Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
Melinda Shore <melinda.shore@nomountain.net> Fri, 18 May 2018 01:21 UTC
Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D47D8126BF3 for <tls@ietfa.amsl.com>; Thu, 17 May 2018 18:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 68h69OMGB3Jh for <tls@ietfa.amsl.com>; Thu, 17 May 2018 18:21:06 -0700 (PDT)
Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9947B126BF0 for <tls@ietf.org>; Thu, 17 May 2018 18:21:06 -0700 (PDT)
Received: by mail-vk0-x236.google.com with SMTP id 131-v6so3868584vkf.8 for <tls@ietf.org>; Thu, 17 May 2018 18:21:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XKXBhJWX/AqjRhfMKeez+yIRvHZieapfoAtBnfKgsqc=; b=CbQ4MqhjF2lfwX6JbMnR5C7CcCp6rLCMt2QDs40aSD4HeYQTG/+fC/QkPtWYDfy2W5 GYk+j/YGsJMXfBfIXyWm52qyTyOMwQ/RSzSM1J5TAXEcnOncjlVgx3CuIHHA6TNuaUgh G8fX1wWMCIQKIDOCfbX5zLXVeu6tvdy2UkOuUIZldNEyp6/mxp1anpbRrw5mebEpQkr5 eknjWiJVmj9sD25MPXnk+48BrlA8NQZ4YkdSf73lbkT0fphdNs63Vx2O49T52KNLFihI txoMNTKK4PFjD/4fCwJLy1/M4vwXs4t3Np+hMla/Ehzdv4luP5jTgsO+U5wG6JI5Jrft GpGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XKXBhJWX/AqjRhfMKeez+yIRvHZieapfoAtBnfKgsqc=; b=ZZlY6+dC9Rsc8CKsvV7LnaePRSd1Bb/FdmdmdTkz0CwBRKfioKZlIwu3oqrq/zACV/ egp3x0Wu95UlHN8wKO/B52WivQmSN/8BPf4X8L0VEuhIX+XJKai7HB88S2Po/D8J0F1l VWv+HyhT//PwW+zmPbRjYJkQlxPMhG06D72Z0vDLGgRucO6ghUUVD/93k6I1XfveUJ7P MbyvKy2CdgMMWBFBPc2llAM1KmmKFX+fNmL8XlJT8OBCbSQbVK3CAqMq6OzLrv2NJu0U 43vVlK+Ff+Ez+tDM250w2bRaHaAcywcznAK/CO8Do8ocNInIjZLLaBoNVWsrop9kLVqG cfZA==
X-Gm-Message-State: ALKqPwdk9/ML5ISI/Slpmg9qYPVQtP/V08dB38bNgO6uz4gRc1e3708h PSbL7c8pC3dEH+VewQxOTzVlhk35n0160jWs+pfx
X-Google-Smtp-Source: AB8JxZrJfayvTMPLquLtJa1+iM9tQUaBXFkFcoYVeRwwJHm4PLHJdr/DFwdo0Ae/c0ZD+k3WhiMJMifFURk7CCMkM2k=
X-Received: by 2002:a1f:5581:: with SMTP id j123-v6mr5601186vkb.170.1526606465373; Thu, 17 May 2018 18:21:05 -0700 (PDT)
MIME-Version: 1.0
References: <CADyc_gYyyOiBPTMvfm4EkmN3z+8QjzC6WGjzXeEmnXGgKiP_qA@mail.gmail.com> <CAPt1N1kv2S+0ZfdXR4DKJphC4O7xruNdB-rGEBO=N8PzwnSucQ@mail.gmail.com> <m3tvr7450c.fsf@carbon.jhcloos.org> <BN6PR14MB11065C19155D61983D1954C283910@BN6PR14MB1106.namprd14.prod.outlook.com> <AA4DAC01-24D2-4D42-8C70-43ED07771FD3@nohats.ca> <BN6PR14MB110695743BBD593CE5DA75C083900@BN6PR14MB1106.namprd14.prod.outlook.com>
In-Reply-To: <BN6PR14MB110695743BBD593CE5DA75C083900@BN6PR14MB1106.namprd14.prod.outlook.com>
From: Melinda Shore <melinda.shore@nomountain.net>
Date: Thu, 17 May 2018 17:20:53 -0800
Message-ID: <CAO+QQRFYO0747SmzF2wvYzjKNYQsDtzKWbVHo9g8-_nGA+8MbQ@mail.gmail.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Paul Wouters <paul@nohats.ca>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000014ab0e056c70c4b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uPdWbsiKwKyt3Xj9s_eT5Z-50zw>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2018 01:21:09 -0000
And to be clear, it's not that nobody is going to implement the extension (it's already been done in an IETF hackathon and elsewhere), the work on the extension was funded by Mozilla, and there's been an outstanding request for this in Bugzilla. What's not being implemented is the proposed changes. But, it's clear that those guys don't intend to compromise and we're going to be deadlocked pretty much forever unless someone does something. That's not going to be Viktor and it's not going to be the chairs, so I guess it's me. Melinda On Thu, May 17, 2018, 16:20 Tim Hollebeek <tim.hollebeek@digicert.com> wrote: > I’m actually fine with that. You have to consider P_{extension > implemented and used}. > > > > Different people will disagree about the value of P. > > > > -Tim > > > > *From:* Paul Wouters [mailto:paul@nohats.ca] > *Sent:* Thursday, May 17, 2018 8:18 PM > *To:* Tim Hollebeek <tim.hollebeek@digicert.com> > *Cc:* James Cloos <cloos@jhcloos.com>; Ted Lemon <mellon@fugue.com>; < > tls@ietf.org> <tls@ietf.org> > *Subject:* Re: [TLS] TLS DNSSEC chain consensus text, please speak up... > > > > > > On May 17, 2018, at 19:44, Tim Hollebeek <tim.hollebeek@digicert.com> > wrote: > > Making things more complicated with no obvious benefit just makes things > more complicated. > > I oppose adding two bytes for some nebulous future purpose. > > > > The consequence of this opinion would be this: > > > > https://tools.ietf.org/html/draft-asmithee-tls-dnssec-downprot-00 > > > > Which is a lot of complexity for one TLS extension to define the behaviour > of another TLS extension. And it still adds two bytes in the 2nd extension. > > > > So if you believe more simplicity is better, then you made the wrong > choice. > > > > > > Paul > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] TLS DNSSEC chain consensus text, please spe… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Thomas Lund
- Re: [TLS] TLS DNSSEC chain consensus text, please… Ted Lemon
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tom Ritter
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Christian Huitema
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… James Cloos
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Viktor Dukhovni
- Re: [TLS] TLS DNSSEC chain consensus text, please… Peter Gutmann
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Paul Wouters
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek
- Re: [TLS] TLS DNSSEC chain consensus text, please… Melinda Shore
- Re: [TLS] TLS DNSSEC chain consensus text, please… Tim Hollebeek