Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Thu, Apr 5, 2018 at 1:09 PM, Nico Williams wrote: > The motivation for opportunistically using this is to be able to > incrementally deploy DANE for HTTPS (and browsers). Without that it > won't get deployed at all for HTTPS. Do you have both clients and servers that

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 08:06:42PM -0700, Eric Rescorla wrote: > On Wed, Apr 4, 2018 at 7:34 PM, Nico Williams wrote: > > > > HPKP had a TTL and yet as a practical matter, people found it very > > > problematic. > > > > I can see why: you have to commit to one certificate

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

> On Apr 4, 2018, at 10:34 PM, Nico Williams wrote: > > I can see why: you have to commit to one certificate in the chain not > changing. Whereas here you only have to commit to continue to publish > TLSA RRs (and signing them and your zone). This is a big difference.

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 07:56:37PM -0700, Eric Rescorla wrote: > On Wed, Apr 4, 2018 at 7:31 PM, Nico Williams wrote: > > We cannot be serious about security while promoting a protocol with a > > glaring downgrade attack. > > Unfortunately, you are conflating the assertive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 4, 2018 at 7:34 PM, Nico Williams wrote: > On Wed, Apr 04, 2018 at 07:44:53PM -0700, Eric Rescorla wrote: > > On Wed, Apr 4, 2018 at 7:20 PM, Nico Williams > wrote: > > > > > On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote:

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

And just to be clear, by "downgrade attack", you mean "normal PKI authentication that we rely on today". There's nothing in here that degrades security (except maybe the legacy crypto in the DNS); it's just not meeting the bar that you are setting. That doesn't mean there's not still some

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 4, 2018 at 7:31 PM, Nico Williams wrote: > On Thu, Apr 05, 2018 at 02:39:43AM +, Richard Barnes wrote: > > Re-adding the list. > > Removing one level of quotes. > > > On Wed, Apr 4, 2018, 22:34 Nico Williams wrote: > >> On Wed, Apr

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 07:44:53PM -0700, Eric Rescorla wrote: > On Wed, Apr 4, 2018 at 7:20 PM, Nico Williams wrote: > > > On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote: > > > I don't think that this comparison is particularly apt.The > > > representation

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Thu, Apr 05, 2018 at 02:39:43AM +, Richard Barnes wrote: > Re-adding the list. Removing one level of quotes. > On Wed, Apr 4, 2018, 22:34 Nico Williams wrote: >> On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote: >> > I don't think that this comparison

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 4, 2018 at 7:20 PM, Nico Williams wrote: > On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote: > > I don't think that this comparison is particularly apt.The > > representation in HSTS is simply "I support HSTS". The representation > > in HPKP is "I

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 05:33:27PM -0400, Paul Wouters wrote: > On Wed, 4 Apr 2018, Joseph Salowey wrote: > >A) Recommendation of adding denial of existence proofs in the chain provided > >by the extension > >B) Adding signaling to require the use of this extension for a period of > >time

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Re-adding the list. On Wed, Apr 4, 2018, 22:39 Richard Barnes wrote: > > > On Wed, Apr 4, 2018, 22:34 Nico Williams wrote: > >> On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote: >> > I don't think that this comparison is particularly apt.The >>

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Thu, Apr 05, 2018 at 12:07:57PM +1000, Martin Thomson wrote: > Given what we've learned about pinning (it is being removed from > browsers), this seems like a bad plan to me. You can use this TTL, or not. You're not required to set it to any value other than the max ("infinity") or min (zero)

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote: > I don't think that this comparison is particularly apt.The > representation in HSTS is simply "I support HSTS". The representation > in HPKP is "I will use either consistent keying material *or* a > consistent set of CAs". The

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 04, 2018 at 10:50:15AM -0700, Joseph Salowey wrote: > Some objections were raised late during the review of > the draft-ietf-tls-dnssec-chain-extension. The question before the working > group is either to publish the document as is or to bring the document back > into the working

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 4, 2018 at 7:15 PM, Viktor Dukhovni wrote: > > > > On Apr 4, 2018, at 10:07 PM, Martin Thomson > wrote: > > > > Given what we've learned about pinning (it is being removed from > > browsers), this seems like a bad plan to me. > >

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

> On Apr 4, 2018, at 10:07 PM, Martin Thomson wrote: > > Given what we've learned about pinning (it is being removed from > browsers), this seems like a bad plan to me. Question, are you thinking of HPKP or STS? HPKP pins rather volatile data, and is too fragile to

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Given what we've learned about pinning (it is being removed from browsers), this seems like a bad plan to me. Your cost benefit analysis seems about right though. On Thu, Apr 5, 2018 at 9:27 AM, Viktor Dukhovni wrote: > > >> On Apr 4, 2018, at 1:50 PM, Joseph Salowey

Re: [TLS] Ignas Bagdonas' No Objection on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

> On Apr 4, 2018, at 06:21, Ignas Bagdonas wrote: > > Ignas Bagdonas has entered the following ballot position for > draft-ietf-tls-iana-registry-updates-04: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included

Re: [TLS] Eric Rescorla's Yes on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

> On Mar 31, 2018, at 12:54, Eric Rescorla wrote: > > Eric Rescorla has entered the following ballot position for > draft-ietf-tls-iana-registry-updates-04: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

> On Apr 4, 2018, at 6:12 PM, Melinda Shore > wrote: > >> I support publication of the document as is. I would also be >> comfortable with a minor modification to say that TLSA certificate >> usages 0 and 1 (the restrictive ones) MUST NOT be used with this

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

> On Apr 4, 2018, at 1:50 PM, Joseph Salowey wrote: > > - Recommendation of adding denial of existence proofs in the chain provided > by the extension > - Adding signaling to require the use of this extension for a period of time > (Pinning with TTL) These are indeed the

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

> On Apr 4, 2018, at 17:05, Sean Turner wrote: > >> >> Abstract: >> >> Please include the list of updated RFCs in the abstract. See >> §3.1.D. The current >> formulation >> of "This document updates many (D)TLS RFCs (see

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On 4/4/18 2:53 PM, Richard Barnes wrote: > I support publication of the document as is.  I would also be > comfortable with a minor modification to say that TLSA certificate > usages 0 and 1 (the restrictive ones) MUST NOT be used with this mechanism. The addition of text that clarifies that

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

On Apr 3, 2018, at 23:09, Adam Roach wrote: > > Adam Roach has entered the following ballot position for > draft-ietf-tls-iana-registry-updates-04: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines.

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, Apr 4, 2018 at 1:50 PM, Joseph Salowey wrote: > Hi Folks, > > Some objections were raised late during the review of > the draft-ietf-tls-dnssec-chain-extension. The question before the > working group is either to publish the document as is or to bring the > document

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

On Wed, 4 Apr 2018, Joseph Salowey wrote: This is a consensus call on how to progress this document.  Please answer the following questions: 1) Do you support publication of the document as is, leaving these two issues to potentially be addressed in follow-up work? I do NOT support

Re: [TLS] Alexey Melnikov's No Objection on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

> On Apr 4, 2018, at 12:48, Alexey Melnikov wrote: > > Hi Benjamin, > > On Tue, Apr 3, 2018, at 10:50 PM, Benjamin Kaduk wrote: >> I will trim the purely editorial stuff, as the authors should be >> able to handle that (and have already started, since the cipher >>

[TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Hi Folks, Some objections were raised late during the review of the draft-ietf-tls-dnssec-chain-extension. The question before the working group is either to publish the document as is or to bring the document back into the working group to address the following issues: - Recommendation of

Re: [TLS] Alexey Melnikov's No Objection on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

Hi Benjamin, On Tue, Apr 3, 2018, at 10:50 PM, Benjamin Kaduk wrote: > I will trim the purely editorial stuff, as the authors should be > able to handle that (and have already started, since the cipher > suite/hash+signature algorithm thing was already noted). > > On Tue, Apr 03, 2018 at

Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)

On Wednesday, 4 April 2018 16:46:36 CEST Roland Zink wrote: > Am 04.04.2018 um 14:43 schrieb Hubert Kario: > > On Friday, 30 March 2018 11:42:23 CEST Vakul Garg wrote: > >> Hi Martin > >> > >>> -Original Message- > >>> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Rex > >>>

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

On Tue, Apr 03, 2018 at 09:09:21PM -0700, Adam Roach wrote: > -- > COMMENT: > -- > > ---

Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)

Am 04.04.2018 um 14:43 schrieb Hubert Kario: On Friday, 30 March 2018 11:42:23 CEST Vakul Garg wrote: Hi Martin -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Rex Sent: Thursday, March 29, 2018 4:47 AM To: Steve Fenter Cc:

Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)

On Friday, 30 March 2018 11:42:23 CEST Vakul Garg wrote: > Hi Martin > > > -Original Message- > > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Rex > > Sent: Thursday, March 29, 2018 4:47 AM > > To: Steve Fenter > > Cc: tls@ietf.org > > Subject:

[TLS] Ignas Bagdonas' No Objection on draft-ietf-tls-iana-registry-updates-04: (with COMMENT)

Ignas Bagdonas has entered the following ballot position for draft-ietf-tls-iana-registry-updates-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

[TLS] Ignas Bagdonas' No Objection on draft-ietf-tls-record-limit-02

Ignas Bagdonas has entered the following ballot position for draft-ietf-tls-record-limit-02: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-record-limit-02: (with COMMENT)

On Wed, Apr 4, 2018 at 5:44 PM, Adam Roach wrote: >>> A server MUST NOT enforce this restriction; a client might advertise a >>> higher limit that is enabled by an extension or version the server does not >>> understand. > > It would, if it were present. The IESG is reviewing

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-record-limit-02: (with COMMENT)

On 4/4/18 1:44 AM, Martin Thomson wrote: Hi Adam, Thanks for the review. You picked up on something that was a little sloppy there. PR: https://github.com/tlswg/tls-record-limit/pull/19 On Wed, Apr 4, 2018 at 3:58 PM, Adam Roach wrote:> Adam Roach has entered the following

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-record-limit-02: (with COMMENT)

Hi Adam, Thanks for the review. You picked up on something that was a little sloppy there. PR: https://github.com/tlswg/tls-record-limit/pull/19 On Wed, Apr 4, 2018 at 3:58 PM, Adam Roach wrote:> Adam Roach has entered the following ballot position for > §4: > >> MUST NOT