Re: [TLS] Proposed text for removing renegotiation

"henry.story@bblfish.net" <henry.story@bblfish.net> Wed, 02 July 2014 17:48 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE671B2875 for <tls@ietfa.amsl.com>; Wed, 2 Jul 2014 10:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2XnaBvo0lrmH for <tls@ietfa.amsl.com>; Wed, 2 Jul 2014 10:48:11 -0700 (PDT)
Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40C121B2870 for <tls@ietf.org>; Wed, 2 Jul 2014 10:48:11 -0700 (PDT)
Received: by mail-wi0-f171.google.com with SMTP id n15so10085878wiw.10 for <tls@ietf.org>; Wed, 02 Jul 2014 10:48:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=r78tRCjWBhCcuP4Wxa56doy4zBmbrw19Ri9fI9Wt5/4=; b=TrE3PhAPlOmGcS3TmDOlS4asOm90/uKZYSSfORHZdm2FebV68S+/2EEDQP7de3hh16 EzTuI+jTop/pS+RLeYwRs+DKTietxluZAaDkPVErv5yrW2u8al9CSDVcWugINVEgWabw wAn/iPejc0+1+hmlH5+zTaRFApIVWpEkQNty2ivrgQcr90zo3S/MZJ79TmqoxKHgH1gV Kabuh33MO7+ELuHah3vz3JCWhgr9QlYwOpUt7B49GSNCsO0CHN9sIkmIOBpFxWtAB9zz 29P/XtLI6GG26I5aYUweEWPDNu91jqdVaMjaptX7q0GG+dtuiwxPUEgVtqgjfAn6des/ hONg==
X-Gm-Message-State: ALoCoQmigGiqnHLGz6og9Obdn1q5xX23aR/bW9sPzt2k4JOXpwipVHkfSPOkITM/rfNWbzRDRcBG
X-Received: by 10.180.84.168 with SMTP id a8mr44664484wiz.36.1404323289845; Wed, 02 Jul 2014 10:48:09 -0700 (PDT)
Received: from [192.168.69.71] ([81.57.85.198]) by mx.google.com with ESMTPSA id cz8sm56450361wjc.11.2014.07.02.10.48.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 02 Jul 2014 10:48:07 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: "henry.story@bblfish.net" <henry.story@bblfish.net>
In-Reply-To: <53A0AB7E.4050706@fifthhorseman.net>
Date: Wed, 2 Jul 2014 19:48:04 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0632D1D0-4941-4CC2-8392-08F079F15D52@bblfish.net>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <1402648977.6191.36.camel@dhcp-2-127.brq.redhat.com> <CACsn0ck6OxPm8BwuNeAn+wpayaefkAzZtiyjkaQ1sB_4hp0C_Q@mail.gmail.com> <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com> <53A0AB7E.4050706@fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/gMOfmD-ptOgbRLg_oebbP0FCJhM
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 17:48:15 -0000

On 17 Jun 2014, at 22:56, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

> 
> But I suspect most application developers who use TLS don't understand
> that the authentication state or cryptographic protections of the
> connection may change mid-stream.  Of the minority that does understand
> that this state may change, i suspect that many of them don't actually
> handle the situation well (if at all).
> 
> if we want to avoid this on the implementation side, do we need more
> guidance to implementers of TLS stacks?  or guidance for
> application-layer users of those stacks?  or both?


Take this as someone who has come from Java land and has recently moved to Scala-land.
In Java in 1995 the aim was to make APIs very easy to use, for developers used to
thinking in single threaded manners. But currently with the deployment of
multi-core cpus ( Eg. Sun Microsystems T5 with 16 cores and 8 threads per
core for a total of 128 threads, which in an 8 socket system can lead to 
1024 thread system ) and the growth of web apis, functional programming languages 
such as Scala are coming to the fore. Very good libraries are being developped there such
as the actor framework at https://akka.io/ with very good marketing for
concepts such as reactive programming ( http://www.reactivemanifesto.org/ )
and Reactive Streams ( http://spray.io/scaladays2014/ ) which is making it
much easier to code such mid-stream changes, and to think about these issues.

In the past few years of programming in this space I have learned more than
I had in the previous 10 years of programming. In short: programming has become 
enjoyable again, and in great part due to the development of these frameworks.

I just thought I'd mention that, as what may have been difficult 10 years ago,
has perhaps now become easy. So such implementor guidance should take into
account these changes.

All the best,

	Henry Story

PS. a bit of background on me:
   http://www.australianscience.com.au/interviews/henry-story-a-social-web-architect/

Social Web Architect
http://bblfish.net/