Re: [TLS] Keeping TLS extension points working

2016-09-02 Thread David Benjamin
I've finally gotten to uploading https://tools.ietf.org/html/draft-davidben-tls-grease-01 which hopefully resolves the procedural issues (thanks again!). I've also revised the text slightly after some off-list feedback about the risks of non-deterministic failures. I didn't add text about what

Re: [TLS] Keeping TLS extension points working

2016-08-03 Thread David Benjamin
limited to, > total or partial > disclosure, reproduction, or dissemination) by persons other than the > intended > recipient(s) is prohibited. If you receive this e-mail in error, please > notify the sender by > phone or email immediately and delete it! > > *From:* David Benj

Re: [TLS] Keeping TLS extension points working

2016-08-03 Thread Raja ashok
you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! From: David Benjamin [mailto:david...@chromium.org] Sent: 02 August 2016 19:30 To: Steven Valdez; Raja ashok; tls@ietf.org Subject: Re: [TLS] Keeping TLS extension points working To ex

Re: [TLS] Keeping TLS extension points working

2016-08-02 Thread David Benjamin
To expand on that a little, since it seems comments (a) and (b) are really the same one: The purpose of having an explicitly reserved list (b) is precisely so we do not have to do a second handshake (a). The purpose here is to ensure we exercise the little-used codepaths, not introduce new ones.

Re: [TLS] Keeping TLS extension points working

2016-07-28 Thread Geoffrey Keating
Hubert Kario writes: > On Thursday, 28 July 2016 06:12:48 CEST Watson Ladd wrote: > > On Thu, Jul 28, 2016 at 3:28 AM, Hubert Kario wrote: > > > On Wednesday, 27 July 2016 09:50:18 CEST Wan-Teh Chang wrote: > > >> Another source of interop failures is the

Re: [TLS] Keeping TLS extension points working

2016-07-28 Thread Watson Ladd
On Thu, Jul 28, 2016 at 3:28 AM, Hubert Kario wrote: > On Wednesday, 27 July 2016 09:50:18 CEST Wan-Teh Chang wrote: >> On Mon, Jul 25, 2016 at 3:32 PM, David Benjamin > wrote: >> > Hi folks, >> > >> > I'm not sure how this process usually works, but I

Re: [TLS] Keeping TLS extension points working

2016-07-28 Thread Hubert Kario
On Wednesday, 27 July 2016 09:50:18 CEST Wan-Teh Chang wrote: > On Mon, Jul 25, 2016 at 3:32 PM, David Benjamin wrote: > > Hi folks, > > > > I'm not sure how this process usually works, but I would like to reserve a > > bunch of values in the TLS registries to as part of

Re: [TLS] Keeping TLS extension points working

2016-07-27 Thread Adam Langley
On Wed, Jul 27, 2016 at 9:50 AM, Wan-Teh Chang wrote: > Another source of interop failures is the firewall devices that do > anomaly detection. Some of them will abort TLS handshakes if they see > unknown TLS protocol versions or extensions in ClientHello. (They all > seem to

Re: [TLS] Keeping TLS extension points working

2016-07-26 Thread Sean Turner
David, Technically, IANA makes the assignments we (the IETF/TLS WG) ask them to make via the IANA considerations section. They enforce the registry policy established when we (the IETF/TLS WG) originally established the registry; the available policies are found in RFC 5226 (and there’s some

Re: [TLS] Keeping TLS extension points working

2016-07-26 Thread Hubert Kario
On Monday, 25 July 2016 23:32:41 CEST David Benjamin wrote: > On Mon, Jul 25, 2016 at 7:23 PM Viktor Dukhovni > > wrote: > > On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote: > > > I'm not sure how this process usually works, but I would like to reserve > >

Re: [TLS] Keeping TLS extension points working

2016-07-26 Thread David Benjamin
On Tue, Jul 26, 2016 at 6:56 AM Hubert Kario wrote: > On Monday, 25 July 2016 22:32:29 CEST David Benjamin wrote: > > I would like to fix this by reserving a few values in our registries so > > that clients may advertise random ones and regularly exercise these > > codepaths

Re: [TLS] Keeping TLS extension points working

2016-07-26 Thread Hubert Kario
On Monday, 25 July 2016 22:32:29 CEST David Benjamin wrote: > I would like to fix this by reserving a few values in our registries so > that clients may advertise random ones and regularly exercise these > codepaths in servers. If enough of the client base does this, we can turn a > large class of

Re: [TLS] Keeping TLS extension points working

2016-07-25 Thread David Benjamin
On Mon, Jul 25, 2016 at 7:23 PM Viktor Dukhovni wrote: > On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote: > > > I'm not sure how this process usually works, but I would like to reserve > a > > bunch of values in the TLS registries to as part of an idea to

Re: [TLS] Keeping TLS extension points working

2016-07-25 Thread Viktor Dukhovni
On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote: > I'm not sure how this process usually works, but I would like to reserve a > bunch of values in the TLS registries to as part of an idea to keep our > extension points working. Here's an I-D: > >

Re: [TLS] Keeping TLS extension points working

2016-07-25 Thread David Benjamin
On Mon, Jul 25, 2016 at 6:32 PM David Benjamin wrote: > Hi folks, > > I'm not sure how this process usually works, but I would like to reserve a > bunch of values in the TLS registries to as part of an idea to keep our > extension points working. Here's an I-D: >