Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

Hi Adam, Thanks for your comments. I'm going to let the Chairs handle the Abstract one. Responses below (I'm ignoring a bunch which I just agree with). > §4.2.1: > > > TLS SHOULD support TLS 1.2. Servers should be prepared to receive > > ClientHellos that include this extension but do not

Re: [TLS] TLS 1.3, how to close the read side of a connection?

Hi Xuelei, Can you elaborate on what proxy protocol you're using that can reuse the TCP connection for follow on connections, and what semantics it has? As far as I know, SOCKS and HTTP CONNECT don't support this. Additionally, the close_notify alerts are sent encrypted so the proxy wouldn't be

Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

> 1) I'm a bit uncertain if obsoleting is the right approach as many > other protocols usually do not obsolete older versions. However, I > understand that this has been the approach TLS has previously taken > and is supported by the way the document is written. Well:

Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

Hi, see below > Am 07.03.2018 um 19:05 schrieb Eric Rescorla : > > > 1) I'm a bit uncertain if obsoleting is the right approach as many > > other protocols usually do not obsolete older versions. However, I > > understand that this has been the approach TLS has previously taken >

Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

On Wed, Mar 7, 2018 at 10:32 AM, Mirja Kuehlewind (IETF) < i...@kuehlewind.net> wrote: > > > Still, I find it > > > especially confusing that also two TLS1.2 extensions are deprecated > > > which are not needed with TLS1.3 anymore but still probably valid to > > > be used with TLS1.2, right? > >

Re: [TLS] TLS 1.3, how to close the read side of a connection?

Hi Xuelei, Do you have an example for when you would need to gracefully close the read side? If you're downloading a 10GB video and the user cancels the download, you can simply tear down the TCP connection by sending a RST. The benefit of having a graceful read close would be for the server to

Re: [TLS] Adam Roach's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

On 3/7/18 12:58 PM, Eric Rescorla wrote: > As a rule of thumb, "that" is used to start restrictive clauses ("Two doors > are in front of you. The door that is on the right leads outside"), while > "which" is used to start non-restrictive clauses ("The only door in the room, > which is made of

Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

Thanks for your review, Mirja. I will just add one comment inline from WG discussion and consensus. On Wed, Mar 7, 2018 at 1:05 PM, Eric Rescorla wrote: >> 1) I'm a bit uncertain if obsoleting is the right approach as many >> other protocols usually do not obsolete older

Re: [TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

Mirja, On Wed, Mar 7, 2018 at 2:03 PM, Eric Rescorla wrote: > > > On Wed, Mar 7, 2018 at 10:32 AM, Mirja Kuehlewind (IETF) > wrote: >> >> > > Still, I find it >> > > especially confusing that also two TLS1.2 extensions are deprecated >> > > which are not

Re: [TLS] Ben Campbell's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

> On Mar 7, 2018, at 16:35, Ben Campbell wrote: > > > >> On Mar 7, 2018, at 2:49 PM, Sean Turner wrote: >> >> >> >>> On Mar 6, 2018, at 12:27, Ben Campbell wrote: >>> >>> Ben Campbell has entered the following ballot position for >>>

Re: [TLS] Ben Campbell's Yes on draft-ietf-tls-tls13-26: (with COMMENT)

> On Mar 7, 2018, at 2:49 PM, Sean Turner wrote: > > > >> On Mar 6, 2018, at 12:27, Ben Campbell wrote: >> >> Ben Campbell has entered the following ballot position for >> draft-ietf-tls-tls13-26: Yes >> >> When responding, please keep the subject line

[TLS] Spencer Dawkins' No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

Spencer Dawkins has entered the following ballot position for draft-ietf-tls-tls13-26: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24

+1. If anything, the existing "buggy implementation" alert codes should get folded together. (But I don't think it's worth making that change at this stage either.) E.g. decode_error vs illegal_parameter vs unexpected_message are rather useless distinctions and trying to get them "right" adds

[TLS] TLS 1.3, how to close the read side of a connection?

Hi, Per TLS 1.3 draft (Section 6.1, Closure Alerts), the close_notify alert is used to notify the recipient that the sender will not send any more messages on this connection. And this does not have any effect on its read side of the connection. I think it means that after sending the

Re: [TLS] Alexey Melnikov's Discuss on draft-ietf-tls-tls13-26: (with DISCUSS and COMMENT)

On Wed, Mar 7, 2018 at 7:27 AM, Alexey Melnikov wrote: > Hi Ekr, > > On Wed, Mar 7, 2018, at 2:16 PM, Eric Rescorla wrote: > > > > On Wed, Mar 7, 2018 at 5:29 AM, Alexey Melnikov > wrote: > > Alexey Melnikov has entered the following ballot

Re: [TLS] TLS 1.3, how to close the read side of a connection?

Well, this is like TCP in that respect. You send close_notify and then you either stop reading off of or close the TCP socket. -Ekr On Wed, Mar 7, 2018 at 9:40 AM, Xuelei Fan wrote: > Hi, > > Per TLS 1.3 draft (Section 6.1, Closure Alerts), the close_notify alert is >

[TLS] Alexey Melnikov's Discuss on draft-ietf-tls-tls13-26: (with DISCUSS and COMMENT)

Alexey Melnikov has entered the following ballot position for draft-ietf-tls-tls13-26: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

Re: [TLS] Alexey Melnikov's Discuss on draft-ietf-tls-tls13-26: (with DISCUSS and COMMENT)

On Wed, Mar 7, 2018 at 5:29 AM, Alexey Melnikov wrote: > Alexey Melnikov has entered the following ballot position for > draft-ietf-tls-tls13-26: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC

Re: [TLS] external PSK identity enumeration Re: UPDATED Last Call: (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard

On Wednesday, 21 February 2018 15:31:33 CET Eric Rescorla wrote: > i think your general point is sound here, but I'll nitpick the statement > that > "if the server recognises an identity but is unable to verify corresponding > binder". > > 1. The server only picks one identity so you if you send

Re: [TLS] Alexey Melnikov's Discuss on draft-ietf-tls-tls13-26: (with DISCUSS and COMMENT)

Hi Ekr, On Wed, Mar 7, 2018, at 2:16 PM, Eric Rescorla wrote: > > > On Wed, Mar 7, 2018 at 5:29 AM, Alexey Melnikov > wrote:>> Alexey Melnikov has entered the following > ballot position for >> draft-ietf-tls-tls13-26: Discuss >> >> When responding, please keep the

[TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-26: (with COMMENT)

Mirja Kühlewind has entered the following ballot position for draft-ietf-tls-tls13-26: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to