Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-session-hash-05: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 13 May 2015 21:01 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3508B1A8FD6; Wed, 13 May 2015 14:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DTJ4hVP-Hdkx; Wed, 13 May 2015 14:01:20 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 879A21A8BB2; Wed, 13 May 2015 14:01:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4428DBE54; Wed, 13 May 2015 22:01:19 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TssYlQl7zSzg; Wed, 13 May 2015 22:01:17 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.19.109]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AE85FBE51; Wed, 13 May 2015 22:01:17 +0100 (IST)
Message-ID: <5553BB9D.6070804@cs.tcd.ie>
Date: Wed, 13 May 2015 22:01:17 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
References: <20150508210811.2024.97744.idtracker@ietfa.amsl.com> <86F03518-FE79-4236-939B-4250F2185B86@gmail.com>
In-Reply-To: <86F03518-FE79-4236-939B-4250F2185B86@gmail.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/izrAIoDG9Zl2r0CA95XE4-drc9g>
Cc: tls@ietf.org, draft-ietf-tls-session-hash@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-tls-session-hash.shepherd@ietf.org, draft-ietf-tls-session-hash.ad@ietf.org, tls-chairs@ietf.org
Subject: Re: [TLS] Kathleen Moriarty's Yes on draft-ietf-tls-session-hash-05: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 21:01:22 -0000


On 13/05/15 18:11, Karthikeyan Bhargavan wrote:
> A question about procedure:
> 
> I agree with both Kathleen's and Barry’s comments.
> Should I incorporate them at this stage to produce a new draft, or should I wait for 
> some official notification?

Probably best to hold off until after the IESG call tomorrow in case
we collect some more comments. So, I'd say let's wait 'till Friday
for document editing, but do feel free to respond by email in the
meantime.

S

> 
> Best,
> Karthik
> 
> On 08 May 2015, at 23:08, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>; wrote:
> 
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-tls-session-hash-05: Yes
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/
>>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> Thank you for your work on this and a well-written draft!  The
>> considerations are very thorough, every time I had a question, I was able
>> to find an answer in the draft.  I do think a couple more references
>> could be helpful though.
>>
>> 1. I think it would be good for section 6.4 to note that SSL 3.0 has been
>> deprecated in
>> https://datatracker.ietf.org/doc/draft-ietf-tls-sslv3-diediedie/
>> It's ahead of this draft in the RFC editor queue.
>>
>> 2. It might be good to have a pointer to the UTA TLS Attack RFC7457 as
>> this attack is described in section 2.11 and there is no reference to a
>> fix.  It would be nice to show that known attacks are being resolved. 
>> https://tools.ietf.org/html/rfc7457#section-2.11
>>
>>
>