IETF Logo Mail Archive

Re: [TLS] TLS interim meeting material

"Salz, Rich" <rsalz@akamai.com> Fri, 14 September 2018 16:13 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D3AD130F39 for <tls@ietfa.amsl.com>; Fri, 14 Sep 2018 09:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iH_QlW_tRLOY for <tls@ietfa.amsl.com>; Fri, 14 Sep 2018 09:13:06 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0A85130EA1 for <tls@ietf.org>; Fri, 14 Sep 2018 09:13:05 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w8EG6vFL008098; Fri, 14 Sep 2018 17:13:05 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=U3/K5VnAqZ6ShQ6LNU0FfZIx2/xiqS9KEv8XfFeck9U=; b=G5kIBPzKXXZcm7O2s1jnnsX8Edq5PqG95RDgddYle/wvdNK8B1XPNgi+kbSSj05oGdBO N6SJpsk/8s9pWnI441LuK7J7Jifu7RGGPmGQRSU4UBnDCU9qOmyOEXijxQ8QbkGuL9zn 78f194NRqZwa4M2vTJdPWAnKchzt7JQUJamxqC46ZhTtc4N6XIgnUvCjNDXpWTWo9RJn SFJm75yMvg45s9jMMxAmZ2xmwJCk8R0LNgqmQH3BiVzPI0id//tcLIJ/n+7DKQuH5eF6 9060GOmugISXMkDzSHmDrSgb093YCZjjSF4rVhaOIGynrFk07EDIYM/VgnqwGLFnqGX9 qw==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050102.ppops.net-00190b01. with ESMTP id 2mf2tbta5c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 Sep 2018 17:13:04 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w8EG4tgb014419; Fri, 14 Sep 2018 12:13:04 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint2.akamai.com with ESMTP id 2megccau8k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 14 Sep 2018 12:13:04 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Fri, 14 Sep 2018 12:13:03 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Fri, 14 Sep 2018 12:13:03 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] TLS interim meeting material
Thread-Index: AQHUSuE/f8Z3JNFprkyqLK9+/GUBm6TwKceAgAAENACAAAnXgP//vgoA
Date: Fri, 14 Sep 2018 16:13:02 +0000
Message-ID: <058802F4-4869-4EB3-A2C3-5E2F96B0C555@akamai.com>
References: <alpine.LRH.2.21.1809121721300.5141@bofh.nohats.ca> <CAL02cgRfOF1Y_XC-=oPqB59RV97=O9_9BJHg2cE2mx3Rk0m26g@mail.gmail.com> <D29B3688-76C6-4A91-9C22-5B0C2601FB19@dukhovni.org> <CABcZeBPS9VAmQnOKJFoMMqzV-FJrMwqZjbjR-RtxcXA56z3vow@mail.gmail.com>
In-Reply-To: <CABcZeBPS9VAmQnOKJFoMMqzV-FJrMwqZjbjR-RtxcXA56z3vow@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.107]
Content-Type: multipart/alternative; boundary="_000_058802F448694EB3A2C35E2F96B0C555akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-14_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809140164
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-14_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809140165
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sg5HA-y-Bqy9AhpEmABrUBjUkQ8>
Subject: Re: [TLS] TLS interim meeting material
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2018 16:13:18 -0000

  *   In theory perhaps, but as a practical matter, no browser client, at least, can do DNSSEC hard fail, because the rate of organic DNSSEC interference is too high. Indeed, this is the primary reason why DANE over TLS is interesting.

But that doesn’t make Viktor’s statement wrong, does it?  Browsers are ignoring the FAIL state; they’re not getting a “neutral” result, are they?

v2.23.0 | Report a Bug | By Email