Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-15 Thread Eric Rescorla
On Mon, May 15, 2017 at 12:38 PM, Russ Housley wrote: > Just commenting on Section 4.2 … > > > > > > 3. Section 4.2. > > > > > >"In general, detailed certificate validation procedures are out of > > >scope for TLS (see [RFC5280]). This section provides TLS-specific

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-15 Thread Viktor Dukhovni
> On May 15, 2017, at 3:38 PM, Russ Housley wrote: > >>> I don't see an explanation of why it is out-of-scope. The reference >>> is just to RFC5280, which seems odd. I would expect the reference to >>> be to something that explains why it is out-of-scope. > > I think

Re: [TLS] Encrypted hellos (was Re: "Encrypted" SNI)

2017-05-15 Thread Dave Garrett
On Monday, May 15, 2017 07:56:44 am Hubert Kario wrote: > On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote: > > On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote: > > > The "server DH Key" poses a significant forward secrecy issue. Suppose > > > that the key is compromised. Now

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-15 Thread Russ Housley
Just commenting on Section 4.2 … > > > 3. Section 4.2. > > > >"In general, detailed certificate validation procedures are out of > >scope for TLS (see [RFC5280]). This section provides TLS-specific > >requirements." > > > > I don't see an explanation of why it is out-of-scope.

Re: [TLS] AD Review of draft-ietf-tls-tls13

2017-05-15 Thread Kathleen Moriarty
Hi Eric, Thanks for your response. Sorry for the delay, I'v been traveling. The responses sound good, I do have a clarification and will respond inline. On Sat, May 13, 2017 at 2:09 PM, Eric Rescorla wrote: > Hi Kathleen, > > Thanks for your review. > > >> 1. Since this is going

[TLS] FYI: SMTP TLS Milestone

2017-05-15 Thread Viktor Dukhovni
In the most recent Google email transparency reports: https://www.google.com/transparencyreport/saferemail/ we see for the first time an essentially equal (and some days slightly greater) fraction of inbound and outbound email using STARTTLS. Between Apr 15th and May 6th the STARTTLS

Re: [TLS] Encrypted hellos (was Re: "Encrypted" SNI)

2017-05-15 Thread Hubert Kario
On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote: > On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote: > > The "server DH Key" poses a significant forward secrecy issue. Suppose > > that the key is compromised. Now the secret police can find out what > > nasty sites was accessed

[TLS] Genart last call review of draft-ietf-tls-ecdhe-psk-aead-03

2017-05-15 Thread Dan Romascanu
Reviewer: Dan Romascanu Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For