IETF Logo Mail Archive

Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3

Ben Laurie <benl@google.com> Thu, 23 July 2015 11:30 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11BA01AC41D for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WoXFoY0fAa1 for <trans@ietfa.amsl.com>; Thu, 23 Jul 2015 04:30:28 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B73211A9062 for <trans@ietf.org>; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
Received: by ykdu72 with SMTP id u72so216756107ykd.2 for <trans@ietf.org>; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=Zg/08PUlYvMrbuFsAIFiiCC5tYy9jxfyIAcx0UgJyPg=; b=ns67VoJTLMWXSBmJNZ3Gzh8Bk0HppsITydHCFzxN/8F7jeIHWWHlEbueiVAC0YTR9L 0BRxKWQVJaEqWCq2uJsSa5T6xYhU3h+VrNwKEbW459lkdRWy+bX445sg6l+fIw+fVc9Y akffOzcz+3HAhg+PRqK8MGhwGCuwpBzGmyBsOZ5dozuecLGDi0GvbOJZ9ihif/YdX+S2 iWYdpz2AXDotuBAvdGNv4s+js+OzC4zWejcmHJtTW5pIV83X7GysEm22ZDTBVyfhbY9W dyyyZckyUbs9t4BFznc5my4qi6JYCKZSLiee8oCZ/dEZbPoCW1BxgQQxd2VJ1pz6CDuK SPuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; bh=Zg/08PUlYvMrbuFsAIFiiCC5tYy9jxfyIAcx0UgJyPg=; b=AacnsVxe2jiyTiFqs+yeoVfFAi+bhKh8FTmvPXIPfnALsEl2OD98odqKd5vAbcW4IW PI4Y5AYJddYF3cE1UH7nYXAEH63Y0ckXIbLlCg0EGvUaMAF3c8/YmTodCKT06gqTACnw sM8J06ONV5rFzANzgb0xnJsP3xnBojcGeARrK6qeWTjFbFM0RPbYE6fAKcoJrwC15KmN DcKU9yVksx0Kv0BL6ZOC0V+p5HeDC0smUhoOXzeSh03dgs03+YBvJxJ7VvsHUlgtgxoU QTKZGucYjkDNCEBTZZb/bDOaSM6hUJ2szSHSuGis5sCY7DWTg9VsqGmub0q5WurTSIna izew==
X-Gm-Message-State: ALoCoQkyP6GQ7MT79fgJIO7O5E3rKRZf9kU8W68hlR48P1yul80fRl4HJK50TzAYrlvHq0lzReKc
X-Received: by 10.129.111.65 with SMTP id k62mr8032872ywc.88.1437651027117; Thu, 23 Jul 2015 04:30:27 -0700 (PDT)
MIME-Version: 1.0
References: <052.329e3339e14184dcd891ce5116d624c8@tools.ietf.org> <067.3ff0deebd05d8bff20fd4c0512edb4c3@tools.ietf.org> <559A95C7.3010107@bbn.com> <CABrd9SS1nVbYZm0L4BhtnvuWH-usU-_vHCT8EPKsvGCLovQ5AQ@mail.gmail.com> <559ACA98.2040509@bbn.com> <CABrd9STispeyFh+-bYJE7OSZ5qyWtuEraO9KM8FfF2p2jSk47Q@mail.gmail.com> <559BF26F.4010407@bbn.com>
In-Reply-To: <559BF26F.4010407@bbn.com>
From: Ben Laurie <benl@google.com>
Date: Thu, 23 Jul 2015 11:30:17 +0000
Message-ID: <CABrd9SRH+bg2gZ1tm0kFTrp3RmX8zPFgTcnMnUj2-eFZ0NTryA@mail.gmail.com>
To: Stephen Kent <kent@bbn.com>, trans@ietf.org
Content-Type: multipart/alternative; boundary="001a114901b4c8b3d7051b893637"
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/7P15fL7F7FPIQiYXn_XuKVyb_XY>
Subject: Re: [Trans] [trans] #74 (rfc6962-bis): normative statement of TLS client behavior in Section 3
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 11:30:35 -0000

On Tue, 7 Jul 2015 at 16:38 Stephen Kent <kent@bbn.com> wrote:

> Ben,
>
> > A certificate not accompanied by an SCT is not CT compliant.
> > This seems redundant: I would've thought that in general everything in
> > an RFC only applies to things that are compliant with that RFC. But if
> > the WG wants I don't really mind either way.
> I prefer the wording I suggested because it emphasizes the status of the
> cert relative
> to this spec, rather than intimating any TLS client behavior.
> >
> > OK, I get your point here, and I am happy to go either way:
> >
> > a) Update TLS to require CT, or
> that's not what I meant to suggest. I don't think CT is destined to become
> a mandatory aspect of TLS; it's an optional feature.
> > b) Update the I-D to say something like "CT compliant TLS clients" or
> > as you use below "TLS clients claiming conformance with CT", which
> > presumably does not update TLS?
> TLS is the definitive spec for the messages exchanged during its
> handshake. So
> the specs in Section 3.4 represent an update to TLS (1.2). That does not
> make
> support for CT mandatory, but it informs implementers of the new TLS
> extensions
> defined here and the processing they imply.
>

Ah, I see what you mean.

A couple of observations:

1. The TLS extension was allocated for 6962, so surely this should already
have happened?

2. I notice other extensions exist which are not referenced in the "update
by" section of 5246.

3. If this is a requirement for new extensions, why is it not part of the
process followed to get an extension allocated?


>
> Steve
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>

v2.23.0 | Report a Bug | By Email