Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Tue, Feb 27, 2018 at 05:36:12PM -0600, Nico Williams wrote: > On Tue, Feb 27, 2018 at 11:24:31AM -0500, Shumon Huque wrote: > > On Tue, Feb 27, 2018 at 10:59 AM, Shumon Huque wrote: > > > Several of us were well aware of this during the early days of the > > > draft, but

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Tue, Feb 27, 2018 at 11:24:31AM -0500, Shumon Huque wrote: > On Tue, Feb 27, 2018 at 10:59 AM, Shumon Huque wrote: > > Several of us were well aware of this during the early days of the > > draft, but perhaps many folks did not fully appreciate the impacts > > until I

[TLS] tls - Requested sessions have been scheduled for IETF 101

Dear Sean Turner, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. tls Session 1 (2:30:00) Wednesday, Morning Session I 0930-1200 Room Name: Blenheim size: 200

Re: [TLS] Opsdir last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 27, 2018, at 11:53, Benjamin Kaduk wrote: > > On Tue, Feb 27, 2018 at 11:25:29AM -0500, Russ Housley wrote: >> >> >> Wouldn't it be sufficient to add a note a the bottom of the registry that >> says: >> >> If an item is marked as not recommended it does not

Re: [TLS] Opsdir last call review of draft-ietf-tls-iana-registry-updates-04

On Tue, Feb 27, 2018 at 11:25:29AM -0500, Russ Housley wrote: > > > Wouldn't it be sufficient to add a note a the bottom of the registry that > says: > >If an item is marked as not recommended it does not necessarily mean >that it is flawed, rather, it indicates that either the item

Re: [TLS] Opsdir last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 20, 2018, at 05:44, Dan Romascanu wrote: > > Reviewer: Dan Romascanu > Review result: Has Issues > > I am the assigned OPS-DIR reviewer for this draft. The OPS DIrectorate reviews > a great part of the IETF documents being processed by the IESG for the OPS > ADs.

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Tue, Feb 27, 2018 at 10:59 AM, Shumon Huque wrote: > > > Several of us were well aware of this during the early days of the > draft, but perhaps many folks did not fully appreciate the impacts > until I elaborated on them last year, and added text that described > the

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

>> Minor issues: >> >> I think convention is to list the documents being updated in the Abstract, >> but >> cannot find any formal guidance. > > You’re right that is the convention, but it’s not required. > draft-flanagan-7322bis is attempting to make including updates in the > abstract a

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

> On Feb 27, 2018, at 10:47 AM, Willem Toorop wrote: > >> If this protocol has no denial of existence, I don't see any reason >> for anyone to deploy it. Why publish something that's basically >> useless? > > Well.. support of the option could be obligatory for new TLS

Re: [TLS] Opsdir last call review of draft-ietf-tls-iana-registry-updates-04

Hi Sean, Thanks for the answer and for addressing my comments. Short observations are inserted. Regards, Dan On Tue, Feb 27, 2018 at 4:11 PM, Sean Turner wrote: > > > > On Feb 20, 2018, at 05:44, Dan Romascanu wrote: > > > > Reviewer: Dan Romascanu > >

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On Mon, Feb 26, 2018 at 12:19 PM, Viktor Dukhovni wrote: > > I think that as it stands, lack of authenticated denial of existence is > a *fatal* flaw in the protocol. I just don't see a sufficiently practical > scenario in which this extension confers a useful security

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Op 27-02-18 om 16:12 schreef Viktor Dukhovni: > > >> On Feb 27, 2018, at 9:34 AM, Benjamin Kaduk wrote: >> >> There doesn't seem to be much interest in pinning-like schemes for TLS >> at this point (see also the "TLS server identity pinning" proposal from >> the

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

> On Feb 27, 2018, at 9:34 AM, Benjamin Kaduk wrote: > > There doesn't seem to be much interest in pinning-like schemes for TLS > at this point (see also the "TLS server identity pinning" proposal from > the SAAG/secdispatch session at IETF 100). > And I do think the lack of

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 27, 2018, at 09:55, Sean Turner wrote: > > > >> On Feb 27, 2018, at 09:51, Benjamin Kaduk wrote: >> >> On 02/27/2018 08:11 AM, Sean Turner wrote: >>> There are two states for the Recommended column: YES and NO. I can go >>> either way on

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 27, 2018, at 09:55, Salz, Rich wrote: > > >> I thought we had always been clear that it was "not marked as >> recommended", i.e., "we make no comment about its status". > > That was my understanding to. The choices are "recommended" or "no comment” Yes, but we

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 27, 2018, at 09:51, Benjamin Kaduk wrote: > > On 02/27/2018 08:11 AM, Sean Turner wrote: >> There are two states for the Recommended column: YES and NO. I can go >> either way on whether >> marked as not recommended = NO >> not marked as recommended = NO >> >> WG

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

>I thought we had always been clear that it was "not marked as > recommended", i.e., "we make no comment about its status". That was my understanding to. The choices are "recommended" or "no comment" ___ TLS mailing list TLS@ietf.org

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

On 02/27/2018 08:11 AM, Sean Turner wrote: > There are two states for the Recommended column: YES and NO. I can go either > way on whether > marked as not recommended = NO > not marked as recommended = NO > > WG - thoughts? I thought we had always been clear that it was "not marked as

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

On 02/26/2018 11:20 AM, Viktor Dukhovni wrote: > >> On Feb 26, 2018, at 9:26 AM, Paul Wouters wrote: >> >> So it was decided to not use a full DNS packet format? And then since you >> miss the structure of the Answer Section and Additional/Authority >> Section, you require the

Re: [TLS] Opsdir last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 20, 2018, at 05:44, Dan Romascanu wrote: > > Reviewer: Dan Romascanu > Review result: Has Issues > > I am the assigned OPS-DIR reviewer for this draft. The OPS DIrectorate reviews > a great part of the IETF documents being processed by the IESG for the OPS > ADs.

Re: [TLS] Genart last call review of draft-ietf-tls-iana-registry-updates-04

> On Feb 20, 2018, at 14:50, Stewart Bryant wrote: > > Reviewer: Stewart Bryant > Review result: Ready with Issues > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG