Re: [TLS] Call for Consensus on removal of renegotiation
Alyssa Rowan <akr@akr.io> Sun, 29 June 2014 14:35 UTC
Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6141A0537 for <tls@ietfa.amsl.com>; Sun, 29 Jun 2014 07:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VJibLkW23bj for <tls@ietfa.amsl.com>; Sun, 29 Jun 2014 07:35:25 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82BA71A052E for <tls@ietf.org>; Sun, 29 Jun 2014 07:35:25 -0700 (PDT)
Message-ID: <53B02420.8010309@akr.io>
Date: Sun, 29 Jun 2014 15:35:12 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: tls@ietf.org
References: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com> <53AB192F.2040001@fifthhorseman.net> <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com>
In-Reply-To: <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/fXBHpD5SP_yOvVPURus0TTSPuxM
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jun 2014 14:35:30 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 25/06/2014 21:03, Joseph Salowey (jsalowey) wrote: > [Joe] to simplify: I support 2: In favor of removing renegotiation with the addition of rekey. TLS <=1.2 renegotiation is hairy - but though it's not the most commonly-deployed profile right now, rekeying is needed (for large traffic volumes/long-lived connections, and potentially for 'ratcheting' the forward-security of connections?), as is client-certificate authentication. Happily, there are better ways of doing both of these than the current renegotiation flow - so we can remove renegotiation as it stands, and address these use-cases with better methods. If we remove it otherwise, some people who need TLS won't be able to use TLS 1.3, and I suspect that will be a barrier to adoption we don't want. - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTsCQfAAoJEOyEjtkWi2t6xHoP/irmk1gJwFUoVRhqObWAHzVu Swl9Xk3B2fTzCpCn7yf+jojW1E/xh2lchN49UQ6Tdk4f3KboDCBFs/ebn/iObxUT nZL5AGoBI+vTsozX4/zVynHn/TmGhxMrGGl6TsH1M/aQ9jBPpsqgLCHmMGytqjcH Ui35qhy5QVsYkP3g4CSt581cuaW9gtXCzv/6x4f4kyb7Uvs54zk2W4ANvpFeVADY zJfKd6ov2zHcP19AaC5/yaej7SBelo34mD4ftcmHnG+TemwyB9pt41wGotI/2aRL KriC5haFEHBvM0kid6knNHJsOuvtzJr0eFPC9Hq4Ma2XLee8WJmMqJ4IPf8cDtYp tr6MVrZJcAWxyPFrzud/NnOba5Pycbw7Uvm1vzBH1ZmTjk/v6tDf/wUHlW6wtNdX ltAIh/IgnRlz0V++xqtGyvxJiJx/Uy03VznubgJTYqdhyr44foKxCNcWgPYrBgTE A736zZyBIk/3oU4lmmZ1nmnzKSCHxlqL/fdaOPGLiRaPidehLsDrE8U9odc3CNac vJHBwNLuKA8bB9gT0QfgpTYaoL9GzCZAbGl1szRC3LSTEuFYzwTF+bxMOJ0ysJu2 UXT7v21UNEVyxsbHtrTncREsnPuQc/UMyT7jyhul/4bBpEujkwYS9cQ9s1HqdMRL P9QFewjaup48ez6Fg9rp =lM/d -----END PGP SIGNATURE-----
- [TLS] Call for Consensus on removal of renegotiat… Joseph Salowey (jsalowey)
- Re: [TLS] Call for Consensus on removal of renego… Daniel Kahn Gillmor
- Re: [TLS] Call for Consensus on removal of renego… Joseph Salowey (jsalowey)
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Russ Housley
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Nikos Mavrogiannopoulos
- Re: [TLS] Call for Consensus on removal of renego… Hubert Kario
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Nikos Mavrogiannopoulos
- Re: [TLS] Call for Consensus on removal of renego… Eric Rescorla
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Tapio Sokura
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… James Cloos
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Eric Rescorla
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Brian Smith
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Andy Lutomirski
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Steve Checkoway
- Re: [TLS] Call for Consensus on removal of renego… Alyssa Rowan
- Re: [TLS] Call for Consensus on removal of renego… henry.story@bblfish.net