Re: [Uta] Richard Barnes' Discuss on draft-ietf-uta-tls-bcp-09: (with DISCUSS and COMMENT)

t.p. <daedulus@btconnect.com> Sat, 21 February 2015 12:03 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 801611A1B5A for <uta@ietfa.amsl.com>; Sat, 21 Feb 2015 04:03:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CB7C6v1YSqce for <uta@ietfa.amsl.com>; Sat, 21 Feb 2015 04:02:57 -0800 (PST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0768.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::768]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2BB61A1B53 for <uta@ietf.org>; Sat, 21 Feb 2015 04:02:55 -0800 (PST)
Received: from pc6 (81.151.167.59) by DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146) with Microsoft SMTP Server (TLS) id 15.1.93.16; Sat, 21 Feb 2015 11:50:55 +0000
Message-ID: <000b01d04dcc$62d2e580$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Pete Resnick <presnick@qti.qualcomm.com>, Richard Barnes <rlb@ipv.sx>
References: <20150219033433.10815.25308.idtracker@ietfa.amsl.com> <54E56454.7080307@andyet.net> <CAL02cgS+h2jkOChJkoCy7gHvFQEe22SRRAg5om00ZpiHCOi_2g@mail.gmail.com> <54E5B84C.9040400@cs.tcd.ie> <CAL02cgSem5aW+mhPED3C_5NTfA4YRhr5FSUD3+NnTE_t-8y6Gg@mail.gmail.com> <20150220042718.GR1260@mournblade.imrryr.org> <CA+K9O5QvmBDPhE1GNbnb+OqfWd3C+2Hyp=X2OCJWjpXFK9npNw@mail.gmail.com> <54E747EC.2020905@andyet.net> <CAL02cgR5C_ZQRVGKLCvWh9svqkv6q3DvkvieF7SksywinXeyEQ@mail.gmail.com> <54E7873A.9060301@cs.tcd.ie> <CAL02cgQ6FuRHt7o2f94jDDEQOFqzh_PCn_VHuFJY1q-sEaDTbg@mail.gmail.com> <54E7976B.7090604@qti.qualcomm.com>
Date: Sat, 21 Feb 2015 10:50:52 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [81.151.167.59]
X-ClientProxiedBy: AM3PR01CA028.eurprd01.prod.exchangelabs.com (10.141.191.18) To DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB4PR07MB249;
X-Microsoft-Antispam-PRVS: <DB4PR07MB249734E966986D2FACB76DAF52B0@DB4PR07MB249.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005003); SRVR:DB4PR07MB249;
X-Forefront-PRVS: 049486C505
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(479174004)(51704005)(199003)(13464003)(24454002)(377454003)(189002)(50226001)(42186005)(46102003)(61296003)(23756003)(230783001)(116806002)(93886004)(87976001)(97736003)(14496001)(50466002)(44736004)(106356001)(62236002)(44716002)(64706001)(47776003)(105586002)(66066001)(62966003)(77156002)(84392001)(19580395003)(19580405001)(68736005)(77096005)(1456003)(15975445007)(92566002)(1556002)(101416001)(81816999)(86362001)(81686999)(76176999)(50986999)(33646002)(122386002)(40100003)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR07MB249; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; A:0; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:DB4PR07MB249;
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2015 11:50:55.5971 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR07MB249
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/MinPtxr9svP2_9M7NiIe2uXbntc>
Cc: uta@ietf.org
Subject: Re: [Uta] Richard Barnes' Discuss on draft-ietf-uta-tls-bcp-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2015 12:03:00 -0000

----- Original Message -----
From: "Pete Resnick" <presnick@qti.qualcomm.com>
To: "Richard Barnes" <rlb@ipv.sx>
Sent: Friday, February 20, 2015 8:22 PM
> On 2/20/15 1:43 PM, Richard Barnes wrote:
> >
> > On Fri, Feb 20, 2015 at 2:12 PM, Stephen Farrell
> > <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>>
wrote:
> >
> >>         The sense of the UTA Working Group was to complete
> >>         work on this document about best practices for TLS in
> >>     general, and to
> >>         initiate work on a separate document about opportunistic
TLS.
> >
> >     No, I don't believe we've decided that UTA will be the place
where
> >     we develop a BCP on OS. [...]
> >
> >     I'd really really hope we disentangle that discussion from this
> >     draft though, so please replace the last sentence with:
> >
> >     "The sense of the UTA Working Group was to complete
> >     work on this document about best practices for TLS in general,
and to
> >     for work on a separate BCP document about opportunistic security
> >     to be done later."
> >
> > FWIW:
> > - That text is not mine; it has been in since -07.
> > - I would personally be A-OK with UTA working on opportunistic TLS,
> > especially in the sense of providing advice on how to interop with
old
> > stuff in ways most likely to result in TLS usage.
> > - It's probably not a great idea to say that in this document
> >
> > How about:
> > "The sense of the UTA Working Group was to complete work on this
> > document about best practices for TLS in general, and to leave
> > recommendations about opportunistic TLS for future work."
>
> Or we could drop mention of the WG entirely:
>
> "This document specifies best practices for TLS in general. A separate
> document with recommendations for the use of TLS with opportunistic
> security is to be completed in the future."

Pete

As you may recall, this is in the charter for UTA.  The wording is
slightly different but as you clarified last October
=============================
>  From the UTA Charter:
> "- Consider, and possibly define, a standard way for an application
client and server to use unauthenticated encryption through TLS when
server and/or client authentication cannot be achieved."

Orit has it exactly correct: What people are now referring to as
"opportunistic TLS" is what the charter refers to as "unauthenticated
encryption through TLS". That was the IESG's intention when the charter
was approved.

It is up to the WG whether this document will additionally discuss the
issue of doing authentication in an opportunistic manner.

I think references to the Opportunistic Security draft are perfectly
reasonable.

(And just to be clear: One of the primary reasons that the term
"opportunistic encryption" was not chosen for the title of the O-S
document is because the term "opportunistic encryption" was already used
by RFC 4322 in an incompatible way. Claims that it is "yet to be
defined" are simply mistaken.)
===================================

so it seems to me that the decision now is that the UTA WG will do it in
a separate document (or else will have a revised charter).

Tom Petch

>
> pr
>
> --
> Pete Resnick<http://www.qualcomm.com/~presnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
>
>


------------------------------------------------------------------------
--------


> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>