IETF Logo Mail Archive

Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 10 February 2017 11:26 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D88A1294F6 for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unIKtpCP5cPz for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:23 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 32C23129552 for <tls@ietf.org>; Fri, 10 Feb 2017 03:26:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 575141CEBB; Fri, 10 Feb 2017 13:26:21 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id pK1LaYVhC7ln; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id E4F8921C; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Date: Fri, 10 Feb 2017 13:26:17 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20170210112617.GA21741@LK-Perkele-V2.elisa-laajakaista.fi>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tCnEWjw266muSH9r87h77Zxi7o4>
Cc: IRTF CFRG <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 11:26:25 -0000

On Fri, Feb 10, 2017 at 04:44:58PM +1100, Martin Thomson wrote:
> On 10 February 2017 at 16:07, Sean Turner <sean@sn3rd.com> wrote:
> > a) Close these two PRs and go with the existing text [0]
> > b) Adopt PR#765 [1]
> > c) Adopt PR#769 [2]
> 
> 
> a) I'm happy enough with the current text (I've implemented that any
> it's relatively easy).
> 
> I could live with c, but I'm opposed to b. It just doesn't make sense.
> It's not obviously wrong any more, but the way it is written it is
> very confusing and easily open to misinterpretation.

I couldn't make out what b) says, c) is much clearer.

However, even in a), let alone b) or c), the limits are so high that
one should do some greasing, or this feature seems like a prime
candidate for rusting shut.


-Ilari

v2.23.0 | Report a Bug | By Email