Re: [TLS] WGLC for draft-ietf-tls-flags
On 7/16/2021 7:55 PM, Christopher Wood wrote: This is the second working group last call for the "A Flags Extension for TLS 1.3" draft, available here: https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/ Please review this document and send your comments to the list by July 30, 2021. The GitHub repository for this draft is available here: https://github.com/tlswg/tls-flags Thanks, Chris, on behalf of the chairs ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls Hi - I have not followed the discussion of this document on the mailing list so this review is only against the document itself. It's possible that these concerns have already been discussed. Section 2 requires (MUST) the generation of fatal illegal_parameter alert upon reception of a mal-encoded extension (e.g. any trailing zero bytes), but compare and contrast this with section 3 which is full of MUST and MUST NOT declarations but with no concrete actions to be taken. E.g. if I (server or client) send 0x01 0x10, and receive 0x01 0x11 from the client or server, wouldn't that be an illegal value as I've added a bit not sent to me? Should that cause the same fatal illegal_parameter alert? Alternately, "receiver MUST ignore received bits that weren't sent" language could clean this up. Section 4 is a bit painful to read in that it took me three read-throughs to understand that what the document is asking for is a monolithic registry which requires "expert review" for all registrations, but where the experts are responsible for the sub range determinations. Usually, that's not the way the IANA works. If a registry has distinct set of ranges, each range normally has a specific registration procedure that the IANA follows before placing a parameter in that registry. I'd strongly suggest reviewing RFC 8126 and chatting with the IANA to see if its possible to reform the registration process along more normal IANA lines. E.g.: 0-7 - Standards Action and Expert Request 8-31 - Standards Action 32 - 63 Specification Required or IETF Review (pick one) 64-79 Private Use 80-127 RFU or Expert Review 128-2039 First Come First Served Absent these two points, the rest of the content looks good. I'd recommend a draft pass to fix these two items. Later, Mike ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] WGLC for draft-ietf-tls-flags
On Fri, Jul 16, 2021 at 4:56 PM Christopher Wood wrote: > > This is the second working group last call for the "A Flags Extension for TLS > 1.3" draft, available here: > > https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/ > > Please review this document and send your comments to the list by July 30, > 2021. The GitHub repository for this draft is available here: I support publication. > > https://github.com/tlswg/tls-flags > > Thanks, > Chris, on behalf of the chairs > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Astra mortemque praestare gradatim ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Weekly github digest (TLS Working Group Drafts)
Issues -- * tlswg/draft-ietf-tls-semistatic-dh (+1/-0/0) 1 issues created: - Description of key derivation for client authentication (by thomwiggers) https://github.com/tlswg/draft-ietf-tls-semistatic-dh/issues/10 * tlswg/draft-ietf-tls-esni (+1/-0/6) 1 issues created: - Clarification of section 8.2. Middleboxes (by mosterdt) https://github.com/tlswg/draft-ietf-tls-esni/issues/474 2 issues received 6 new comments: - #474 Clarification of section 8.2. Middleboxes (4 by davidben, mosterdt) https://github.com/tlswg/draft-ietf-tls-esni/issues/474 - #441 Reconsider non-HRR ECH acceptance signal (2 by davidben, martinthomson) https://github.com/tlswg/draft-ietf-tls-esni/issues/441 * tlswg/tls13-spec (+0/-0/1) 1 issues received 1 new comments: - #1226 Timing of sending NST from the server (1 by ueno) https://github.com/tlswg/tls13-spec/issues/1226 * tlswg/dtls13-spec (+3/-0/11) 3 issues created: - Rekeying in (D)TLS 1.3 does not update the exporter_secret (by emanjon) https://github.com/tlswg/dtls13-spec/issues/253 - Establishing New Associations with Existing Parameters - SHOULD / please add description of the alternatives (by boaks) https://github.com/tlswg/dtls13-spec/issues/251 - DTLS 1.3 limits the number of packets that can be encrypted with AES-GCM to 2^40.5 (by emanjon) https://github.com/tlswg/dtls13-spec/issues/249 3 issues received 11 new comments: - #253 Rekeying in (D)TLS 1.3 does not update the exporter_secret (1 by ekr) https://github.com/tlswg/dtls13-spec/issues/253 - #249 DTLS 1.3 limits the number of packets that can be encrypted with AES-GCM to 2^40.5 (8 by ekr, emanjon, gloinul, kaduk, seanturner) https://github.com/tlswg/dtls13-spec/issues/249 - #248 Should the protocol specify a mechanism to ensure that the link is disconnected if the peer is restarted or some reason? (2 by ekr, seanturner) https://github.com/tlswg/dtls13-spec/issues/248 Pull requests - * tlswg/draft-ietf-tls-esni (+2/-0/1) 2 pull requests submitted: - Revise middlebox section. (by davidben) https://github.com/tlswg/draft-ietf-tls-esni/pull/475 - Use the encrypted_client_hello extension to signal acceptance in SH and HRR (by chris-wood) https://github.com/tlswg/draft-ietf-tls-esni/pull/473 1 pull requests received 1 new comments: - #475 Revise middlebox section. (1 by davidben) https://github.com/tlswg/draft-ietf-tls-esni/pull/475 * tlswg/tls-flags (+1/-0/0) 1 pull requests submitted: - Update sender and receiver text. (by chris-wood) https://github.com/tlswg/tls-flags/pull/6 * tlswg/dtls13-spec (+2/-0/1) 2 pull requests submitted: - More epochs per connection (epoch wrap) (by emanjon) https://github.com/tlswg/dtls13-spec/pull/252 - Larger epochs (by emanjon) https://github.com/tlswg/dtls13-spec/pull/250 1 pull requests received 1 new comments: - #252 More epochs per connection (epoch wrap) (1 by gloinul) https://github.com/tlswg/dtls13-spec/pull/252 * tlswg/draft-ietf-tls-ctls (+3/-3/1) 3 pull requests submitted: - Buggy reference fixed (by hannestschofenig) https://github.com/tlswg/draft-ietf-tls-ctls/pull/34 - Editorial Bugfix (by hannestschofenig) https://github.com/tlswg/draft-ietf-tls-ctls/pull/33 - * Clarify mutualaAuth (by ekr) https://github.com/tlswg/draft-ietf-tls-ctls/pull/32 1 pull requests received 1 new comments: - #32 * Clarify mutualaAuth (1 by ekr) https://github.com/tlswg/draft-ietf-tls-ctls/pull/32 3 pull requests merged: - Editorial Bugfix https://github.com/tlswg/draft-ietf-tls-ctls/pull/33 - * Clarify mutualaAuth https://github.com/tlswg/draft-ietf-tls-ctls/pull/32 - Revised version of cTLS https://github.com/tlswg/draft-ietf-tls-ctls/pull/29 Repositories tracked by this digest: --- * https://github.com/tlswg/draft-ietf-tls-semistatic-dh * https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate * https://github.com/tlswg/draft-ietf-tls-esni * https://github.com/tlswg/certificate-compression * https://github.com/tlswg/draft-ietf-tls-external-psk-importer * https://github.com/tlswg/draft-ietf-tls-ticketrequest * https://github.com/tlswg/tls13-spec * https://github.com/tlswg/tls-flags * https://github.com/tlswg/dtls13-spec * https://github.com/tlswg/dtls-conn-id * https://github.com/tlswg/tls-subcerts * https://github.com/tlswg/oldversions-deprecate * https://github.com/tlswg/sniencryption * https://github.com/tlswg/tls-exported-authenticator * https://github.com/tlswg/draft-ietf-tls-ctls * https://github.com/tlswg/external-psk-design-team ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
