IETF Logo Mail Archive

Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00

tom petch <daedulus@btconnect.com> Tue, 28 April 2020 08:40 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019653A1084; Tue, 28 Apr 2020 01:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.82, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W33GnWOtcc86; Tue, 28 Apr 2020 01:40:51 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2097.outbound.protection.outlook.com [40.107.20.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D48D3A109D; Tue, 28 Apr 2020 01:40:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mS/Pjn+Qeoj+F/wrHebaax55Ra4VqlN2v0j/jGv4KreI9dNFKlB/FWFc81BvrECWSfpQhpAZIB6Kt2ROW3pN9o8hixj1rx1Gzu6GOetqeeI+Md8yD4HCmBnmhl2zcdARDGMIxB7lPLr9pVKL24O9rqpfMGdSkTJxm85diVX14O/hoRLQD+x4ouBsXvu6bmm4hIxhcUa1MZ+PXTg0Hc+9MHrkZmUIjbGyvsxPDinGsOAFBHAptKJrpsaO4JF8+sF+PIhJGP9SWN87EX07pQeTNBoQ+lr1S+zhnxSiyh19Ghn3AAfaY3KnBjrECHTMdj2ft7gBBvUKYbibD34q21lE1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/8/IcWTK1KjnQDVUCFvRutzvdjxRpe4rhi5xb8nlU7M=; b=PnBv6roaebuHiiVztGugmEfGeOdfxB/XVLtLJe12HR8uwwGIi+tX4zfnHMB8PlF1949aeBLrM9OYpgyistlAjRR4+RVZ3hEBqM9aHkdvM3FliBHqcPZ1KMLF/Ai0mwHX/8ICNQi6mOPz3Fh0GYTvzMb0tYAcvrx/mJKBbSqTIRKCLgdKl7quYpvjbmZbOnoWmIxRiE6Glr3ZmnAqTak0iaAPmSOAARVo/m8V6R0/NdStTJ1C9MnP4fZm7CJOzlYxBOank0bl77hnY306Qq3SS0vrzEODSJWfEQHBXgejmAzl8WeYfAN+NxUgqjiJY9mc5W2HmiiMn6aDwThmYGpgXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/8/IcWTK1KjnQDVUCFvRutzvdjxRpe4rhi5xb8nlU7M=; b=j41LExSwbA8uj7zg8DHXZDC65XJmMZOk9L500D9RxH8VkHePSPNGep1ibCe4cwhk/MGQsPs5SBBtBhbsO2KyTl4omzjwuKhyhL3nDvmJ7ABFI77Ebtw1mk4WY7nxAEjedW7+IA5q8E5Gry1bXfUSu1s40EFWRJjPr4H6PurE0RQ=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16) by VI1PR0701MB3039.eurprd07.prod.outlook.com (2603:10a6:800:8c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.10; Tue, 28 Apr 2020 08:40:48 +0000
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::783c:2224:fe2c:848b]) by VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::783c:2224:fe2c:848b%11]) with mapi id 15.20.2958.014; Tue, 28 Apr 2020 08:40:48 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
References: <004801d61bae$08a61590$19f240b0$@smyslov.net> <1UW7qWO4vA.17rUXhBMkf8@pc8xp> <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com>
Date: Tue, 28 Apr 2020 10:40:36 +0100
Message-ID: <1UW7rcJSVn.1ewl1Eq5e3S@pc8xp>
In-Reply-To: <CAEKAoHTJ4S5Wfkb4KB+ZWQN7JO_Q-DXDcEz5pqd7MPMhyj_CDQ@mail.gmail.com>
From: tom petch <daedulus@btconnect.com>
To: Ralph Holz <ralph.holz@gmail.com>
Cc: Valery Smyslov <valery@smyslov.net>, "uta@ietf.org" <uta@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, Peter Saint-Andre <stpeter@mozilla.com>
User-Agent: OEClassic/3.0 (WinXP.2600; F; 2019-11-28)
X-ClientProxiedBy: LO2P265CA0439.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:e::19) To VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from pc8xp (81.131.229.19) by LO2P265CA0439.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Tue, 28 Apr 2020 08:40:47 +0000
X-Originating-IP: [81.131.229.19]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d2968425-37e5-431e-be02-08d7eb4fd946
X-MS-TrafficTypeDiagnostic: VI1PR0701MB3039:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB303934AF7F7586CCEB1D85A3C6AC0@VI1PR0701MB3039.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0387D64A71
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2480.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(366004)(39860400002)(346002)(396003)(376002)(136003)(26005)(6916009)(66574012)(66946007)(52230400001)(956004)(16526019)(6666004)(5660300002)(4326008)(66476007)(186003)(86362001)(66556008)(6496006)(9576002)(8936002)(45080400002)(54906003)(966005)(52116002)(478600001)(8676002)(2906002)(81156014)(55016002)(9686003)(33716001)(316002); DIR:OUT; SFP:1102;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: u8pJkY1vY0NXdc69UF6HkjLrj3R2/BDCDPGoKHICFNcVpgCXM4YNRKPZn8im/EwN2XicuNQG+7tMt1u9JCSpNA1GkJxOzswjMqn6o2OFFUYcIb0ay/xJbO468WVyj0nzt2RxnIKTFO0YcdXGsQ26APCIpEsVaCGwTMlNJJo+zXlLOMpOwHAiIV5KrgwEPvS1xQH3R8NHm8BFfwEfpKTm5sQBTq9lrnEdu0QjXfQkdb4IeXsoNGxtt0I0TXh8NDXKP4n+pCxTmRMLwUJtA0XdWOFyT/QnOsRjIQci/hrUoK4pjsuwEp2wto+CfIt8JAg0flQUa5ogmcTGUXX3HJVW7lsGHoFpA4xtDfoS9sofJoSI1TVIps97xzo/0sk5xgGehRc64qCbd2IIDZKyZCD/xGfNuje7oa2uwXb6767z/XMQZV4C0FqfKXIRW8rhCGxXZsgP/WpRjAJBsHUSAVNen/ykFeWZtIu88g9XTP/46VVvchOAjRRcKBSmdQwHJPLhD5IQrbTARmL/FGZMyF/leg==
X-MS-Exchange-AntiSpam-MessageData: V75HjlKcm8UuSJ64K9hcYUrv8SgAE3XRcxsWxZR0Uboheg3xXsLmhFC2OptigzmmQ8lAOv4NkVFlFcwH65/iLVqW9VjB6d7aYkat5Xwc+NB5KU9BO9DdsYl0X0mpTvjWZCrG0xpc3qOpuLecbuy2OGhyFWER2RL8FC4wOiR6cXybECgJbYws59g0kFbkjUCBYc5/I1+VzNyVfsbrNgOj+t3A+SLE1RWDlBvS4+MA5fPcB6WpiSDvvkrsZUM1ErslyRY0CWudP+KUXOxnNv5k4yhyF1zniYvN0svI6Bac2OBWQDn5IfCAbyEZ0kr54CHOZQWOVifp1Z5oYEyr0UKKUjBA/ocRJNmLX9VLe89V4xgqev2X1hAVsfnxht6j5bjzR67C5LpIELh3lx+VJt6+WCgbbgA7I3wCYuLEFoKUYY0GMjcF42FcfbV/J6CN/1Lg/4YguPNZupII/l0JeE/uM2B2A46T9WIEIlutVvDUWP2GVRwuy+QEu7JU6J78InR8A/38tyzbgqm1i0h0mH+CzakLtMDTUAiq8P1uLA1H1MGAkSW6FD5JTGRpiZdK1zWu+MfyiNtqVtsmScK12OusKH6OT8h/EB91jJ7dxnrtRu6nOPk8Cj5UOq0f8N41eCEU5wGLGDCqm/hAI9QgPWVQ50PSablbJ5CIXLQpuSFL+qHrDr7AovjRBKb8gVgrMThUO03LH+b0JmWLEN32GhiDzmhQ7zHFbrBeSyDdzk0ezSjz/hOJpAtqhEdWRNhom4KJebT78YnGfDCXNvRYt6lsZh3txEWtHfnYEya29m1UP30=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2968425-37e5-431e-be02-08d7eb4fd946
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2020 08:40:48.2997 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zR8BnuoKC68OaO9zRKd3j2h7jpA/Ji8yZn7gVMVUTZVRiUpQxBVhO8hVduO0cae6gjdm3Ek0RwxvEWvBskI6yw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB3039
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/BWjt7pL42DmMarlPcoyRSKKYJHc>
Subject: Re: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 08:40:54 -0000

Inline <tp>

----- Original Message -----
From: Ralph Holz ralph.holz@gmail.com
Sent: 27/04/2020 12:25:43

I am not sure which key requirement you are referring to, or why TLS 1.3 should not see widespread use. In fact, TLS 1.3 is getting much more traction already than TLS 1.2 ever had in a comparable amount of time: https://arxiv.org/abs/1907.12762. I am not sure why you speak of a fragmentation of protocols here - if anything, we are seeing consolidation.


It seems weird to leave a BCP in a state that is not referring to the BP, which is definitely TLS 1.3 - due to the many additions made. TLS 1.3 also brings changes that are important for applications - 0-RTT, for example, has no replay protection, and should only be used with idempotent requests. While that is spelled out in the RFC, it's not where our audience would look (or we would not need BCPs).


It's also worthwhile to deprecate < TLS 1.2, and discuss under which circumstances TLS 1.3 is preferable to TLS 1.2 (that's more a business question). Add to that a discussion of PSK. Plus a few new extensions, some defined in separate RFCs (eSNI for example).


I am, of course, both an author on the old (and new) BCP, and also an author of the study I cite - but I think there's enough to warrant the -bis.

<tp>

I expect that you are familiar with 
draft-camwinget-tls-ns-impact
which looks at operational security with TLS 1.2 and identifies what is difficult or impossible to do with TLS 1.3. One might infer from this I-D that TLS 1.3 offers less security than TLS 1.2:-)
One requirement that was raised in the later stages of the work on TLS 1.3 related to audit, and was raised, I think, by representatives of the finance industry; the WG rejected the requirement.  Since then, I have seen suggestions on the TLS and other lists, and in the press, about the development of alternative protocols to meet the requirements that TLS 1.3 does not.  Hence my reference to fragmentation.  (I think the I-D covers that under offline analysis).  Although the I-D focusses on Operational Security, I think that much of what it says is applicable more generally.
The I-D that we are being asked to adopt lacks any detail about what the bis might change i.e. we are being asked to approve a blank slate which might end up saying how great TLS 1.3 is and how we should move to it as soon as possible; to which the I-D I mention offers an alternative viewpoint.

---
New Outlook Express and Windows Live Mail replacement - get it here:
https://www.oeclassic.com/


Tom Petch

Ralph


On Mon, 27 Apr 2020 at 19:03, tom petch <daedulus@btconnect.com> wrote:

What is the point of rfc7525bis?  Why do we need it?

It seems to me that RFC7525 is a good set of recommendations and little has changed, in practical terms, since it was produced, although cryptanalysts can find weaknesses therein


The one change I am aware of is that the TLS WG has produced TLS 1.3 - I follow the TLS WG mailing list - but so what?  TLS 1.3 failed to meet one key requirement and I am unclear whether or not TLS 1.3 will gain widespread use in the Internet, with HTTP, SMTP and such like.  I see TLS 1.2 as being adequate for most purposes for some time to come so my concern is that rfc5575bis will simply be an endorsement of the work of the TLS WG - 1.3 is great, ditch everything else - leading to further fragmentation of the protocols.

So, I am against adoption until it is clear that the I-D will endorse TLS 1.2 as adequate for most purposes.  After all, the TLS WG has yet to propose an I-D 'TLS 1.2 - Die, Die, Die'

Tom Petch 


----- Original Message -----
From: Valery Smyslov <valery@smyslov.net>
To: <uta@ietf.org>
Cc: 'Yaron Sheffer' <yaronf.ietf@gmail.com>, <uta-chairs@ietf.org>, 'Ralph Holz' <ralph.holz@gmail.com>, 'Peter Saint-Andre' <stpeter@mozilla.com>
Sent: 26/04/2020 10:35:30
Subject: [Uta] Adoption call for draft-sheffer-uta-rfc7525bis-00
________________________________________________________________________________

Hi,

during the last  virtual interim meeting the draft 
draft-sheffer-uta-bcp195bis-00 was presented and the authors asked for its
adoption.
The general feeling in the room was in favor of the adoption, however
the authors were asked to rename it to *-rfc7525-bis.
The authors have renamed the draft and asked the chairs for its adoption. 
Since our responsible AD thinks agrees that this work is within the charter
of the WG, the chairs are issuing a formal call for adoption
to confirm the results we had at the meeting.

This message starts a two weeks call for adoption of the
draft-sheffer-uta-rfc7525bis-00 draft.
The call will end up 10 May 2020. Please send your opinions to the list
before this date.

Please if possible include any reasons supporting your opinion. If you
support this adoption, 
please indicate whether you are ready to review this draft if it becomes a
WG document.

Regards,
Leif & Valery.


_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email