Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3
Ben Laurie <benl@google.com> Thu, 23 July 2015 11:30 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11BA01AC41D for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WoXFoY0fAa1 for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:30:28 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B73211A9062 for <trans@ietf.org>; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so216756107ykd.2 for <trans@ietf.org>; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=Zg/08PUlYvMrbuFsAIFiiCC5tYy9jxfyIAcx0UgJyPg=; b=ns67VoJTLMWXSBmJNZ3Gzh8Bk0HppsITydHCFzxN/8F7jeIHWWHlEbueiVAC0YTR9L 0BRxKWQVJaEqWCq2uJsSa5T6xYhU3h+VrNwKEbW459lkdRWy+bX445sg6l+fIw+fVc9Y akffOzcz+3HAhg+PRqK8MGhwGCuwpBzGmyBsOZ5dozuecLGDi0GvbOJZ9ihif/YdX+S2 iWYdpz2AXDotuBAvdGNv4s+js+OzC4zWejcmHJtTW5pIV83X7GysEm22ZDTBVyfhbY9W dyyyZckyUbs9t4BFznc5my4qi6JYCKZSLiee8oCZ/dEZbPoCW1BxgQQxd2VJ1pz6CDuK SPuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; bh=Zg/08PUlYvMrbuFsAIFiiCC5tYy9jxfyIAcx0UgJyPg=; b=AacnsVxe2jiyTiFqs+yeoVfFAi+bhKh8FTmvPXIPfnALsEl2OD98odqKd5vAbcW4IW PI4Y5AYJddYF3cE1UH7nYXAEH63Y0ckXIbLlCg0EGvUaMAF3c8/YmTodCKT06gqTACnw sM8J06ONV5rFzANzgb0xnJsP3xnBojcGeARrK6qeWTjFbFM0RPbYE6fAKcoJrwC15KmN DcKU9yVksx0Kv0BL6ZOC0V+p5HeDC0smUhoOXzeSh03dgs03+YBvJxJ7VvsHUlgtgxoU QTKZGucYjkDNCEBTZZb/bDOaSM6hUJ2szSHSuGis5sCY7DWTg9VsqGmub0q5WurTSIna izew==
X-Gm-Message-State: ALoCoQkyP6GQ7MT79fgJIO7O5E3rKRZf9kU8W68hlR48P1yul80fRl4HJK50TzAYrlvHq0lzReKc
X-Received: by 10.129.111.65 with SMTP id k62mr8032872ywc.88.1437651027117; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
MIME-Version: 1.0
References: <052.329e3339e14184dcd891ce5116d624c8@tools.ietf.org> <067.3ff0deebd05d8bff20fd4c0512edb4c3@tools.ietf.org> <559A95C7.3010107@bbn.com> <CABrd9SS1nVbYZm0L4BhtnvuWH-usU-_vHCT8EPKsvGCLovQ5AQ@mail.gmail.com> <559ACA98.2040509@bbn.com> <CABrd9STispeyFh+-bYJE7OSZ5qyWtuEraO9KM8FfF2p2jSk47Q@mail.gmail.com> <559BF26F.4010407@bbn.com>
In-Reply-To: <559BF26F.4010407@bbn.com>
From: Ben Laurie <benl@google.com>
Date: Thu, 23 Jul 2015 11:30:17 +0000
Message-ID: <CABrd9SRH+bg2gZ1tm0kFTrp3RmX8zPFgTcnMnUj2-eFZ0NTryA@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>, trans@ietf.org
Content-Type: multipart/alternative; boundary="001a114901b4c8b3d7051b893637"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/7P15fL7F7FPIQiYXn_XuKVyb_XY>
Subject: Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 11:30:35 -0000
On Tue, 7 Jul 2015 at 16:38 Stephen Kent <kent@bbn.com> wrote: > Ben, > > > A certificate not accompanied by an SCT is not CT compliant. > > This seems redundant: I would've thought that in general everything in > > an RFC only applies to things that are compliant with that RFC. But if > > the WG wants I don't really mind either way. > I prefer the wording I suggested because it emphasizes the status of the > cert relative > to this spec, rather than intimating any TLS client behavior. > > > > OK, I get your point here, and I am happy to go either way: > > > > a) Update TLS to require CT, or > that's not what I meant to suggest. I don't think CT is destined to become > a mandatory aspect of TLS; it's an optional feature. > > b) Update the I-D to say something like "CT compliant TLS clients" or > > as you use below "TLS clients claiming conformance with CT", which > > presumably does not update TLS? > TLS is the definitive spec for the messages exchanged during its > handshake. So > the specs in Section 3.4 represent an update to TLS (1.2). That does not > make > support for CT mandatory, but it informs implementers of the new TLS > extensions > defined here and the processing they imply. > Ah, I see what you mean. A couple of observations: 1. The TLS extension was allocated for 6962, so surely this should already have happened? 2. I notice other extensions exist which are not referenced in the "update by" section of 5246. 3. If this is a requirement for new extensions, why is it not part of the process followed to get an extension allocated? > > Steve > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans >
- [Trans] [trans] #74 (client-behavior): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … trans issue tracker
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Farrell
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Stephen Kent
- Re: [Trans] [trans] #74 (rfc6962-bis): normative … Ben Laurie