IETF Logo Mail Archive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Melinda Shore <melinda.shore@nomountain.net> Wed, 11 April 2018 00:17 UTC

Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498E012D959 for <tls@ietfa.amsl.com>; Tue, 10 Apr 2018 17:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7s8gxjZE73YO for <tls@ietfa.amsl.com>; Tue, 10 Apr 2018 17:17:20 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C07912D944 for <tls@ietf.org>; Tue, 10 Apr 2018 17:17:20 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id g14so76458pfh.3 for <tls@ietf.org>; Tue, 10 Apr 2018 17:17:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=cbKhXfmszm8R/l446Vq+vaOrLwloSHlmkjDoQZ9HJk4=; b=jGM43UpuommDobWB2zaeZJjUrLqpd2KECVgOqFkBqinGCqUxp9FQ5FhtA4YiuhzJrQ IoOmqVwmgF+7mfvonHkBULX3kZ1isne372TJt3H8xncUm5ko3AJPlZalU07AHuXeLpRM wx+l/qu6KJ43O0u97+XzYXT//FCrvuG8VtWXu4GbLjhoPEBqIVcIniTxpGyQ34Hi76vh jKYoLcZsDYYc8SSDtJZb2Q7A3b6dnPX018jPJ8UvoU1/dIpnGE85dUeA0/F/ZyvD2UwV N//K3vEgDvidH9X3SK7MsjHrpwUr2QYGZl5zxZDnvPwVcM0w65/FoMv23aFBEM3O6jWr R01Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=cbKhXfmszm8R/l446Vq+vaOrLwloSHlmkjDoQZ9HJk4=; b=aawveQG6stO4aakeqD8VRBmvo9Vgb6kN62x8BQthybc27/W4OHMAI1KB86zIREvg35 c5s5PwiHJSwcDcvSx99leHhTZRDXwRrzjOr+ApeP/3nuZDkhv2+Q8+6NHu1BSbpVDKiN z7UebZA9xc1rWJQIwUBYR3P8zhHIhGFmVTwJpe80KlOtn7JY+M391yZTZJ4wYfrOBWkw CAxyTQU0NJRif2zeUeQBw9bBjpS9zJs3kurMPnL/etkt8ltASg57JCvQql2hXxWKtBAk rgdt3r2Drr05kbvhfNmX4uCiF90IK/IUIAR6d074FA4Hmn+NAesopdBVS0WN7xSVRwNI P/0A==
X-Gm-Message-State: ALQs6tALk65EmFnvZn+u8Vv3iRzXpp2XAc4qatlLByx4TTeZhic3XOSy MLr5mJkBP006iZj42XFfVLI94hs=
X-Google-Smtp-Source: AIpwx4+e8Pp2Skdjdamelfji4qzBeI/KLPN/DEiPV5EmkmhnrxkCT+i2DshO+sUI/PB99RHlqPPp+g==
X-Received: by 10.101.71.194 with SMTP id f2mr1775175pgs.312.1523405839220; Tue, 10 Apr 2018 17:17:19 -0700 (PDT)
Received: from aspen.local (216-67-115-161-radius.dynamic.acsalaska.net. [216.67.115.161]) by smtp.gmail.com with ESMTPSA id w26sm9886852pfi.17.2018.04.10.17.17.17 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Apr 2018 17:17:18 -0700 (PDT)
To: tls@ietf.org
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <CAHPuVdXfVQ5ZYL+dTvFeTfOaz2NNPrqxvnWuqJkxu0aaKDF_Sg@mail.gmail.com> <20180410235321.GR25259@localhost>
From: Melinda Shore <melinda.shore@nomountain.net>
Openpgp: preference=signencrypt
Autocrypt: addr=melinda.shore@nomountain.net; prefer-encrypt=mutual; keydata= xsFNBFppZ0gBEADFwxAi5szDOsM/6+CH4pbYTX7D+2gjLY4xEE7ydQcAF1WVLvcWXrpZM0GO /eA4N1PJ+OT5o8o9zVr7izMJkiLwcnQmxHdlYgZ9E+Cm8hDtMyEPBQwsYTkE5kpbGCmBAZ+W rHNHjvDg366uZQHzJejenB1/V4+rxMZs1Ak34Az2MVOz9Doecaiadpw3NpH3+1VXY/qilqnM lznINSANqD0ktxB/CVKjxl3/K5JnVnLp0h2kiUqt19hQPX2JmLcgaHzu+Ceb34/HZWhs0CiF c4auhQ3A9PcccOprQh6IGW1xo6RP3OEbeRFqeovgBWS+DIWzMIM0a3G2LDid0889QYwEv0zZ RPDCcF3g15mlkeUUmwKQ6eAagPyTqLtTiOKULqy9bQahyX2eqlySrF+HqlwGeNoG+A4l1Z2Y S7NCBLPIzUk2RuSKMBaKw86ORzvg2Advrw4bdv7kbDkArGzywky61SEB/q+GqR466mekXx2F O+m8RuoSnWrBsKvD/bhELHcneorIBleGz+VL7i5adU0rIydG3jPTfUeXoCZIeNx1LannxnAR ihKdh5+FE26WiiK6VmZWkvFjaPFwWGjvAsi82Pd9QgHhnG/XzINpXw/3HF4wtBTU5nIExMzC +FbJxCPq1kXpqSxJqg7hgUFvD5jUD9lpN5Br/S2dUgJj95bbPQARAQABzSxNZWxpbmRhIFNo b3JlIDxtZWxpbmRhLnNob3JlQG5vbW91bnRhaW4ubmV0PsLBlwQTAQoAQQIbAwUJCWdTAAUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBE9oLZMqF5b4IPI0wN+4kXKadtuPBQJaaWd0AhkB AAoJEN+4kXKadtuPmvIQAJvVNnT0qhltq35AQ9Z1Ipx1IkEcQ8+yyMNLgyV9ZYhn9wn9JS/C TSb7HDSyTRiIz8CnaiCIOn2ZpT3sgYFw3cijT6YfRiifCeu4z3ea+XXOA/VyqXo42ARWOvq3 XdY3uj/j1c39PvhbopUwhulHzFJL7cMJCLEws588HdLwT8GVe+aTFPP4buJRqpOM0kSr/gkN 1IYKI0x1w6NgsgrYjCnv/VUwThjcVWPwMvZStvBnGquE6tvEmlnY+5cRktKSFw4X1ijxKzJD m0iqg7P7gNjC0r5uR2fF6BC0OPo9txPnabYph1wZ7V/5gnDwtWimD0ER77EO5Mr3zZHzva5v EwDpEbKXI43XAfpbxz3uc2fmXE2cvOCFgY/fTpX4kjVaxyFvjf1zrsac/7qFzwvgotYrYSc+ E1Ts+n1hWwsDA+qw/9reE1z9w+sn7SKL7zlS9sV54rfcd1AT0aMwlhAkEOaXRutriQ9BWWOv TOZBtRuV5RO/ZieY7lLX2+na2LjxLyak9k6wYwQwKvzvovBrr8zwDfJQDQujdVhk/lrlngAw Qh/U9dOg2hTUNiFHbKe1N+4vNCW/aLqm33LEV/vK/KepGsTl1ezQotOr0d05h2QySsdAgLCX Gv7bb+wTl/8Yx8hZfZO68KoRk8Zy4Yz8kE5LWJir+QQC7m7oo/4wZZcIzsFNBFppZ0gBEACg ZuM18ghzSuhuv+n0kWyWCeEWrx9Ey03EgFj5alBt55+OLv3dOsdyBHJxjtd0cZS1XaKZlgr1 YZ0OpQNv/Wyy8uSW2BZ6hyG1SKN9/1MmfJLNnjjxaBQP4yaMwDdS3wX7hoWY19IpVPZHYDR3 5FAgSnG/s6we+IOITM1TJoOJs4+ygeK5dC7LfRoj+lkEHYrTcglYVuwsyK2FNz/sF8kJW1fE ZHM66phSbhCvwbECWbb4eDGXbKZY92W1RTQ5U5td8DMLXyYipQphrcoeRXpb18DbOnE0WwIQ V0yBgc/rTiUt/wVjasd1RrsCPBQC/uJ+ZHknvr2MoxIWBBsRtKYHG66aOL+nDV8X1miuF6j4 cztvgmdqrwPHpAKVxhfwd/G4suNBunYw4/kAV9b2+eidX5em3NtPPNl/qNjsmEHQGn/5JKRH RvQs0yuigXDhN2N0keoHrbGCE8kyA/d83L7E9d95hsf3JxpRzmeaTze+NpcIaX5uXdKOaCBj Ltx1tOrDA4XX7Y3nY+waKZYa3RvC7yulFJiKfYWDSriWeQXcXj06p8H6vF6sy9LeX9xRRjTI 7qDHFxwuMQIKGqgufXtxu0pxxcMqXTEUPZnxUWUvuFjjYvEmtO92+Ot/NuotV8JvRPwg2OnY jMJodU1X7hzEs8djtgZG+t3FEGK3i1EJUQARAQABwsF8BBgBCgAmFiEET2gtkyoXlvgg8jTA 37iRcpp2248FAlppZ0gCGwwFCQlnUwAACgkQ37iRcpp2248krg/9H896KtAQCAV0RcV3QqZ7 5iY5pCxpRyxAaR0PjE5jiYV5gUHPCKtr9UPZt4Bi+bzNLQ2KJK6Rx4XNf5lQWopEo1IxtOiF PjkrQIpNkYmFWyOGpKpSIDhgsJpswZqxPDLpo+59GNlSUG6v3sMAnx+Gvtvqczkvg6UPDN/J YK75BIGoCGZMyor1B0EmRYj98LdwjT95dQZXjZvWBDeIx+NxUZKoA7AlR/xgsN3PHGq4SApM LL0R/qbiLIzUPnTPt5sBs0peflVvMrtgIMiZ9FdYPE+VWy5+X2AmeFg6Zl5W76HQUP6eYZQV 5abZ+iiW9lY1TmqsqpTIDu/ZMy7pLknxV5E1vQy+wsihluDYydaQ4HWoNaY7QFb+x7TsvjJR i+cH7By4jxohTWUuaukuMmT0eEaesWJSraAmxsffqJwDpsi0chZskuXjEm9gX6rY7MhzOZl7 Vz9F+6MYTtTmT1mpkLAMWf1/JuKUCfnSAHRlDxUOAG6QSJoHWAGqYy3XiF9bN63yQ6xllloS bbMvP9VW0e/iFKMKEIvfIvAg0IrlPcfKAGuuT1axwIU7da/N7LOcXyDDSEUuSzvXL/BkWyjx uLzdLY6eTvC6ZT/fA5iS/PAUj0WbrWNrHQtQ5OY2+al2v6JdLu/w6IZJCBpTosOAOzzmre+3 1fk1HKwqd9xRxC8=
Message-ID: <d65fbec0-bad7-1261-9dc7-16606f9f95ca@nomountain.net>
Date: Tue, 10 Apr 2018 16:17:14 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180410235321.GR25259@localhost>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wlXQWwhmwdwu18DbqeAEx71VxzPvTBd2X"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ois3E2YnrASb9hfKwaLVMxkrvK4>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2018 00:17:22 -0000

On 4/10/18 3:53 PM, Nico Williams wrote:
> The earlier consensus is not just applicable, as if it were, we would
> not be having this LC.

I have no idea what that even means, to be honest.  We're through
last call, and it's not that the earlier wg consensus isn't
"applicable," it's that you've raised new issues.  So let's be
clear about that.

I've been watching this discussion and trying to get a handle
on what's been going on (and how this fits into several other
IETF issues more generally), and I think this discussion would
be over if the people arguing in favor of changing the use
of the extension had plans to implement it.  But so far nobody
has said that they do.  It's been suggested that if we intend to
stick with the original, intended use we can just ignore the extra
bytes, which strikes me as an exceedingly odd argument for including
new protocol features.

It's unfortunate that over in DNS-land they're discussing how
to get rid of unused features that increase complexity, while over
here we're having a discussion of how to add unused features that
increase complexity.

I think those of us who care about the institutional effectiveness
of the IETF and the value of the standardization process care
quite a bit about the amount of time it takes to push a document
through to publication.  Aside from negatively affecting the chances
of the success of a given protocol, it's harmful to the standards
process more broadly and discourages participation from people who want
to get work done.  There's an unfortunate number of IETF protocols that
people worked on for years and that never saw implementation, and
it seems to me that we ought to be trying to minimize the chances
of that happening with the protocols we're working on.  I haven't seen
anything in this discussion that leads me to believe that the
extension as specified is fundamentally broken or insecure for its
intended use.  I'm good with adding clarifying text or scoping it
more clearly, but beating this thing to death for a use case that
nobody intends to implement seems a bit misguided to me.

Melinda

-- 
Software longa, hardware brevis

PGP fingerprint: 4F68 2D93 2A17 96F8 20F2
                 34C0 DFB8 9172 9A76 DB8F

v2.15.0 | Report a Bug | By Email