[TLS] "Do your own extension" considered harmful
Nico Williams <nico@cryptonector.com> Thu, 05 March 2020 05:12 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 959C33A0C4F for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 21:12:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaSRHyRMkdMF for <tls@ietfa.amsl.com>; Wed, 4 Mar 2020 21:12:38 -0800 (PST)
Received: from crocodile.birch.relay.mailchannels.net (crocodile.birch.relay.mailchannels.net [23.83.209.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D23513A0C4B for <tls@ietf.org>; Wed, 4 Mar 2020 21:12:37 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DD2DA2601DF; Thu, 5 Mar 2020 05:12:36 +0000 (UTC)
Received: from pdx1-sub0-mail-a68.g.dreamhost.com (100-96-206-239.trex.outbound.svc.cluster.local [100.96.206.239]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 314E52601A8; Thu, 5 Mar 2020 05:12:36 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a68.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.5); Thu, 05 Mar 2020 05:12:36 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Army-Tangy: 66cc66f11abae17b_1583385156674_2427796502
X-MC-Loop-Signature: 1583385156674:3294998413
X-MC-Ingress-Time: 1583385156674
Received: from pdx1-sub0-mail-a68.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a68.g.dreamhost.com (Postfix) with ESMTP id 800AC7FB1F; Wed, 4 Mar 2020 21:12:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:mime-version:content-type; s= cryptonector.com; bh=+9rgMO4oEdPlP/i/wcMqsOtWD/M=; b=uJ3SH2G9Kss 9PJqfSK1QDGd5X8RW6zuSiiI8CYGkIMHpddIgtV02UpLdA0CwkdaWACuDCYsQUKl SBu8SnG9AB1zNuihFQYMfl4RF9jSlg/gzBUBBasNXc9C4fY7iXpGQ1NHi26OcknG IDHuT7qM4OPjTYqYAOrgK9LLvpKVWxw0=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a68.g.dreamhost.com (Postfix) with ESMTPSA id DC03D7FB1B; Wed, 4 Mar 2020 21:12:30 -0800 (PST)
Date: Wed, 04 Mar 2020 23:12:28 -0600
X-DH-BACKEND: pdx1-sub0-mail-a68
From: Nico Williams <nico@cryptonector.com>
To: tls@ietf.org
Message-ID: <20200305044505.GQ18021@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: 0
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedruddtledgkedtucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtuggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecuvehluhhsthgvrhfuihiivgepudenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomh
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hv95cg0UF2YFQhjs03q7ElrSSeE>
Subject: [TLS] "Do your own extension" considered harmful
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 05:12:40 -0000
The ticketrequests I-D is likely to be the second time Viktor (and others including me) have been told "do your own extension, we won't oppose it, make it an individual submission, whatever, have fun and leave us alone!". There are several ways in which this attitude by the WG, by the relevant I-D authors, and by the chairs, are harmful. Let's focus on just one harm: feature matrix fragmentation. One could stop right there. No doubt we all understand exactly what "feature matrix fragmentation" means. Just in case though, let's flesh it out. Suppose we get enough of these "bleep off and do your own"[*] cases, and so after a few years we have some number N of specialty extensions, where N > M, where M is the number of extensions we would have had if the WG's attitude had been more constructive. What would that mean for application developers, and for TLS stack developers / maintainers? Well, an app developer might say "hey, I need these three extensions", look, and find that no TLS stacks implement all three. Sadness ensues. Now the app developer might need to implement support for one or more extensions in some open source TLS stack and wait a few months/years for that to be integrated and ship. Or worse! the app developer might have to wait for a vendor to implement and ship. And TLS stack devs/maints will have a nasty time of it too. Besides having a hard time approaching 100% feature matrix support, they might find that some extensions don't fit their stacks' APIs very well and require significant rototilling or worse, not even attempting to support those extensions. The latter is what happens when substantive feedback is ignored by the WG. And yet that is a major reason we should want WG and IETF review: so that such impedance mismatches can be avoided where possible. Undoubtedly there is a cost to accepting substantive feedback. E.g., delay and extra labor costs. But that cost is limited by the process that we have (only timely and substantive feedback needs to be considered). This cost mostly affects us, WG participants, and implementors, while the feature matrix fragmentation problem's costs affect primarily users and implementors. On balance, I believe feature matrix fragmentation is easily the costlier problem. Maybe we want to consciously and explicitly accept this feature matrix fragmentation issue, in which case here is a humble proposal: that all TLS IANA registries be made Expert Review only, and that the TLS WG stop accepting work items that don't involve substantial changes to the protocol. If the only objections or improvements we'll allow are security or privacy concerns, but implementors' and users' concerns are to be excluded, then we're impliedly headed towards feature matrix fragmentation. Besides, allowing authors to dictate what is and is not in-scope for their documents is practically the same as rubber- stamping, which is... not what we are supposed to be doing. In any case, it's NOT OK for authors to refuse to consider substantive feedback. WGs should police reticent WG work item editors and authors. I know, because I've been an editor/author who disliked where the WG was headed with an I-D of mine and I had to accept it. Indeed, I was threatened by a WG chair with removal as editor. I don't see why other authors should not be subject to the same treatment. That's not spite but right. Oh, and a word about the social harms caused by your attitude: there goes good will. Appeals, end-less and bitter ietf@ietf.org threads, more rather than less WG work item review specifically to find wrenches to throw into the gears at the worst possible times -- these are things that the aggrieved might resort to. That's not a threat: I'm not a maintainer or developer of a TLS stack, so I'm more likely to leave this WG alone if it insists on its current approach than to spend my precious time on fighting it. Nor can I or do I speak for anyone else. But I can imagine someone taking a scorched earth, spiteful approach, and if they do, you best bet I'll be eating popcorn and cheering them along. Nico [*] No has one said "bleep off", but that's clearly the message being sent, and it's certainly the message that's been received.
- [TLS] "Do your own extension" considered harmful Nico Williams