Re: [TLS] TLS DNSSEC chain consensus text, please speak up...

Melinda Shore <> Wed, 16 May 2018 05:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A0687126C19 for <>; Tue, 15 May 2018 22:18:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7guQnT-OoKy2 for <>; Tue, 15 May 2018 22:18:40 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 331EF124234 for <>; Tue, 15 May 2018 22:18:40 -0700 (PDT)
Received: by with SMTP id u6-v6so1412421pls.9 for <>; Tue, 15 May 2018 22:18:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=5ksYwzYF9HVGRHFh1Q/kjNspmqT+GRuul4YYOMIat54=; b=00MK9pwoHyoXRrhYJsmFqtDY/dd/37ha4KeCmKTfbGpzRcrr3EAJBGl+qN53LlDDAV ahPZtg0RoaDUTsk7gGIaw5XA8OzPWMf5z1BUBByw5OMShsh25VsF1ickV0aLlWC7Hwwy Di1BfmeVeqP9vz1BSLrSnrcL7QK+Ud08Pv2MxpikkAZHxYxo8KJeJ8MKJlFW6hzNXunl T0ebEbYg2bJLJgbrI2/I7oNmj4K8nvb7E2RXR1uE11s8Gj54EifVP9C9SqjZVPPEMGUe ekTUIFF+AHLCVp42IhXFDFOfBxf/+6CvoVRBaKWNlue4qQe6SDsgQFmaJz343WuMDf72 tSGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5ksYwzYF9HVGRHFh1Q/kjNspmqT+GRuul4YYOMIat54=; b=gFutF2K2DW7Jw7siaQR0ltAfpH37NS+prBa75zkli+g8Ft3fGKR5kL6eFWpbEUNEQI s8/l5BpkpPLDbu6LlZ5MBM1AsbDHvXj9Hah2VqSYhlY8MdXJb7/q454M1CaZbQCsRRpd HgGykcjr0YS/OopVrSnUia40MpAGTOJQwmAB42u5CZZ+GSrKxS37D8xmpBLfQq9FsFH9 YUt4nwDJQxPCDvXtSxBzLQSIjpX9ny1DizzAjUsWdvey/5AvzFR0pBSOutZOUKI8z3GA jaYnyVxJfQ2H6RIlVzVvjURmE8ReooguaMHry+i58M50Zq+NDvLzophLWLjw+KAG1l6l RU3w==
X-Gm-Message-State: ALKqPwfCHSHZogTBEDjSr1FSraX7tP2lAhJptqWqBh1TDzovMtMHYcdK cAPdr5cPuCVjKGfwRcBshfEI64U=
X-Google-Smtp-Source: AB8JxZodUCDSRXDqaJ1L/y9qS0JiF3zxZTYwzkSuZ3DP6TBsaYIy54WM6qdgNzUOTw1xP2tRSDHH8w==
X-Received: by 2002:a17:902:74c9:: with SMTP id f9-v6mr17859455plt.385.1526447919295; Tue, 15 May 2018 22:18:39 -0700 (PDT)
Received: from aspen.local ( []) by with ESMTPSA id m22-v6sm2359951pfg.20.2018. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 May 2018 22:18:38 -0700 (PDT)
References: <> <> <>
From: Melinda Shore <>
Message-ID: <>
Date: Tue, 15 May 2018 21:18:36 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [TLS] TLS DNSSEC chain consensus text, please speak up...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 May 2018 05:18:42 -0000

On 5/15/18 8:22 PM, Viktor Dukhovni wrote:
> It just leaves
> the door open going forward, at negligible cost (two bytes on the
> wire in bandwidth, and zero in implementation).

I would be grateful if you would have a consistent story on this.
Clearly, it's not just two bytes, or there wouldn't be a perceived
need for them.  It's two bytes plus the associated semantics and
processing algorithms.  In the event that anybody has an interest
in implementing something along these lines the offer to work on
an extension to support it still stands.

At any rate, this horse is long-since dead, and you're veering
into abuse-of-process territory.  Your proposal has been discussed
at length on the list, it's been discussed at length off the list,
and there is still no consensus to modify the extension to support
your use case.  And as a reminder, "Rough consensus is achieved
when all issues are addressed, but not necessarily accommodated."


Software longa, hardware brevis