IETF Logo Mail Archive

Re: [TLS] Fwd: Last Call: <draft-ietf-kitten-tls-channel-bindings-for-tls13-09.txt> (Channel Bindings for TLS 1.3) to Proposed Standard

Rob Sayre <sayrer@gmail.com> Sat, 02 October 2021 03:32 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B17E3A0809 for <tls@ietfa.amsl.com>; Fri, 1 Oct 2021 20:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6qB743kzmj0 for <tls@ietfa.amsl.com>; Fri, 1 Oct 2021 20:32:23 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA2363A0805 for <tls@ietf.org>; Fri, 1 Oct 2021 20:32:23 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id p80so13864497iod.10 for <tls@ietf.org>; Fri, 01 Oct 2021 20:32:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PGC7UBiPHLTobzst/m2ijO+M4WZfQli/07J+Fhv0jf8=; b=nexOhlaXwwUQsxXz/xUSHfqMtSB3GeGJkDKcs7zgQhJxvKvL1ryhr6J+2ht4CGHr22 4ZbY1S6u/W1sY6XzA+pBYfwEv9UQpDcf2rkBjq9vsUE5PdgVERmJW9LlheF/4yeQth+P gq1Ufl47OtWcGxHkIyT4nrGNZ1g2JoDGLQV6MsZMBBd2rOBQ30Oj1g+CxLGZMJ15abU0 H53wtCW9x+kMQDxFeiKXHTXV+d6JkmZR79QYkbd5yARJ0AXA0j6fnxsqUDtwEVg+KIkX RAY/0b32kmYhcdEcbjq0GUEldcxnuHqR5IHsBDct8Iqarz2zUFXey2WhpEtpLSacCQd6 pESg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PGC7UBiPHLTobzst/m2ijO+M4WZfQli/07J+Fhv0jf8=; b=zdwaFV/uSJaoQxUGTPVEKs+W1l34lbtBcfhjPQlH6XS30VNAf84VkYlGVflTTojhBf 6ud/l7oZf+yhi81w8kHQemr76SmWzLMt+YtekrM4+iqRD/mCvrYHt7SkjSgmiBohI5Km ZDGjsrKyBO+gEEckYGL2mgnB5Emz36YEelxu3aZvY3XV+G0PM1euyv4DFHW/D9+s9TMA s54+8aAYvOdTk03kFqahvjMldZ4bJQLvM0e94mCLOsmeAZLdndysllAKY5st0hmBXftG 5C7TDHvSm7QWdhtVeHhU1kSiD6EfuSuHdDVNbhfE4dGNb3aB3julJ/ShqsJIVqi+ltqZ Icqw==
X-Gm-Message-State: AOAM533jlTM7fGaSsff3JeP7obaDJ0u3KPJDVXGGH7/aANy69ERxekBM 4zgJAQaFb9qTgSocyg96U+Z7mGzeQoxAVbcvPwg=
X-Google-Smtp-Source: ABdhPJwIhjKl7Z24o0xAl+ASere/918onnGmzGUFX6cikeU2eAS4LjqJs1hVOT5Jc+tZVqNRWVidswHcxF8PLPqQiHY=
X-Received: by 2002:a6b:5f1b:: with SMTP id t27mr1025026iob.213.1633145542654; Fri, 01 Oct 2021 20:32:22 -0700 (PDT)
MIME-Version: 1.0
References: <163311243544.13917.11736165165419008870@ietfa.amsl.com> <20211001190002.GC98042@kduck.mit.edu> <CABcZeBPQG82xJdwMrmj4-=9aJymo1xts=D6VZedBW5X9k+34cQ@mail.gmail.com> <92ed26c1-bfde-43c1-93f4-2bbdbd4f6ec1@www.fastmail.com> <CAChr6Sw6Rs42DfS8KgD3qasPcWM_gGZhWN5C4b7W7JsPy0wDzw@mail.gmail.com> <8796f867-12b8-41f8-b124-82b3ab0e2d32@www.fastmail.com>
In-Reply-To: <8796f867-12b8-41f8-b124-82b3ab0e2d32@www.fastmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 01 Oct 2021 20:32:12 -0700
Message-ID: <CAChr6SyKAnBcE9t68coGGXFt9WPLuDuWtVKoCXrK+QrwAVtPXw@mail.gmail.com>
To: Sam Whited <sam@samwhited.com>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000efbdfb05cd565320"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xbb8-7Y8iytFpD-WxtnnmgQdGfI>
Subject: Re: [TLS] Fwd: Last Call: <draft-ietf-kitten-tls-channel-bindings-for-tls13-09.txt> (Channel Bindings for TLS 1.3) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Oct 2021 03:32:26 -0000

On Fri, Oct 1, 2021 at 8:18 PM Sam Whited <sam@samwhited.com> wrote:

> No, I am saying that I have seen people implement custom solutions to
> problems in an RFC


Makes sense a goal—I think the objection is more that updating 8446 on
paper here is presumptuous, since that document took orders of magnitude
more work.

That should not detract from the work in this new draft, but hopefully my
message at least makes the disagreement more clear.

thanks,
Rob

because they don't realize that there is a related
> RFC that fixes those problems (or suggests how to do whatever tangential
> thing they needed to implement). Having a link in the related RFCs make
> things easier to discover.
>
> In this case, if I was someone wanting to, for example, implement
> channel binding between TLS and some sort of authentication token so
> that the token would not remain valid if the TLS session changed, I
> would probably go to the TLS spec to see if such a thing exists. If that
> spec doesn't contain the "Updated by" link, I don't think it's as likely
> that I'd find that there was a standard way to do this.
>
> —Sam
>
> On Fri, Oct 1, 2021, at 23:11, Rob Sayre wrote:
> > On Fri, Oct 1, 2021 at 8:04 PM Sam Whited <sam@samwhited.com> wrote:
> >
> >> I have to respectfully disagree with this.
> >>
> >> Anecdotally, RFCs are hard to discover.
> >
> >
> >
> > What do you mean, exactly, here?
> >
> > Are you saying that this draft “update” 8446 in order for readers to
> > understand it and 8446 itself?
>

v2.23.0 | Report a Bug | By Email