Re: [Uta] Proposed list of deliverables
Paul Hoffman <paul.hoffman@vpnc.org> Mon, 20 January 2014 12:58 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0033D1A0144 for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 04:58:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vkG7E0pLJFV7 for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 04:58:24 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 20EF51A0142 for <uta@ietf.org>; Mon, 20 Jan 2014 04:58:24 -0800 (PST)
Received: from pauls-mac.home (pool-108-5-148-206.nwrknj.fios.verizon.net [108.5.148.206]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s0KCcDjf076696 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <uta@ietf.org>; Mon, 20 Jan 2014 05:38:15 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host pool-108-5-148-206.nwrknj.fios.verizon.net [108.5.148.206] claimed to be pauls-mac.home
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <0bc674da169f4772b0fb2173ed679115@BY2PR03MB300.namprd03.prod.outlook.com>
Date: Mon, 20 Jan 2014 07:58:20 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <CDB929C3-6DF1-4EFD-9E70-647F070196DD@vpnc.org>
References: <0bc674da169f4772b0fb2173ed679115@BY2PR03MB300.namprd03.prod.outlook.com>
To: "uta@ietf.org" <uta@ietf.org>
X-Mailer: Apple Mail (2.1827)
Subject: Re: [Uta] Proposed list of deliverables
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 12:58:25 -0000
On Jan 18, 2014, at 1:24 AM, Orit Levin (LCA) <oritl@microsoft.com> wrote: > Below is the list of deliverables for your consideration: > > 1. A threat analysis document containing a collection of known security breaches to application protocols due to poor use of TLS (Likely an Informational RFC) Is this meant to also cover application protocols with *no* use of TLS? That is, is the threat analysis supposed to cover "why you should encrypt", or just "why you should encrypt well when you encrypt"? > 2. Applications' independent document recommending best existing and future practices for using TLS (Likely a BCP or a Proposed Standard RFC) Good. > 3. A set of documents, each describing best existing and future practices for using TLS with a specific application protocol, i.e., SMTP, POP, IMAP, XMPP, HTTP 1.1, etc. (Case-by-case likely a BCP or a Proposed Standard RFC) This needs to be defined more. The phase "using TLS" can mean one or more of: - TLS with server authentication, with encryption - TLS with server authentication, without encryption - TLS without server authentication, with encryption - TLS with server authentication, with client authentication, with encryption - TLS with server authentication, with client authentication, without encryption - TLS without server authentication, with client authentication, with encryption Different short names are applied different scenarios, making it all the more confusing. If we don't get this one right, we can easily delay useful results from the WG by two years. > 4. A document discussing (and potentially defining) how to apply the opportunistic encryption approach (preliminary outlined in draft-farrelll-mpls-opportunistic-encrypt-00.txt) to TLS. (Category TBD) The preliminary outline in that document is transitory, and in some ways not easily applicable to TLS. Why are we not making our own definition so that we can apply it to TLS precisely? --Paul Hoffman
- [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Linus Nordberg
- Re: [Uta] Proposed list of deliverables Leif Johansson
- Re: [Uta] Proposed list of deliverables Alexey Melnikov
- Re: [Uta] Proposed list of deliverables Paul Hoffman
- [Uta] dual meaning of "pinning" [was: Re: Propose… Daniel Kahn Gillmor
- Re: [Uta] dual meaning of "pinning" [was: Re: Pro… Alyssa Rowan
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] dual meaning of "pinning" [was: Re: Pro… Daniel Kahn Gillmor
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Yaron Sheffer
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Alexey Melnikov
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)