"Mankin, Allison" <[email protected]> writes: > My two cents is that the authentication profile for TLS and DTLS > should not be the same as a draft with flows. > > I reviewed the flows draft before it was submitted (and thank the > authors for responding to initial comments). Unsurprisingly, the > flows draft is almost entirely made up of flows. I estimate that many > will have to change in response to DPRIVE WG review/discussion of the > DTLS fragmentation scheme; also, some of them may need to change based > on what is finalized for 1.3 in the TLS WG. In keeping with other > precedents at IETF, I’d see the flows draft as an informational > document to help implementors/deployers.
I don't think this WG should wait for completion of TLS 1.3. If you write drafts the right way, I don't see anything that needs to be changed moving from TLS 1.2 to TLS 1.3. Or are you thinking of mandating TLS >= 1.3 for dprive? I believe the dprive documents are in reasonable shape, and the only worrying concern is that the (D)TLS-considerations ought to be synchronized between DoDTLS and DoTLS. It appears there is already work towards fixing that, and once that document is available, there could be a WG last call on all three documents. I don't see anything that would prevent this from happening during the next 0-3 months process-wise. I believe that TLS 1.3 will not be finalized within that time-frame. /Simon > > The authentication profile for TLS/DTLS is something we can pull > together now, with some work by the WG, and I’d expect it to be > standards track. I would not want to delay it for finishing the > detailed engineering on the DTLS draft. > > Bottom line: I very much support Sara’s offer to start a stand-alone > document for the authentication profile. Speaking for the TLS > authors, we’ll be happy to add language pointing ahead to an > authentication profile external to our draft. > > Allison > > . > > >> On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) >> <[email protected]> wrote: >> >> >> >> From: Sara Dickinson [mailto:[email protected] <mailto:[email protected]>] >> Sent: Tuesday, October 27, 2015 7:34 PM >> To: Tirumaleswar Reddy (tireddy) >> Cc: [email protected] <mailto:[email protected]> >> Subject: Re: [dns-privacy] Start of WGLC for >> draft-ietf-dprive-dns-over-tls-01 >> >> >> On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) >> <[email protected] <mailto:[email protected]>> wrote: >> >> >> I’m saying I think creating a separate document that specifically >> covers authentication for both TLS and DTLS makes most sense to me >> and will be clearer for consumers of the documents. >> >> [TR] We can move this Section to >> https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00 >> <https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00> >> and that will take care both (D)TLS profile for DNS privacy and >> authenticating the server. >> >> I guess this is a decision for the working group since the DTLS >> draft is adopted, but the above document isn’t. >> >> [TR] Yes, of course; will do that only after WG feedback and adoption of the >> draft. >> >> -Tiru >> >> Sara. >> _______________________________________________ >> dns-privacy mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/dns-privacy >> <https://www.ietf.org/mailman/listinfo/dns-privacy> > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
signature.asc
Description: PGP signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
