[TLS] Benjamin Kaduk's practice ballot (Yes) on draft-ietf-tls-tls13-26: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 06 March 2018 21:35 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5443912D954; Tue, 6 Mar 2018 13:35:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ElHyZkTLaBmW; Tue, 6 Mar 2018 13:35:01 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64C9B126BF3; Tue, 6 Mar 2018 13:35:00 -0800 (PST)
X-AuditID: 12074422-e2fff7000000591c-47-5a9f098144d1
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id F6.8A.22812.2890F9A5; Tue, 6 Mar 2018 16:34:58 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w26LYrii015015; Tue, 6 Mar 2018 16:34:54 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w26LYmvm018649 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 6 Mar 2018 16:34:51 -0500
Date: Tue, 06 Mar 2018 15:34:48 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-tls13@ietf.org, tls-chairs@ietf.org, sean@sn3rd.com, tls@ietf.org
Message-ID: <20180306213448.GG27850@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDIsWRmVeSWpSXmKPExsUixG6notvEOT/K4OsGbYud3RdZLWb8mchs cWVVI7PFnBM3WCw+ne9idGD1WLLkJ5PHwYOMAUxRXDYpqTmZZalF+nYJXBlHnj9kLFjFX9Gy ajFrA+NGni5GDg4JAROJ7l7/LkYuDiGBxUwSUybvZYRwNjBK/PsxjRXCucIkceDEUfYuRk4O FgEViftzFjOB2GxAdkP3ZWYQW0RARuJL+xQwm1kgVqJl+yxWEFtYIEai+8oWsF5eoG17dy1n g7AFJU7OfMICUa8lcePfSyaQi5gFpCWW/+MACYsKKEvs7TvEPoGRbxaSjllIOmYhdCxgZF7F KJuSW6Wbm5iZU5yarFucnJiXl1qka6qXm1mil5pSuokRHJAuSjsYJ/7zOsQowMGoxMMbsXde lBBrYllxZe4hRkkOJiVR3r3rgUJ8SfkplRmJxRnxRaU5qcWHGCU4mJVEeP8zzo8S4k1JrKxK LcqHSUlzsCiJ83qYaEcJCaQnlqRmp6YWpBbBZGU4OJQkeG9yADUKFqWmp1akZeaUIKSZODhB hvMADZ8LUsNbXJCYW5yZDpE/xajLcePF6zZmIZa8/LxUKXHeNSBFAiBFGaV5cHNAiUQie3/N K0ZxoLeEeZeBVPEAkxDcpFdAS5iAlpy/OwdkSUkiQkqqgTH5BtfynXO/ZqTkLi3giPTw29vx X6HU4EOpb8emP3O8lwv4XH69T6zZaMPDZy9Zp/Q5nQwUmHPqdmbc4Zxr/1jvShu15Vptdr33 Ma6pzGHrfO8zq/8XdK6J0brtOvFpkqr4b0XVJ/6vL3+ceql/hnyR3uuWwrhyxcQLDX9Fd6re EDKW/CO7bYISS3FGoqEWc1FxIgAPkoOe/wIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/n4QBIVrMDIHgB5c_a_GBfXXRHu0>
Subject: [TLS] Benjamin Kaduk's practice ballot (Yes) on draft-ietf-tls-tls13-26: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 21:35:08 -0000
[incoming AD ramping up on draft review; please consider this as a Yes ballot with COMMENT] I was a contributor for this work, so it is unsurprising that I support its publication. I have some editorial fixes that I sent separately as a pull request (https://github.com/tlswg/tls13-spec/pull/1166), but will note a few things that I did not see mentioned already. The HelloRetryRequest flow does not allow future extensions to change the behavior/contents of the second ClientHello (without Updating this document); it's unclear that there is a real need for this limitation. Section 4.1.4 notes that: Upon receipt of a HelloRetryRequest, the client MUST perform the checks specified in Section 4.1.3 and then process the extensions, starting with determining the version using "supported_versions". But I think the "checks specified" are no longer very clear (presumably they were more clear in a previous revision). The main checks that I see in Section 4.1.3 are to check for specific Random values that are signalling sentinels, but by the time we are processing as a HelloRetryRequest we already know exactly what the "Random" value is. I'm not sure whether this text should be removed or there are some other checks that I am failing to see. We recommend that for external PSKs, clients SHOULD send an obfuscated_ticket_age of zero, which allows observers to trivially determine that a given PSK identity corresponds to an external PSK. Is it necessary to leave this side channel open, instead letting the server look up an external PSK identity and ignore the obfuscated_ticket_age in that case? This document explicitly prohibits the use of the OpenPGP certificate type (RFC 6091) with TLS 1.3 but implicitly allows its use for previous versions of TLS. Preumably that means someone(TM) needs to remember to do a status change for RFC 6091 along with or before RFC 5246. -Benjamin
- [TLS] Benjamin Kaduk's practice ballot (Yes) on d… Benjamin Kaduk