCfywSDoGEs5Y73wLI3xqijEqVshmSaPr2L2xlROKVtNR6Uph+eTXPDBG5nJK4IRxwWCMnjVFhUdHbpQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7721
X-Outbound-SMTP-Client: 173.37.147.229, alln-opgw-1.cisco.com
X-Outbound-Node: rcdn-l-core-08.cisco.com
Message-ID-Hash: OPSVQG4GMB3YSE7QNDM5RJ26CPI75Y6M
X-Message-ID-Hash: OPSVQG4GMB3YSE7QNDM5RJ26CPI75Y6M
X-MailFrom: jclarke@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-tls-dtls-rrc.all@ietf.org" <draft-ietf-tls-dtls-rrc.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: draft-ietf-tls-dtls-rrc-13 ietf last call Opsdir review
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eXsi4F0hussuQ_GOeo-18TvFOr4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks for this!  You captured my intent perfectly.

Joe

From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Wednesday, June 11, 2025 at 03:24
To: Joe Clarke (jclarke) <jclarke@cisco.com>
Cc: ops-dir@ietf.org <ops-dir@ietf.org>, draft-ietf-tls-dtls-rrc.all@ietf.org <draft-ietf-tls-dtls-rrc.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>, tls@ietf.org <tls@ietf.org>
Subject: Re: draft-ietf-tls-dtls-rrc-13 ietf last call Opsdir review
Hi Joe,

We have just published -15, which adds an "Operational Considerations"
section [1] that discusses logging anomalies and middlebox interference.

Let us know if you have any questions or further suggestions.

Thanks again for your time, cheers!

[1] https://www.ietf.org/archive/id/draft-ietf-tls-dtls-rrc-15.html#section-10


On Wed, Jun 04, 2025 at 04:44:26PM +0100, Thomas Fossati wrote:
>Hi Joe,
>
>On Tue, Jun 03, 2025 at 02:21:47PM +0100, Joe Clarke (jclarke) wrote:
>>>When you say, the choice may be offered as a configuration option to the user,
>>>who is the user in this case?  Is this the client, initiator, responder?  This
>>>felt vague to me.
>>
>>What we mean by "user" is the user of the TLS implementation.
>>
>>[JMC] Thanks for the changes.  I’m still wondering where this would
>>need to be.  There are two “users” of a TLS implementation (client and
>>server).  Would this be more of a config on the client side where they
>>wouldn’t want lag (for example)?
>
>ISTM the configurability should be symmetrical, there is no preferred
>angle.
>
>>>My overarching question on the OPS front is, while it might be out of scope for
>>>this document, would it be valuable to mention any operational logging or
>>>statistics that may be required around RRC?  that is, logging RRC failures,
>>>counting the number of times an RRC is needed, recording the time it takes to
>>>validate RRCs?  The details might spawn other work, but noting any interesting
>>>operational events could be helpful for implementors.
>>
>>I am not an OPS person, and I am not particularly familiar with what
>>SNMP/NETMOD provides regarding the export of statistics about TLS/DTLS
>>sessions.
>>I am not familiar with QLOG either, but I guess it might have modelled
>>events that are very similar to what RRC would need and could be used as
>>a starting point.
>>As you say, though, this would be separate work, so I wouldn't know how
>>to act on it at this point other than discussing your intriguing
>>observation with other implementers :-)
>>
>>[JMC] We’re actually working on a revision to RFC 5706 right now 😊 .
>
>Thanks for the reference.  This is a whole new world opening up before
>my eyes! :-)
>
>This also prompted me to look into RFC9312 to see what QUIC has to say
>about path validation.  Its section 4.3 looks like it may contain some
>relevant information, at least conceptually.  In particular, it seems to
>me that the boxes that could interfere with RRC are probably L4+, i.e.,
>load balancers and firewalls, rather than routers or switches.
>Would that be operational consideratiosn worth capturing?
>
>>The specifics would certainly be fodder for new work, but would It be
>>helpful to have a sentence or short paragraph to implementors in this
>>draft that recommends logging RRC failures?  For example, Initiators
>>MAY wish to log any unsuccessful RRC operations for Security
>>Information and Event Management (SIEM) and troubleshooting purposes.
>
>In general, adding metrics about path validation seems like a good
>suggestion.  This applies to both successful and unsuccesful attempts, I
>think.
>It's just a drop in the ocean of stats that a stack might care about,
>but it's a start :-)
>
>As I pointed out upthread, it'd be interesting to have a comprehensive
>look at QLOG and see if we can transplant any of that into (D)TLS.
>
>cheers, t

v2.35.0 | Report a Bug | By Email | System Status