IETF Logo Mail Archive

Re: [TLS] AD review of draft-ietf-tls-falsestart-01

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 06 April 2016 16:10 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408D612D15E for <tls@ietfa.amsl.com>; Wed, 6 Apr 2016 09:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cixTQxRObeRa for <tls@ietfa.amsl.com>; Wed, 6 Apr 2016 09:10:39 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACBF12D10C for <tls@ietf.org>; Wed, 6 Apr 2016 09:10:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B2EBBBE2F for <tls@ietf.org>; Wed, 6 Apr 2016 17:02:36 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07haYxdmAOLS for <tls@ietf.org>; Wed, 6 Apr 2016 17:02:29 +0100 (IST)
Received: from [31.133.178.21] (dhcp-b215.meeting.ietf.org [31.133.178.21]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C66D4BE33 for <tls@ietf.org>; Wed, 6 Apr 2016 17:01:55 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1459958516; bh=mPTUXLKRKLZ+wtv4eRX6Xf7bexyWs1bOQ+jRIRa5hOs=; h=Subject:To:References:From:Date:In-Reply-To:From; b=X0ZEKlyZ+otw5Y06QHl5GNiwCIDLPVUEPO9lZrRXKSXOY3T3mizxn3v3xnKK7GAx5 jIukinDBOeJYHAhKyVLGC79oEz4TxyUUD3HJ29QkScQO/Ibr+jqj28Nz7fI72joawq VUY4HLKpVzIkArb1rBbTNd0WuFRGuxk5VF+hmiW0=
To: "tls@ietf.org" <tls@ietf.org>
References: <56F2B2E7.1060809@cs.tcd.ie>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <570532F1.9090802@cs.tcd.ie>
Date: Wed, 06 Apr 2016 17:01:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56F2B2E7.1060809@cs.tcd.ie>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010702080701050206010107"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xU7NdvTv4fT-_Kayf5gWN9WxD_8>
Subject: Re: [TLS] AD review of draft-ietf-tls-falsestart-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 16:10:41 -0000

Hiya,

ekr, Sean and Joe convinced me #2 below wasn't really
needed. And I don't much care what the WG conclude wrt
#1 (and we can fix later if needed), so I've requested
IETF LC to start for this.

Thanks,
S.

On 23/03/16 15:14, Stephen Farrell wrote:
> 
> Hiya,
> 
> I've done my AD review of this and have three questions
> I'd like to ask before starting IETF last call. I mostly
> care about the answer to #3. #1 is just a suggestion that
> might avoid some process-crap and #2 is just me being
> curious (unless #2 turns out to be a part of #3).
> 
> (1) Why experimental? Wouldn't this be better as info
> and documented as "here's a spec for a thing that's
> widely deployed." I fear we may get questions like
> "what's the experiment?", "where's this going in
> future?" if this aims for experimental, and info may
> avoid that esp if we really want people to move to
> TLS1.3. I also didn't see list discussion about what
> kind of RFC to aim for, but maybe it was discussed at
> a meeting or interim? (Apologies if I missed that in
> my scan of the list.)
> 
> (2) The write up and some mail list traffic and AGL's
> bloggy thing all refer to NPN, but there's no mention of
> NPN or ALPN in the draft.  What's up with that? (Not
> saying that needs to be explained, but I wondered.)
> 
> (3) Why is there no description of the reasons for all
> the MUST only use whitelisted <foo> and for the choices
> that are whitelisted?  Wouldn't omitting that tend to
> lead people to use this more badly?  That could be done
> with some explanatory text and using some of the
> references below maybe. Or, if we don't really want new
> folks to implement this (do we?) then just saying that
> might mean it's ok to not explain the "why." (And then
> you could also address #1 above then by issuing this
> as an historic RFC too if you wanted.)
> 
> Cheers,
> S.
> 
> Possible refs:
>  - http://www.ieee-security.org/TC/SP2015/papers-archived/6949a535.pdf
>    (esp Section V-C)
>  - http://homes.esat.kuleuven.be/~fvercaut/papers/ACM2012.pdf
>  - https://hal.inria.fr/hal-01184171/document
>  - https://arxiv.org/pdf/1602.02396.pdf
>  - https://eprint.iacr.org/2016/072.pdf
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email