Re: [TLS] AD Review of draft-ietf-tls-tls13

Dave Garrett <davemgarrett@gmail.com> Wed, 17 May 2017 02:09 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6980212EBD2 for <tls@ietfa.amsl.com>; Tue, 16 May 2017 19:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id no60ZQ5uTrXi for <tls@ietfa.amsl.com>; Tue, 16 May 2017 19:09:12 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C82C11293D9 for <tls@ietf.org>; Tue, 16 May 2017 19:05:23 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id u75so145053802qka.3 for <tls@ietf.org>; Tue, 16 May 2017 19:05:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-transfer-encoding:message-id; bh=TkwKmcVnRlPvTcmIr7/8+01hCHPmzrQ1jtVPgECqnD4=; b=bW4/B5K1awbn+6/UzFmClTs2NVJU1Xin8E6kgSBlzhcL6TDGpCVUVnqCnU+OuIE5n1 aQRG8hpz5UH6Ij1p3EiG71+FsEHeezzjn/DHzA7EDNuKYtqG8C9I61ZN06RURpk+k4U8 mOHXbZMbNCgy17J2nL9yBlcJTJsEM4cPxRYjiSZLsx/gzAPt0/MGp9qvgieYOEYOHPNn OO0azuSgJxuutE2L3w7UT+WWQxhULEE/Lsa1YDSHP/rU05s2x5sCu8zcT7JcpJNOF/l8 OYl0ht9L0km2nl8meo3n1rLfl/qzKLsl7mf5hXx2lmbbFonWbKbx05zKJq/rkJGi7EGp 2Xvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:user-agent:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=TkwKmcVnRlPvTcmIr7/8+01hCHPmzrQ1jtVPgECqnD4=; b=rpsimh0glFCaeD8ewsAEWw9PT0bZOa9Ix23IWT+85qdRYiPjMmOifB2QFZ8RUKJEaO Q0H0+fFbVb3kWTX/hMUA+qOhlDAMmvX/CEwAEo49kV43HBymjQ5HwLmvOdDTXl3e0wmh pSfEw+ptXkWUXnZ0/wJe3hxuaD+giUAa591N2mbU0flx4WXyQPCu1/Khw1BE/73b06WC iIDUd0vLil16kylhcIfi0G07L6fcUVRR9ye6LT4lhZoAS9iArIqF+5wC534u/M85uefx aWMXiueEeUTvoscE78/3B5aU8Sv868wKU6T3yjVA+TqF+XLVk5cIG23IwA/WWsD/9Ykw OUVw==
X-Gm-Message-State: AODbwcBcpgRebc3ZbzT4xqSc+tG3E6xdi3yB43S4w2TownI2B8w+49en HotwOG8oojYnMy3u
X-Received: by 10.55.221.8 with SMTP id n8mr808093qki.103.1494986722848; Tue, 16 May 2017 19:05:22 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-185-36-197.phlapa.fios.verizon.net. [71.185.36.197]) by smtp.gmail.com with ESMTPSA id x31sm470975qtx.12.2017.05.16.19.05.21 for <tls@ietf.org> (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 16 May 2017 19:05:22 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Tue, 16 May 2017 22:05:20 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CAHbuEH4PXU5569RYJ1uPcriQruCewmRrXUU3MVBZ+GtpyceiAw@mail.gmail.com> <CAHbuEH7djXnZv-SvOFyLxTb6UWCKj8Hn0ZMS3ccgvviuPuPFKQ@mail.gmail.com> <854FCD7A-B4C7-4E7A-A45E-7EECAA5E856C@dukhovni.org>
In-Reply-To: <854FCD7A-B4C7-4E7A-A45E-7EECAA5E856C@dukhovni.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201705162205.20905.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yectREkoFYf2wqutuNqtOIxk4uQ>
Subject: Re: [TLS] AD Review of draft-ietf-tls-tls13
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 02:09:14 -0000

On Tuesday, May 16, 2017 12:37:42 pm Viktor Dukhovni wrote:
>    * RFC7250 raw public keys

Just as a footnote to anyone reading this discussion that may not know:
The current version of the TLS 1.3 spec explicitly recommends RFC7250
raw public keys as a viable option and provides the needed information
on how to handle this in TLS 1.3. Anonymous cipher suite support has
been dropped from TLS 1.3, and trust on first use raw public keys are
the first of the two recommended alternatives.

>    * TOFU public key pinning

Trust on first use public keys in unvalidated certificate chains is the
second recommended alternative.

https://tlswg.github.io/tls13-spec/#unauthenticated-operation
https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-C.6


Dave