Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
tom petch <daedulus@btconnect.com> Tue, 28 April 2020 08:40 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019653A1084; Tue, 28 Apr 2020 01:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W33GnWOtcc86; Tue, 28 Apr 2020 01:40:51 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2097.outbound.protection.outlook.com [40.107.20.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D48D3A109D; Tue, 28 Apr 2020 01:40:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mS/Pjn+Qeoj+F/wrHebaax55Ra4VqlN2v0j/jGv4KreI9dNFKlB/FWFc81BvrECWSfpQhpAZIB6Kt2ROW3pN9o8hixj1rx1Gzu6GOetqeeI+Md8yD4HCmBnmhl2zcdARDGMIxB7lPLr9pVKL24O9rqpfMGdSkTJxm85diVX14O/hoRLQD+x4ouBsXvu6bmm4hIxhcUa1MZ+PXTg0Hc+9MHrkZmUIjbGyvsxPDinGsOAFBHAptKJrpsaO4JF8+sF+PIhJGP9SWN87EX07pQeTNBoQ+lr1S+zhnxSiyh19Ghn3AAfaY3KnBjrECHTMdj2ft7gBBvUKYbibD34q21lE1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/8/IcWTK1KjnQDVUCFvRutzvdjxRpe4rhi5xb8nlU7M=; b=PnBv6roaebuHiiVztGugmEfGeOdfxB/XVLtLJe12HR8uwwGIi+tX4zfnHMB8PlF1949aeBLrM9OYpgyistlAjRR4+RVZ3hEBqM9aHkdvM3FliBHqcPZ1KMLF/Ai0mwHX/8ICNQi6mOPz3Fh0GYTvzMb0tYAcvrx/mJKBbSqTIRKCLgdKl7quYpvjbmZbOnoWmIxRiE6Glr3ZmnAqTak0iaAPmSOAARVo/m8V6R0/NdStTJ1C9MnP4fZm7CJOzlYxBOank0bl77hnY306Qq3SS0vrzEODSJWfEQHBXgejmAzl8WeYfAN+NxUgqjiJY9mc5W2HmiiMn6aDwThmYGpgXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/8/IcWTK1KjnQDVUCFvRutzvdjxRpe4rhi5xb8nlU7M=; b=j41LExSwbA8uj7zg8DHXZDC65XJmMZOk9L500D9RxH8VkHePSPNGep1ibCe4cwhk/MGQsPs5SBBtBhbsO2KyTl4omzjwuKhyhL3nDvmJ7ABFI77Ebtw1mk4WY7nxAEjedW7+IA5q8E5Gry1bXfUSu1s40EFWRJjPr4H6PurE0RQ=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16) by VI1PR0701MB3039.eurprd07.prod.outlook.com (2603:10a6:800:8c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.10; Tue, 28 Apr 2020 08:40:48 +0000
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::783c:2224:fe2c:848b]) by VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::783c:2224:fe2c:848b%11]) with mapi id 15.20.2958.014; Tue, 28 Apr 2020 08:40:48 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
References: <004801d61bae$08a61590$19f240b0$@smyslov.net> <1UW7qWO4vA.17rUXhBMkf8@pc8xp> <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com>
Date: Tue, 28 Apr 2020 10:40:36 +0100
Message-ID: <1UW7rcJSVn.1ewl1Eq5e3S@pc8xp>
In-Reply-To: <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com>
From: tom petch <daedulus@btconnect.com>
To: Ralph Holz <ralph.holz@gmail.com>
Cc: Valery Smyslov <valery@smyslov.net>, "uta@ietf.org" <uta@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, Peter Saint-Andre <stpeter@mozilla.com>
User-Agent: OEClassic/3.0 (WinXP.2600; F; 2019-11-28)
X-ClientProxiedBy: LO2P265CA0439.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:e::19) To VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from pc8xp (81.131.229.19) by LO2P265CA0439.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Tue, 28 Apr 2020 08:40:47 +0000
X-Originating-IP: [81.131.229.19]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d2968425-37e5-431e-be02-08d7eb4fd946
X-MS-TrafficTypeDiagnostic: VI1PR0701MB3039:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB303934AF7F7586CCEB1D85A3C6AC0@VI1PR0701MB3039.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0387D64A71
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2480.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(366004)(39860400002)(346002)(396003)(376002)(136003)(26005)(6916009)(66574012)(66946007)(52230400001)(956004)(16526019)(6666004)(5660300002)(4326008)(66476007)(186003)(86362001)(66556008)(6496006)(9576002)(8936002)(45080400002)(54906003)(966005)(52116002)(478600001)(8676002)(2906002)(81156014)(55016002)(9686003)(33716001)(316002); DIR:OUT; SFP:1102;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: u8pJkY1vY0NXdc69UF6HkjLrj3R2/BDCDPGoKHICFNcVpgCXM4YNRKPZn8im/EwN2XicuNQG+7tMt1u9JCSpNA1GkJxOzswjMqn6o2OFFUYcIb0ay/xJbO468WVyj0nzt2RxnIKTFO0YcdXGsQ26APCIpEsVaCGwTMlNJJo+zXlLOMpOwHAiIV5KrgwEPvS1xQH3R8NHm8BFfwEfpKTm5sQBTq9lrnEdu0QjXfQkdb4IeXsoNGxtt0I0TXh8NDXKP4n+pCxTmRMLwUJtA0XdWOFyT/QnOsRjIQci/hrUoK4pjsuwEp2wto+CfIt8JAg0flQUa5ogmcTGUXX3HJVW7lsGHoFpA4xtDfoS9sofJoSI1TVIps97xzo/0sk5xgGehRc64qCbd2IIDZKyZCD/xGfNuje7oa2uwXb6767z/XMQZV4C0FqfKXIRW8rhCGxXZsgP/WpRjAJBsHUSAVNen/ykFeWZtIu88g9XTP/46VVvchOAjRRcKBSmdQwHJPLhD5IQrbTARmL/FGZMyF/leg==
X-MS-Exchange-AntiSpam-MessageData: V75HjlKcm8UuSJ64K9hcYUrv8SgAE3XRcxsWxZR0Uboheg3xXsLmhFC2OptigzmmQ8lAOv4NkVFlFcwH65/iLVqW9VjB6d7aYkat5Xwc+NB5KU9BO9DdsYl0X0mpTvjWZCrG0xpc3qOpuLecbuy2OGhyFWER2RL8FC4wOiR6cXybECgJbYws59g0kFbkjUCBYc5/I1+VzNyVfsbrNgOj+t3A+SLE1RWDlBvS4+MA5fPcB6WpiSDvvkrsZUM1ErslyRY0CWudP+KUXOxnNv5k4yhyF1zniYvN0svI6Bac2OBWQDn5IfCAbyEZ0kr54CHOZQWOVifp1Z5oYEyr0UKKUjBA/ocRJNmLX9VLe89V4xgqev2X1hAVsfnxht6j5bjzR67C5LpIELh3lx+VJt6+WCgbbgA7I3wCYuLEFoKUYY0GMjcF42FcfbV/J6CN/1Lg/4YguPNZupII/l0JeE/uM2B2A46T9WIEIlutVvDUWP2GVRwuy+QEu7JU6J78InR8A/38tyzbgqm1i0h0mH+CzakLtMDTUAiq8P1uLA1H1MGAkSW6FD5JTGRpiZdK1zWu+MfyiNtqVtsmScK12OusKH6OT8h/EB91jJ7dxnrtRu6nOPk8Cj5UOq0f8N41eCEU5wGLGDCqm/hAI9QgPWVQ50PSablbJ5CIXLQpuSFL+qHrDr7AovjRBKb8gVgrMThUO03LH+b0JmWLEN32GhiDzmhQ7zHFbrBeSyDdzk0ezSjz/hOJpAtqhEdWRNhom4KJebT78YnGfDCXNvRYt6lsZh3txEWtHfnYEya29m1UP30=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2968425-37e5-431e-be02-08d7eb4fd946
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2020 08:40:48.2997 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zR8BnuoKC68OaO9zRKd3j2h7jpA/Ji8yZn7gVMVUTZVRiUpQxBVhO8hVduO0cae6gjdm3Ek0RwxvEWvBskI6yw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB3039
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/BWjt7pL42DmMarlPcoyRSKKYJHc>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 08:40:54 -0000
Inline <tp> ----- Original Message ----- From: Ralph Holz ralph.holz@gmail.com Sent: 27/04/2020 12:25:43 I am not sure which key requirement you are referring to, or why TLS 1.3 should not see widespread use. In fact, TLS 1.3 is getting much more traction already than TLS 1.2 ever had in a comparable amount of time: https://arxiv.org/abs/1907.12762. I am not sure why you speak of a fragmentation of protocols here - if anything, we are seeing consolidation. It seems weird to leave a BCP in a state that is not referring to the BP, which is definitely TLS 1.3 - due to the many additions made. TLS 1.3 also brings changes that are important for applications - 0-RTT, for example, has no replay protection, and should only be used with idempotent requests. While that is spelled out in the RFC, it's not where our audience would look (or we would not need BCPs). It's also worthwhile to deprecate < TLS 1.2, and discuss under which circumstances TLS 1.3 is preferable to TLS 1.2 (that's more a business question). Add to that a discussion of PSK. Plus a few new extensions, some defined in separate RFCs (eSNI for example). I am, of course, both an author on the old (and new) BCP, and also an author of the study I cite - but I think there's enough to warrant the -bis. <tp> I expect that you are familiar with draft-camwinget-tls-ns-impact which looks at operational security with TLS 1.2 and identifies what is difficult or impossible to do with TLS 1.3. One might infer from this I-D that TLS 1.3 offers less security than TLS 1.2:-) One requirement that was raised in the later stages of the work on TLS 1.3 related to audit, and was raised, I think, by representatives of the finance industry; the WG rejected the requirement. Since then, I have seen suggestions on the TLS and other lists, and in the press, about the development of alternative protocols to meet the requirements that TLS 1.3 does not. Hence my reference to fragmentation. (I think the I-D covers that under offline analysis). Although the I-D focusses on Operational Security, I think that much of what it says is applicable more generally. The I-D that we are being asked to adopt lacks any detail about what the bis might change i.e. we are being asked to approve a blank slate which might end up saying how great TLS 1.3 is and how we should move to it as soon as possible; to which the I-D I mention offers an alternative viewpoint. --- New Outlook Express and Windows Live Mail replacement - get it here: https://www.oeclassic.com/ Tom Petch Ralph On Mon, 27 Apr 2020 at 19:03, tom petch <daedulus@btconnect.com> wrote: What is the point of rfc7525bis? Why do we need it? It seems to me that RFC7525 is a good set of recommendations and little has changed, in practical terms, since it was produced, although cryptanalysts can find weaknesses therein The one change I am aware of is that the TLS WG has produced TLS 1.3 - I follow the TLS WG mailing list - but so what? TLS 1.3 failed to meet one key requirement and I am unclear whether or not TLS 1.3 will gain widespread use in the Internet, with HTTP, SMTP and such like. I see TLS 1.2 as being adequate for most purposes for some time to come so my concern is that rfc5575bis will simply be an endorsement of the work of the TLS WG - 1.3 is great, ditch everything else - leading to further fragmentation of the protocols. So, I am against adoption until it is clear that the I-D will endorse TLS 1.2 as adequate for most purposes. After all, the TLS WG has yet to propose an I-D 'TLS 1.2 - Die, Die, Die' Tom Petch ----- Original Message ----- From: Valery Smyslov <valery@smyslov.net> To: <uta@ietf.org> Cc: 'Yaron Sheffer' <yaronf.ietf@gmail.com>, <uta-chairs@ietf.org>, 'Ralph Holz' <ralph.holz@gmail.com>, 'Peter Saint-Andre' <stpeter@mozilla.com> Sent: 26/04/2020 10:35:30 Subject: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00 ________________________________________________________________________________ Hi, during the last virtual interim meeting the draft draft-sheffer-uta-bcp195bis-00 was presented and the authors asked for its adoption. The general feeling in the room was in favor of the adoption, however the authors were asked to rename it to *-rfc7525-bis. The authors have renamed the draft and asked the chairs for its adoption. Since our responsible AD thinks agrees that this work is within the charter of the WG, the chairs are issuing a formal call for adoption to confirm the results we had at the meeting. This message starts a two weeks call for adoption of the draft-sheffer-uta-rfc7525bis-00 draft. The call will end up 10 May 2020. Please send your opinions to the list before this date. Please if possible include any reasons supporting your opinion. If you support this adoption, please indicate whether you are ready to review this draft if it becomes a WG document. Regards, Leif & Valery. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
- [Uta] Adoption call for draft-sheffer-uta-rfc7525… Valery Smyslov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Stephen Farrell
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John R. Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Ralph Holz
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Alexey Melnikov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Ralph Holz
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Sean Turner
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… ned+uta
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Jeremy Harris
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Gutmann
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Gutmann
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… tom petch
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Valery Smyslov
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Eric Rescorla
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… John Levine
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Jim Fenton
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Keith Moore
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Peter Saint-Andre
- Re: [Uta] Adoption call for draft-sheffer-uta-rfc… Valery Smyslov