IETF Logo Mail Archive

Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)

Peter Saint-Andre <stpeter@stpeter.im> Fri, 15 July 2022 20:48 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A96C13C503; Fri, 15 Jul 2022 13:48:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=d8dtJbOP; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WjIywCIv
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6f67VO6kdjaN; Fri, 15 Jul 2022 13:48:21 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A08EC13C521; Fri, 15 Jul 2022 13:48:20 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 862EF3200974; Fri, 15 Jul 2022 16:48:16 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Fri, 15 Jul 2022 16:48:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1657918096; x= 1658004496; bh=GyCANWaF9RoajNciJKqdWnc4SbTGDY02JbufcKcDUx4=; b=d 8dtJbOPhlMXVQAcXG0VobXh1pQq3ws2aLU7wmrJ0rdAWc2tP2jUg269G60l9XQeU 81o+VdKJPRhXUZwtr+nzrBSgVCvmLDT+moN20e/Dp2EqRNYPgEMrfCDT91Z/+l49 cFKeEqzYoEuSfTi7Ehe4cXrmfsoSmmvyzxKzHDWINje0ZSBEQ/ojH2XP30u2nzLX ZVz6fi0e8f4Gj1FE4xf/0jjwkWYtSuDobU9xqF0RscBDmqOM7dN7dSRjPWx9nVnQ +Br86kTSkgz896hiy0LcpcHlkmCqnsAz7+LGNU1LTL6917oajOt7TnV3woHVGCg0 GF/77gSFOTNZerrMx+slQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657918096; x= 1658004496; bh=GyCANWaF9RoajNciJKqdWnc4SbTGDY02JbufcKcDUx4=; b=W jIywCIvpsn//6jjxz8mxIG1967+2i9DF2/fpuO0GHesFVNQBCT/PxhF0itA2BLwS IwtbEpqzNTAOeKMY2gIMk1IO0iiAFPWAEM2oOj9T3S8mIQEleJ9VuFt5+mj/pTwQ JfNQeXduNdxAzoZUjoZkmtKJ5YPk0ymYcIlV5y7JWrM8UJ0DtD71RHaWFPvYFXyI XQJ/j2LgssyWn8jjBTmyr9uTv6IrDyt4dE54/dHkFGu88Jbk8RUgCidOtU2FqcLV tzDbqLE7Miz1VV/8FRw5Ni52LeJsE0uZSCHBezFhUFHt4RPz5EeUihPof3JZREg1 PwMpuKUnarPxT8RwpXbBQ==
X-ME-Sender: <xms:j9LRYmM3VaN1IkY3Mlj-UbOeXQqK-v1Gp-lkSP1Rt9AuYlaypDGQQw> <xme:j9LRYk-jRUyQ0Tbm9qx9I4ofYugFmk-JoizgKRYRCMl1uQVzet0nQKHepbk38vsd6 gye3C98Vv2oJDZqnw>
X-ME-Received: <xmr:j9LRYtTakxD5F6gfOLN80prprefP3nAL-rLpaRGkAb43TLCt0MCNGf2O5eWMrASc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudekuddgudehiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfevfhfhjggtgfesthekredttdefjeenucfhrhhomheprfgv thgvrhcuufgrihhnthdqtehnughrvgcuoehsthhpvghtvghrsehsthhpvghtvghrrdhimh eqnecuggftrfgrthhtvghrnhepieduffevjeehveeflefhtdfgvdefheffheevledvhfdu ieelteevvddthfffieejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:j9LRYmsQ4r269cuCwaGleO38cFWsToUpzm5Wv5HEWt469wIlkVcfXQ> <xmx:j9LRYufj6ByzLqhIOgmtMp2-yvh1lqYqfZFFEQR0pcewS5GiyDhu9g> <xmx:j9LRYq0vxXc_P6ZWFyzbiw_E5KU25hTRxMVLEKnQIC0Kidu9PDZBUw> <xmx:kNLRYmQ7WwfdNQfbOGdXLSEw0Y8Y1auT1RbGQfg2YJx9pZqrQj_5HQ>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 15 Jul 2022 16:48:15 -0400 (EDT)
Message-ID: <1c9c956b-0015-a443-6780-759d77b6d9e6@stpeter.im>
Date: Fri, 15 Jul 2022 14:48:14 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Martin Thomson <mt@lowentropy.net>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, The IESG <iesg@ietf.org>
Cc: "draft-ietf-uta-rfc7525bis@ietf.org" <draft-ietf-uta-rfc7525bis@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "leifj@sunet.se" <leifj@sunet.se>
References: <165779144446.10023.16857085823147739769@ietfa.amsl.com> <799e5773-9fa4-b06a-38d1-138c43c5cfd9@stpeter.im> <BY5PR11MB4196858D743ADDF0058AEEF6B58B9@BY5PR11MB4196.namprd11.prod.outlook.com> <aef823f3-f3ab-4b17-811e-45bbcadce342@stpeter.im> <e91c06c6-037e-4ffd-ad17-37879df24e1b@www.fastmail.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <e91c06c6-037e-4ffd-ad17-37879df24e1b@www.fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/GTe4bt7nTICyMvvf5cp4Ex_XcMo>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 20:48:25 -0000

On 7/15/22 2:37 PM, Martin Thomson wrote:
> On Sat, Jul 16, 2022, at 06:01, Peter Saint-Andre wrote:
>>> Shouldn’t this be "Implementations MUST support TLS 1.2 {{!RFC5246}} or a later version"?  Otherwise, protocols like QUIC would presumably not be compliant with this BCP if they only support TLS 1.3?  Or alternatively, this could probably be stated as "Implementations MAY support TLS 1.2 {{!RFC5246}}".
>>
>> The implementations we've always had in mind for this document are
>> TLS/DTLS implementations, not implementations of protocols that re-use
>> TLS/DTLS in whole or in part (e.g. QUIC re-uses the handshake protocol
>> but not the record layer). However, that's not crystal clear in the
>> document because we only recently started mentioning QUIC. I'll talk
>> with my co-authors about this when we next have a chance to meet
>> regarding all the recent feedback.
> 
> I think that you are right to be cautious here.  What you want to have happen is interoperability.  If you say 1.2 or later, then there is a risk of some implementations doing 1.2 only and some doing 1.3 only, then you lose the ability to communicate.
> 
> I think that you might benefit from putting QUIC out of scope, except to note that some of the advice is applicable to QUIC insofar as it uses the TLS (1.3) handshake.

Thanks, that seems like a reasonable approach.

Peter

v2.23.0 | Report a Bug | By Email