Re: [TLS] Update on TLS 1.3 Middlebox Issues

Watson Ladd <watsonbladd@gmail.com> Sat, 07 October 2017 14:44 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67337133039 for <tls@ietfa.amsl.com>; Sat, 7 Oct 2017 07:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rl4ebaqg6rKn for <tls@ietfa.amsl.com>; Sat, 7 Oct 2017 07:44:25 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E91F61329F9 for <tls@ietf.org>; Sat, 7 Oct 2017 07:44:24 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id q190so10936546vkd.13 for <tls@ietf.org>; Sat, 07 Oct 2017 07:44:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=nFGcXsX33FBhxCGvCcv1E7MDHPRttBYc+DwhJNWTKsI=; b=IuP5/oAnhF64O1UNx4Fyjy5WtGPQadK5F0P02RpABOtqse5NERk4XwgZOv0/DOskFp DSLBaW3PjTk9N9pN99BuXq/qxPx5JRrg3DCQ2Pjob+y3WFTfsOO3Qu8wUaR1lS7XZz4m jc/GZ7Sa9u/v/a3p/tPCgrxIFl5cUhTr3rV45/tsurUoxUTcB4602runG7uuoXO89o3f 5FhnCXEQ73EoyPiRKdu41+unVOaVTARpPmjQELfBsCBdenf4tcixmdZhfSfylh/pYQXj +LB4duPT0vLrp/kBWRpqw6yj2NcX0I1bUg430fd4+BZIpKVSZr+TvZUh0cWKvX/n0sed wARQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=nFGcXsX33FBhxCGvCcv1E7MDHPRttBYc+DwhJNWTKsI=; b=uQrbRETFu1hXQhZMxhy28e9fNy2zfoqwHJXVpxW4ffJfb1NsZCMvH+1EV19i1C/BhW SRNU5ectYgSAR2OOZEu4hW1CD/pNRyI/iRB+VrtujpD8rLGNZypP25xzPuW+edCT9TlH YxVvHga0D5ImIXbn8R1RdXz8cFjToS2rTFgf4s4zQwowvpDMvxz0nYxnmIfJal19iya6 dS0Dw3YkbGPju+6PtF2dgNQnPNk2y+lcaET329Ngc745dMp9q6rW8xHnrFaW+wwGXTkJ ai3BrwFyEOzw0K4vV7J6RgelEnhtf3VKGh9q+/PaULPRnlUITkA+IgqwhWpzZwbokgLM GoAQ==
X-Gm-Message-State: AMCzsaXPKUXr1mGiKWwyC8M7L4//bTPY3Zcx9s/PMmBYpX45mJ1n+lpP igE8jx9gU+yV9tuTL3N6hlKcsN30NE1XC3J9cms=
X-Google-Smtp-Source: AOwi7QAFtFX8NMZXfDzC2z0Uc/ETrny2br5OBW4Hp90RDm5t7ceY9SpDx4VvKXsEzaxzPsMD12dikb66fII7YAIklMo=
X-Received: by 10.31.8.77 with SMTP id 74mr2464970vki.25.1507387463870; Sat, 07 Oct 2017 07:44:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.48.129 with HTTP; Sat, 7 Oct 2017 07:44:23 -0700 (PDT)
In-Reply-To: <CAOjisRx9rwtbwBOTB+PegrKim2Q3bDmwbZi6KAu0aFMEaYSxRw@mail.gmail.com>
References: <CABcZeBMoW8B78C5UmLqAim4X=jQ8jVRYTP-L7RVnU3AScdFvFw@mail.gmail.com> <EAD84CE1-41A9-40FE-B882-18F077FFD691@akamai.com> <17791E16-1E12-4E8E-A098-31E961C2B2CB@gmail.com> <CAOjisRx9rwtbwBOTB+PegrKim2Q3bDmwbZi6KAu0aFMEaYSxRw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 7 Oct 2017 07:44:23 -0700
Message-ID: <CACsn0cmuJA9Pf4==P84k5QxyQAUCcQkrBN2S+x7L5c7bs1D1xQ@mail.gmail.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>
Cc: Rich Salz <rsalz@akamai.com>, Yoav Nir <ynir.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oUryWGN8WsEboQVvoZ1N1azDal4>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2017 14:44:26 -0000

On Sat, Oct 7, 2017 at 7:17 AM, Nick Sullivan
<nicholas.sullivan@gmail.com>; wrote:
> Yoav,
>
> Let me make a correction to your scenario:. Instead of:
> "You’ll need it for Chrome to work with Google."
> it's:
> "You’ll need it for Chrome to work with Google, Facebook, and most of the
> 10% of Alexa top million sites that are using Cloudflare."

Personally, if we can make the final version work better with a few
minor changes to negotiation we should, even if that means dropping
the version negotiation mechanism and using extensions instead. If we
end up needing more flights, that's going to be sad and we'll just
have to wait for QUIC.

Sincerely,
Watson Ladd