Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 10 February 2017 11:26 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D88A1294F6 for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unIKtpCP5cPz for <tls@ietfa.amsl.com>; Fri, 10 Feb 2017 03:26:23 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 32C23129552 for <tls@ietf.org>; Fri, 10 Feb 2017 03:26:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 575141CEBB; Fri, 10 Feb 2017 13:26:21 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id pK1LaYVhC7ln; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id E4F8921C; Fri, 10 Feb 2017 13:26:19 +0200 (EET)
Date: Fri, 10 Feb 2017 13:26:17 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20170210112617.GA21741@LK-Perkele-V2.elisa-laajakaista.fi>
References: <352D31A3-5A8B-4790-9473-195C256DEEC8@sn3rd.com> <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnVrFGHe0eKREXbG_pv=y18ouopZsE2c5+Czz0HAGko6rg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tCnEWjw266muSH9r87h77Zxi7o4>
Cc: IRTF CFRG <cfrg@irtf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on key usage" PRs (#765/#769)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 11:26:25 -0000
On Fri, Feb 10, 2017 at 04:44:58PM +1100, Martin Thomson wrote: > On 10 February 2017 at 16:07, Sean Turner <sean@sn3rd.com> wrote: > > a) Close these two PRs and go with the existing text [0] > > b) Adopt PR#765 [1] > > c) Adopt PR#769 [2] > > > a) I'm happy enough with the current text (I've implemented that any > it's relatively easy). > > I could live with c, but I'm opposed to b. It just doesn't make sense. > It's not obviously wrong any more, but the way it is written it is > very confusing and easily open to misinterpretation. I couldn't make out what b) says, c) is much clearer. However, even in a), let alone b) or c), the limits are so high that one should do some greasing, or this feature seems like a prime candidate for rusting shut. -Ilari
- [TLS] Closing out tls1.3 "Limits on key usage" PR… Sean Turner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Stanislav V. Smyshlyaev
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Ilari Liusvaara
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Rene Struik
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Rene Struik
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Markulf Kohlweiss
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Tony Arcieri
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Atul Luykx
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Aaron Zauner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Paterson, Kenny
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Watson Ladd
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Martin Thomson
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Dang, Quynh (Fed)
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Brian Smith
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Hal Murray
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Andrey Jivsov
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Yoav Nir
- Re: [TLS] Closing out tls1.3 "Limits on key usage… Sean Turner
- Re: [TLS] [Cfrg] Closing out tls1.3 "Limits on ke… Russ Housley