Re: [TLS] Feedback on draft-ietf-tls-tlsflags
Hubert Kario <hkario@redhat.com> Fri, 31 January 2020 12:27 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED5E6120804 for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 04:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GsrRyr1pVLkB for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 04:27:03 -0800 (PST)
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 458F2120129 for <tls@ietf.org>; Fri, 31 Jan 2020 04:27:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580473622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hwv0/kgrdcOkPi7G5LVbFp0ZYqJwd8TRxjhR3yU+B+E=; b=iU6sGrrGmhuVpTp7QXzubcthU/bGtdP7IWz7iwBqV7+JztR1aoxmOY9R/8v3w4DfLvt0Sy fqDTtJ6z8zTNaTZXdVK34A1gSMXe9w1jTXHGKjUHxhTeHVAYhFcIpIDlACXm3oL5WF3nme CKsZsRmSXo9sPP+fdFfh0XCJ5BuFTwE=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-125-st1KT1FKO72EaAlpwoXzRg-1; Fri, 31 Jan 2020 07:26:58 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E3B5C8017CC for <tls@ietf.org>; Fri, 31 Jan 2020 12:26:57 +0000 (UTC)
Received: from localhost (unknown [10.43.21.42]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9004B89E7A for <tls@ietf.org>; Fri, 31 Jan 2020 12:26:57 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 31 Jan 2020 13:26:55 +0100
MIME-Version: 1.0
Message-ID: <18990e66-1dca-4970-a4a0-a3be7bbc875d@redhat.com>
In-Reply-To: <a92e4269-cc35-9ecc-6c38-b62f9cecd626@cs.tcd.ie>
References: <6d2a87a9-6d9a-4a39-913b-e9f620275cec@www.fastmail.com> <6F2B5A29-E7EF-4F83-A5F7-A40484D319FB@gmail.com> <a92e4269-cc35-9ecc-6c38-b62f9cecd626@cs.tcd.ie>
Organization: Red Hat
User-Agent: Trojita/0.7; Qt/5.12.5; xcb; Linux; Fedora release 30 (Thirty)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-MC-Unique: st1KT1FKO72EaAlpwoXzRg-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mWWTYtXYqe9TQOQ5nHzxPJ4sgd0>
Subject: Re: [TLS] Feedback on draft-ietf-tls-tlsflags
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 12:27:05 -0000
On Thursday, 30 January 2020 21:08:39 CET, Stephen Farrell wrote: > > On 30/01/2020 17:57, Yoav Nir wrote: >> Hi folks. >> >> In case you’re not following GitHub, there was an issue with a brief >> discussion ([1]) and a resulting pull request ([2]). >> >> If there are no objections by late next week, I will merge the PR. > > Allowing 2040 flags seems a bit mad and a possible > foot-gun - with a specification required rule that > could end up worse than the ciphersuites registry! > > Given it's possible to define a tls_flags2 extension > if this one runs out, I'd argue to constrain this to a > much smaller number of flags - 63 should be plenty > I'd say. > > That said, it's not that huge a deal since I have > a hard time seeing implementers even trying to code > for 2040 flags and specification required is the > same rule as for extensions. well, if the specification says that it can include 2040 flags, an implementation must be able to process such an extension if the idea of this extension is to reduce the size of ClientHello (the utility of which I find questionable), then I don't see a situation where we will really need to send old and new extensions at the same time as likely – I expect that if we do allow 2040 flags, the extension in 10 or 20 years will commonly include just few set bits and plenty of zeros – wasting bandwidth again -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] Feedback on draft-ietf-tls-tlsflags Christopher Wood
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Yoav Nir
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Stephen Farrell
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Hubert Kario
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Yoav Nir
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Yoav Nir
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags Ilari Liusvaara
- Re: [TLS] Feedback on draft-ietf-tls-tlsflags John Levine