-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/23/13 6:02 AM, Stephen Farrell wrote: > > > On 10/23/2013 12:52 PM, Alexey Melnikov wrote: >> Hi Stephen, >> >> On 22/10/2013 17:46, Stephen Farrell wrote: >>> Yep, that's a useful post - we shouldn't rush too much, but we >>> do want to get things done so that developers and deployers >>> have something to use. >>> >>> I wonder what's the best way to proceed with this kind of >>> stuff. I guess we want a BCP of some sort, but the question is >>> how to handle the various different cases of foo-with-tls. >>> >>> - Yaron did a generic TLS BCP draft. [1] - PSA did an XMPP TLS >>> BCP draft [2] - This sounds like we might want an SMTP TLS BCP >>> draft or perhaps to add text to [3], but that's aiming for >>> experimental and is just about using DANE. >> I think some generic fallback rules can be protocol independent. >> But needs of different protocols might be different. For example >> backward compatibility with deployed TLS ciphers might be >> different for XMPP and SMTP. > > Sounds reasonable. I guess even if they have the same libraries the > update cycles might differ. (Anyone know?)
I expect that the update cycles are indeed different. I don't particularly *want* to have different BCPs for different protocols, and personally I'd like to see as much commonality as possible (with everyone pointing to Yaron's generic document). However, there are some application-level differences (e.g., with regard to session resumption) and each community (email, IM, web, etc.) has had a different experience with the use of TLS, including varying release schedules or willingness to release more often, use of STARTTLS vs. separate ports, bigger or smaller networks, more or less diverse developer community (e.g., with no one dominant implementation or small set of implementations), client-to-server only communications vs. also server-to-server federation, varying user expectations, etc. >> I think SMTP TLS BCP would be a good idea. I think it should be >> independent of DANE, because of the status of the DANE document. >> I would be happy to work on it (and would be happy to collaborate >> with PSA to discuss similarities and differences). > > Great. Let's talk in YVR about how to get that done so its a real > BCP that gets followed in the wild. If someone else is up for > helping I guess contact Alexey. Before this thread emerged, I suggested the idea of having a chat about this topic during the AppsArea session on Monday morning (and BTW there are no SEC area sessions opposite). That might be a good place to start. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSaWD/AAoJEOoGpJErxa2p9/0P/1BVxsw8CBDfzv+hlT4Gg8vo Jh3lPmEDuLnolqulFFUnFWos83egKabC/aGZ02i4YoAOzKhA48OIgKgjxaqA99H1 qzt/84s/C0m2z4iXG/AUCxI6TuLh2VoZkjJTVG//wFHVkde0Ooa8kv09g6yeOsmO DD6iPEft4tSrvZM6F9dQTZuciBza/nFpq5pJ8EZHwnMKQgmPp2W9gtd7+ua/BDwL w2CbxeJ8pGiDVXu9wjLenYVrapHs0Ul5zCNfmX0fK3qSijdlz4iUAC9+vrZF+Jnv ufvvGhNZwMlmmMLguQnyFoFAmf7uleHiufuIyAVn27Aa9tUWUQtNNS2CBx3NFxs2 iozYIyYOdjRC8D3fXNe+kmauVhTZtYx6yjKIvZdWpFLtBYo2MzWBUyJ/zzx+7dx4 5Y2oqphKedZzSkW2dRlqCqCJ52Wiv2mCwDtuUfx3XEeVxDezcSMLtrLc7sTvQ8wK 22YoU42+maHk0V7Ggzdb0avrK9/SSRQ7rJnvVANUWzMlYYLZSMgHsUXEwhetYYyO vAIwLvEkdckMLaLLN672rHHzY7WyJWhQUmDxb16FEWeLayAOOjAAWNcdGu86ehpF /T/WXIIrD4msirRCJEvpVe0lihIWoQHAX6ZyJcsjGGU5rrrM5JwdPJS+PpkxvG00 8EU5HwKYOSngShp+vzu3 =4/i5 -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
