Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
In CURDLE this week, we had consensus (to be confirmed on the list, of course) that Signature contexts were created in the TLS arena, we all thought we needed them in other areas, and we don't, therefore all CURDLE documents for those other areas will specify a zero-length context. FWIW. I agree with Yoav's message, for the reasons he states. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Sean Turner [mailto:s...@sn3rd.com] > Sent: Friday, November 18, 2016 6:56 PM > To:> Subject: [TLS] WGLC for draft-ietf-tls-rfc4492bis > > All, > > This is a working group last call for the “4492bis to Standards Track" draft > available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. > Please > review the document and send your comments to the list by 9 December > 2016. > > Note that we are particularly interesting in the issue Yoav raises in the > following message: > https://mailarchive.ietf.org/arch/msg/tls/8Ec7jQqLr_3FrvQfuclllfozKZk > > Thanks, > J > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
Rebrand 4. There is no reason not to. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
Maintaining my hum from the meeting, I prefer keeping TLS 1.3 over renaming, primarily because there's now a good amount of documentation/implementation in the wild that refers to TLS 1.3, and we'll need to keep around the new equivalence of TLS 2 (or 4)=TLS 1.3. On Sat, Nov 19, 2016, 8:31 AM Ira McDonaldwrote: > Hi, > > I think that the presumption that most tech people (or even security > people) > won't have any trouble with the future version numbering of TLS is wrong. > > Yesterday morning, on an SAE Vehicle Electrical Systems Security call with > some 40 auto security professionals present, I mentioned that TLS 1.3 was > wrapping up and was asked "What's TLS?" Usual explanation about SSL > being succeeded by IETF TLS 17 years ago. Several responses that were > the equivalent of blank stares. And finally, "Then why is the library > still > called OpenSSL?" > > Rich has highlighted that the tech community goes right on conflating SSL > with TLS on web sites. > > I change my two cents to "TLS 4" but am unsure about "4" or "4.0" because > the tech community has been trained to care about major.minor. > > Cheers, > - Ira > > > Ira McDonald (Musician / Software Architect) > Co-Chair - TCG Trusted Mobility Solutions WG > Chair - Linux Foundation Open Printing WG > Secretary - IEEE-ISTO Printer Working Group > Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG > IETF Designated Expert - IPP & Printer MIB > Blue Roof Music / High North Inc > http://sites.google.com/site/blueroofmusic > http://sites.google.com/site/highnorthinc > mailto: blueroofmu...@gmail.com > Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 > May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434 > > > On Sat, Nov 19, 2016 at 6:32 AM, Jeffrey Walton > wrote: > > On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote: > > At IETF 97, the chairs lead a discussion to resolve whether the WG > should rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf > . > > > > The consensus in the room was to leave it as is, i.e., TLS1.3, and to > not rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this > decision on the list so please let the list know your top choice between: > > > > - Leave it TLS 1.3 > > - Rebrand TLS 2.0 > > - Rebrand TLS 2 > > - Rebrand TLS 4 > > > > by 2 December 2016. > > Please forgive my ignorance... > > Who are you targeting for the versioning scheme? Regular users? Mom > and pop shops with a web presence? Tech guys and gals? Security folks? > > For most tech people and security folks, I don't think it matters > much. However, how many regular users would have clung to SSLv3 and > TLS 1.0 (given TLS 1.2 was available) if they were named SSL 1995 and > TLS 1999 (given TLS 2008 or TLS 2010 was available)? > > (Sorry to violate the Hum restriction). > > Jeff > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
"Then why is the library still > called OpenSSL?" All those arguments show basic confusion of what TLS is. Version numbers won't help solve that. Only going back to using the SSL name might. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
I have not read the document in full (but still noticed a typo in the paragraph we're discussing), so I will not comment on its readiness. Regarding signature context: I don't understand the CFRG recommendation that Yoav is citing. IMO we should include a context string wherever we can, to reduce the number of possible cross-protocol (or cross-signature scheme) attacks. As far as I know context strings do not cost anything and can only improve the protocol's security. Maybe one day we will only have signatures deployed that support context, but if we don't add the context string now we will never get there. We are not going to revise TLS just to add a context string to EdDSA. Thanks, Yaron On 19/11/16 08:55, Sean Turner wrote: All, This is a working group last call for the “4492bis to Standards Track" draft available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please review the document and send your comments to the list by 9 December 2016. Note that we are particularly interesting in the issue Yoav raises in the following message: https://mailarchive.ietf.org/arch/msg/tls/8Ec7jQqLr_3FrvQfuclllfozKZk Thanks, J ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
Hi, I think that the presumption that most tech people (or even security people) won't have any trouble with the future version numbering of TLS is wrong. Yesterday morning, on an SAE Vehicle Electrical Systems Security call with some 40 auto security professionals present, I mentioned that TLS 1.3 was wrapping up and was asked "What's TLS?" Usual explanation about SSL being succeeded by IETF TLS 17 years ago. Several responses that were the equivalent of blank stares. And finally, "Then why is the library still called OpenSSL?" Rich has highlighted that the tech community goes right on conflating SSL with TLS on web sites. I change my two cents to "TLS 4" but am unsure about "4" or "4.0" because the tech community has been trained to care about major.minor. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmu...@gmail.com Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434 On Sat, Nov 19, 2016 at 6:32 AM, Jeffrey Waltonwrote: > On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote: > > At IETF 97, the chairs lead a discussion to resolve whether the WG > should rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides- > 97-tls-rebranding-aka-pr612-01.pdf. > > > > The consensus in the room was to leave it as is, i.e., TLS1.3, and to > not rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this > decision on the list so please let the list know your top choice between: > > > > - Leave it TLS 1.3 > > - Rebrand TLS 2.0 > > - Rebrand TLS 2 > > - Rebrand TLS 4 > > > > by 2 December 2016. > > Please forgive my ignorance... > > Who are you targeting for the versioning scheme? Regular users? Mom > and pop shops with a web presence? Tech guys and gals? Security folks? > > For most tech people and security folks, I don't think it matters > much. However, how many regular users would have clung to SSLv3 and > TLS 1.0 (given TLS 1.2 was available) if they were named SSL 1995 and > TLS 1999 (given TLS 2008 or TLS 2010 was available)? > > (Sorry to violate the Hum restriction). > > Jeff > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
Ilari Liusvaarawrites: >Nope, I was referring to the very technical property that if client sends a >TLS 1.3 handshake, a TLS 1.2 server can still successfully interop, provoded >that the client does TLS 1.2 too That's like saying that PGP and S/MIME are compatible because if a client sends a PGP message, a MIME-enabled server can still successfully interop provided the S/MIME server does PGP too. Anyway, it's a silly debate (as my Wozniak joke tried to point out), so I'll bow out now. Peter. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Confirming consensus: TLS1.3->TLS*
On Thu, Nov 17, 2016 at 9:12 PM, Sean Turnerwrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf. > > The consensus in the room was to leave it as is, i.e., TLS1.3, and to not > rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on > the list so please let the list know your top choice between: > > - Leave it TLS 1.3 > - Rebrand TLS 2.0 > - Rebrand TLS 2 > - Rebrand TLS 4 > > by 2 December 2016. Please forgive my ignorance... Who are you targeting for the versioning scheme? Regular users? Mom and pop shops with a web presence? Tech guys and gals? Security folks? For most tech people and security folks, I don't think it matters much. However, how many regular users would have clung to SSLv3 and TLS 1.0 (given TLS 1.2 was available) if they were named SSL 1995 and TLS 1999 (given TLS 2008 or TLS 2010 was available)? (Sorry to violate the Hum restriction). Jeff ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls