On Thu, Dec 17, 2015 at 10:09 AM, Stephen Farrell
<stephen.farr...@cs.tcd.ie> wrote:
>
>
> On 17/12/15 14:58, Kathleen Moriarty wrote:
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-tls-cached-info-20: Yes
>>
>> When respondi
Kathleen Moriarty has entered the following ballot position for
draft-ietf-tls-cached-info-20: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
t; Cc: he...@florent-tatard.fr; sean+i...@sn3rd.com; Kathleen Moriarty; Chris
> Hawk; Nelson B Bolyard; <tls@ietf.org>; vipul.gu...@sun.com
> Subject: Re: [TLS] [Technical Errata Reported] RFC4492 (4783)
>
>
>> No, this is wrong. There is a client and there is a server
Kathleen Moriarty has entered the following ballot position for
draft-ietf-tls-rfc4492bis-15: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https
Congratulations, Hugo!
Thanks for sharing the news.
On Fri, Apr 14, 2017 at 7:44 AM, Salz, Rich wrote:
> I know it’s a little off-topic for this list, but this is pretty amazing.
>
>
>
> https://www.ibm.com/ibm/ideasfromibm/us/ibm_fellows/2017/hugo_m_krawczyk.html
>
>
>
> Wow.
Hi Steve,
Thanks for taking the time to detail out your concerns and current use
cases. This is helpful.
On Tue, Jul 11, 2017 at 9:39 PM, Martin Thomson
wrote:
> On 12 July 2017 at 09:59, Steve Fenter wrote:
>>> And if you had one an
With no hat on...
Sent from my iPhone
> On Jul 12, 2017, at 6:18 PM, Stephen Farrell
> wrote:
>
>
>
>> On 12/07/17 16:54, Kyle Rose wrote:
>> On Wed, Jul 12, 2017 at 11:28 AM, Stephen Farrell >> wrote:
>>
>>>
>>>
On 12/07/17
Hi Roland,
It sounds like you misread my messages and should read them in context of TLS
1.3 and the draft using DH static keys proposed to help with monitoring.
Best regards,
Kathleen
Sent from my iPhone
> On Jul 14, 2017, at 8:41 PM, Roland Dobbins wrote:
>
>> On 15
Sent from my iPhone
> On Jul 14, 2017, at 8:02 AM, Martin Thomson <martin.thom...@gmail.com> wrote:
>
> On 14 July 2017 at 01:08, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>> It sounds like for malware, we could do something to better doc
On Sat, Jul 15, 2017 at 7:56 AM, Roland Dobbins wrote:
> On 15 Jul 2017, at 18:19, Daniel Kahn Gillmor wrote:
>
>> I'd like to hear from the people who are doing full-take network capture
>> within their datacenters about how they protect the security of the
>> internal
On Sat, Jul 15, 2017 at 7:59 AM, Roland Dobbins wrote:
> On 15 Jul 2017, at 18:23, Daniel Kahn Gillmor wrote:
>
>> Whether it justifies a loss of security is a separate question.
>
>
> It isn't a loss of security - it's actually a net gain for security.
> Network visibility,
On Sun, Jul 16, 2017 at 5:14 AM, Salz, Rich wrote:
> Within an enterprise that believes they need this kind of
> packet-capture-decode thing, what are the other benefits of TLS 1.3? They
> can already use good ciphers. They save the cost of not uplifting existing
>
Hi,
The email seems to be missing some text that was in the etherpad (or
reordered maybe), so here it is again:
IETF99 TLS WG 2nd session (19-July-2017)
(all errors are JLH's)
Agenda/Administrivia
Exported Authenticators (EKR)
draft 21, hopefully close
WGLC #2 ended yesterday
Changes since
Hello,
Thank you all for your work on TLS 1.3. The list has still been
active on a few topics, so I want to see how that all settles out in
addition to the questions I have on the draft below.
Introduction:
1. Since this is going for IETF last call soon and there has been
review of the draft
date. Thank you.
>
>
>> 4. Section 6.2 Error Alerts
>>
>> In addition to sending the error, I don't see any mention of the error
>> being logged on the server side, shouldn't that be specified? Logging
>> errors (at least in debug modes when needed) pr
On Tue, May 16, 2017 at 11:17 AM, Russ Housley wrote:
>
> On May 15, 2017, at 7:01 PM, Eric Rescorla wrote:
>
>
>
> On Mon, May 15, 2017 at 12:38 PM, Russ Housley wrote:
>>
>> Just commenting on Section 4.2 …
>>
>> >
>> > > 3. Section
On Tue, May 16, 2017 at 12:37 PM, Viktor Dukhovni
<ietf-d...@dukhovni.org> wrote:
>
>> On May 16, 2017, at 11:36 AM, Kathleen Moriarty
>> <kathleen.moriarty.i...@gmail.com> wrote:
>>
>> OK, does that put us back to the suggested wording:
>>
>
On Tue, May 16, 2017 at 11:31 AM, Russ Housley wrote:
>
> On May 16, 2017, at 11:23 AM, Eric Rescorla wrote:
>
>
>
> On Tue, May 16, 2017 at 8:17 AM, Russ Housley wrote:
>>
>>
>> On May 15, 2017, at 7:01 PM, Eric Rescorla
Hello,
Thanks for your work on the draft draft-ietf-tls-ecdhe-psk-aead-02.
In the IANA section, I think it would be a bit more clear to say in
the last column rather than second column wince one might interpret
this listing as having 3 columns.
The cipher suite numbers listed in the second
gt; for cipher suite interoperability testing and it's suggested that IANA
> use these values for assignment.
> """
>
> Other nits have been addressed as well.
>
> If that is fine, I can publish the version 03.
>
> Yours,
> Daniel
>
>
>&
I haven't approved it yet as I noticed there was no response (that I saw) to
Alexey's comment and no change in the draft as a result of his comments.
I'll wait in responses for these 2 items.
Thank you,
Kathleen
Sent from my iPhone
> On May 4, 2017, at 8:41 AM, Hubert Kario
Yoav,
On Thu, May 4, 2017 at 1:59 PM, Yoav Nir <ynir.i...@gmail.com> wrote:
>
> On 4 May 2017, at 16:09, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>
> I haven't approved it yet as I noticed there was no response (that I saw) to
> Alexey's comm
Sent from my iPhone
> On Oct 22, 2017, at 2:40 PM, Ted Lemon wrote:
>
>> On Oct 22, 2017, at 1:54 PM, Russ Housley wrote:
>> No one is requiring TLS 1.3 that I know about. However, there are places
>> that require visibility into TLS. I will let one
Sent from my iPhone
> On Oct 22, 2017, at 3:24 PM, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>
>
>
> Sent from my iPhone
>
>> On Oct 22, 2017, at 2:40 PM, Ted Lemon <mel...@fugue.com> wrote:
>>
>>> On Oct 22, 2017,
On Fri, Dec 15, 2017 at 9:19 AM, Nikos Mavrogiannopoulos
wrote:
> On Fri, Dec 15, 2017 at 2:01 AM, Hanno Böck wrote:
>>
>> On Thu, 14 Dec 2017 16:45:57 -0800
>> Colm MacCárthaigh wrote:
>>
>> > But what would that look like? What would we do
Hi Christian,
Thanks for including text on the known uses of SNI. Hopefully if
there are other known uses, they will be contributed for evaluation of
this problem space.
In section 2.2, enterprises can still use proxy based or active
interception solutions to enable inspection of traffic on
rprise networks and
>> critical infrastructure and be fundamentally more inclusive.
>> Privacy-at-any-cost is not a holistic design.
>>
>> Thanks,
>> Bret
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
>> "W
Great, thank you very much, Stephen! I'll get it rolling towards
publication with last call starting soon. I'll do my review in the
next couple of days.
Best regards,
Kathleen
On Tue, Jan 30, 2018 at 4:42 PM, Stephen Farrell
wrote:
>
> Hi Kathleen,
>
> The WGLC for
gt; On 01/31/2018 08:35 AM, Sean Turner wrote:
>
> I have one PR that address both the WGLC comments (from mt and ekr):
> https://github.com/tlswg/draft-ietf-tls-iana-registry-updates/pull/57
>
> If you’ve got other suggested changes let me know and I can submit another
> PR and do the
On Thu, Feb 8, 2018 at 9:32 AM, Shumon Huque wrote:
> On Thu, Feb 8, 2018 at 4:51 AM, Willem Toorop wrote:
>>
>> Op 08-02-18 om 03:27 schreef Shumon Huque:
>> > On Wed, Feb 7, 2018 at 8:21 AM, Mirja Kühlewind > >
> TLS".
>
> On Sat, Feb 17, 2018 at 8:19 AM, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>> Hello,
>>
>> Thanks for your work on draft-ietf-tls-record-limit. I just requested
>> IETF last call, so that should start soon. The draft
Dear Yuhong,
As the sponsoring Area Director, my job is to take the draft forward
as was determined by working group consensus. Like Stephen, I'm also
not particularly happy about the choice to leave in 0-RTT, but I have
to support it as a WG decision. Whatever the version number in the
perators also support the goal of privacy
for end users.
Best regards,
Kathleen
On Mon, Feb 19, 2018 at 10:58 AM, Kathleen Moriarty
<kathleen.moriarty.i...@gmail.com> wrote:
> Dear Yuhong,
>
> As the sponsoring Area Director, my job is to take the draft forward
> as was determined by
On Thu, Feb 22, 2018 at 11:17 AM, Shumon Huque <shu...@gmail.com> wrote:
> On Thu, Feb 22, 2018 at 11:08 AM, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>>
>> On Thu, Feb 22, 2018 at 10:59 AM, Shumon Huque <shu...@gmail.com> wrote:
>>
t; >
>> > On Tue, Feb 13, 2018 at 5:50 PM, Martin Thomson
>> > <martin.thom...@gmail.com> wrote:
>> > On Wed, Feb 14, 2018 at 4:07 AM, Kathleen Moriarty
>> > <kathleen.moriarty.i...@gmail.com> wrote:
>> > > What's t
Hello,
Thanks for all the hard work on TLS 1.3. The chairs have handed off
the document for IETF last call and I'll start that shortly. There
are some idnits that were just caught and are queued up for the next
version - an unnecessary reference is removed.
There are also a 6 RFCs obsoleted
On Thu, Feb 15, 2018 at 2:45 PM, Kathleen Moriarty
<kathleen.moriarty.i...@gmail.com> wrote:
> Hello,
>
> Thanks for all the hard work on TLS 1.3. The chairs have handed off
> the document for IETF last call and I'll start that shortly. There
> are some idnits
Hello,
Thanks for your work on draft-ietf-tls-record-limit. I just requested
IETF last call, so that should start soon. The draft looks ready to
go, I'm just wondering if you could add in text into the introduction
to state the level of constrained device this is intended to help?
If text is
On Wed, Feb 21, 2018 at 11:00 AM, Shumon Huque <shu...@gmail.com> wrote:
> On Tue, Feb 13, 2018 at 5:50 PM, Martin Thomson <martin.thom...@gmail.com>
> wrote:
>>
>> On Wed, Feb 14, 2018 at 4:07 AM, Kathleen Moriarty
>> <kathleen.moriarty.i...@gmail.co
en longer. So let's go!
>
> Well said!
Agreed. I didn't mean to kick off a new thread on this, I was just
using it as an example of where I'll uphold the WG decision and
support it fully in IESG discussions in my role as AD.
Thanks again for your and others work to improve the 0-RTT situation!
Be
re also legitimate.
>>
>> But my more important reason for supporting is that overall TLS1.3 is much
>> much better than TLS1.2, including in regards to forward-secrecy, which is
>> now guaranteed for all non-0RTT data. I still believe that it will
&g
Congratulations to all who contributed! In addition to EKR & the chairs, thank
you also to Ben who assisted with all of the final checks as the responsible AD
for this part of the process.
Kathleen
Sent from my mobile device
> On Aug 10, 2018, at 7:56 PM, Benjamin Kaduk wrote:
>
> A big
Sent from my mobile device
> On Aug 21, 2018, at 8:10 AM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> "Vulnerable-by-design ciphersuites"? Vulnerable to what?
>
> Suck sites are designed to provide end-point authentication and traffic
> integrity. Care to explain/show how these properties
Sent from my mobile device
> On Jul 4, 2018, at 2:20 PM, Eric Rescorla wrote:
>
> Hi Kathleen,
>
>> On Wed, Jul 4, 2018 at 11:10 AM, Kathleen Moriarty
>> wrote:
>> I’m also fine with the work going forward, however it was only in March that
>> EKR assu
Sent from my mobile device
> On Jul 10, 2018, at 4:31 PM, Martin Rex wrote:
>
> m...@sap.com (Martin Rex) wrote:
>> Andrei Popov wrote:
>>>
>>> On the recent Windows versions, TLS 1.0 is negotiated more than 10%
>>> of the time on the client side (this includes non-browser connections
>>>
Hi Nalini,
I think it would be more useful to collect show stopper information. Do they
have systems or applications that cannot be upgraded as there is no upgrade
path? Do these systems or applications matter in terms of deprecation? It may
not matter if they are isolated or there is no
Contributions with data are welcomed and encouraged.
Thank you,
Kathleen
Sent from my mobile device
> On Jul 10, 2018, at 10:07 AM, Peter Gutmann wrote:
>
> nalini elkins writes:
>
>> It would be nice to see some of this reflected in the draft rather than only
>> statistics on browsers.
Thanks in advance,
Kathleen
-- Forwarded message --
From:
Date: Mon, Jun 18, 2018 at 3:05 PM
Subject: New Version Notification for
draft-moriarty-tls-oldversions-diediedie-00.txt
To: Stephen Farrell , Kathleen Moriarty
A new version of I-D, draft-moriarty-tls-oldversions
Sent from my mobile device
> On Jul 4, 2018, at 9:01 AM, Stephen Farrell wrote:
>
>
> Hiya,
>
>> On 03/07/18 00:39, Eric Rescorla wrote:
>> Hi folks,
>>
>> I just submitted:
>>
>> https://tools.ietf.org/html/draft-rescorla-tls-esni-00
>
> Thanks for writing that up. I think it's an
Thanks for your review, Mirja. I will just add one comment inline
from WG discussion and consensus.
On Wed, Mar 7, 2018 at 1:05 PM, Eric Rescorla wrote:
>> 1) I'm a bit uncertain if obsoleting is the right approach as many
>> other protocols usually do not obsolete older
Mirja,
On Wed, Mar 7, 2018 at 2:03 PM, Eric Rescorla wrote:
>
>
> On Wed, Mar 7, 2018 at 10:32 AM, Mirja Kuehlewind (IETF)
> wrote:
>>
>> > > Still, I find it
>> > > especially confusing that also two TLS1.2 extensions are deprecated
>> > > which are not
Hello, Stephen.
On Fri, Mar 9, 2018 at 4:24 PM, Stephen Farrell
wrote:
>
> Hi Joe,
>
> I'm sorry, but I gotta say that answer seems to me both unresponsive
> to the questions asked and unconvincing.
>
> On 08/03/18 23:08, Joseph Salowey wrote:
>> Hi Stephen,
>>
>> In
On Tue, Mar 13, 2018 at 1:21 PM, Melinda Shore
wrote:
> On 3/13/18 6:48 AM, Jim Reid wrote:
>> Stephen, the opposite PoV is equally valid. There was no consensus in
>> Prague NOT to work on the topic. The mood of the room was evenly
>> divided.
>
> To clarify, this
Clarifying question
On Tue, Mar 13, 2018 at 10:55 PM, Russ Housley wrote:
> Ted:
>
> I do not follow.
>
> This is a bogus argument.
>
>
> I'm pretty sure there's a Monty Python skit about this, so I won't belabor
> the point.
>
>
> I'll avoid asking how many sparrows are
On Thu, Mar 15, 2018 at 12:58 PM, Carl Mehner <c...@cem.me> wrote:
>
>
> On Thu, Mar 15, 2018 at 9:59 AM, Kathleen Moriarty
> <kathleen.moriarty.i...@gmail.com> wrote:
>> I think what Yoav is referring to by detecting BOTS within the
>> network, is really so c
On Thu, Mar 15, 2018 at 4:53 AM, Ion Larranaga Azcue wrote:
> I fail to see how the current draft can be used to provide visibility to an
> IPS system in order to detect bots that are inside the bank…
>
>
In an effort to help clear up the use case and not weighing in on the
On Tue, Mar 13, 2018 at 3:08 PM, Melinda Shore
<melinda.sh...@nomountain.net> wrote:
> On 3/13/18 10:44 AM, Kathleen Moriarty wrote:
>> And then there are other options too, like another WG. Even from
>> Stephen's list of who is in agreement with him, I've received a f
There's a few steps Paul is missing in his summary of the process.
On Thu, Apr 12, 2018 at 8:58 AM, Richard Barnes wrote:
>
>
> On Thu, Apr 12, 2018 at 4:40 AM, Paul Wouters wrote:
>>
>> On Wed, 11 Apr 2018, Benjamin Kaduk wrote:
>>
>>> I don't really agree with
Hi Tobias,
If you use search terms that include pkix, authorization, access control, and
attribute certificate profile, you’ll find a few documents. This one should be
helpful based on your description:
https://tools.ietf.org/html/rfc5755
Best regards,
Kathleen
Sent from my mobile device
Sent from my mobile device
> On Mar 30, 2018, at 5:20 PM, Eric Rescorla wrote:
>
> Hi folks,
>
> TLS 1.3 has been approved by the IESG and it's on its way to the RFC Editor,
> so
> I don't really see this changing any time soon for the base RFC.
>
> I think there's some
The document has been approved for publication and the outstanding
reference will be added in the RFC editor process during Auth48.
Thank you all for your work on this protocol.
Best regards,
Kathleen
On Tue, Mar 20, 2018 at 5:21 PM, Eric Rescorla wrote:
>
>
> On Tue, Mar 20,
Just a clarifying question inline
On Sun, Dec 16, 2018 at 3:30 PM Eric Rescorla wrote:
>
>
> On Sun, Dec 16, 2018 at 11:45 AM Paul Wouters wrote:
>
>> On Fri, 14 Dec 2018, Eric Rescorla wrote:
>>
>> > However, in a large number of cases (e.g., an attacker on your local
>> network,
>> > there
On Tue, May 14, 2019 at 12:33 PM David Benjamin
wrote:
> > which exact piece of popular software actually still does that?
>> > It ain't curl, it ain't Chrome, it ain't Firefox.
>>
>> It definitely was implemented in Chrome and Firefox, which is how this
>> poor document got onto standards
On Mon, May 6, 2019 at 1:45 PM Blumenthal, Uri - 0553 - MITLL <
u...@ll.mit.edu> wrote:
> On 5/6/19, 7:22 AM, "TLS on behalf of Hubert Kario" on behalf of hka...@redhat.com> wrote:
> > Sure, and that was the really strange thing with TLS 1.2, why not
> just say
> > SHA-2 or better only,
On Fri, May 3, 2019 at 10:46 PM Peter Gutmann
wrote:
> Kathleen Moriarty writes:
>
> >MD5 is not discussed in the current version of RFC7525.
>
> I would add it, if this is guidance for general use then it should cover
> all
> the bases, if SHA-1 is a MUST NOT then MD5 i
On Mon, May 6, 2019 at 10:39 AM Benjamin Kaduk wrote:
> On Sat, May 04, 2019 at 09:00:17AM -0400, Kathleen Moriarty wrote:
> > On Fri, May 3, 2019 at 10:46 PM Peter Gutmann >
> > wrote:
> >
> > > Kathleen Moriarty writes:
> > >
> > > >
Maarten,
On Wed, Apr 24, 2019 at 3:43 AM Maarten Aertsen (NCSC-NL) wrote:
> Hi,
>
> On 13-4-2019 01:28, Christopher Wood wrote:
> > This is the working group last call for the "Deprecating TLSv1.0 and
> TLSv1.1” draft available at:
> >
> >
>
Hello Martin,
On Tue, Apr 30, 2019 at 7:50 PM Martin Rex wrote:
> Martin Thomson wrote:
> > On Sat, Apr 27, 2019, at 07:29, Viktor Dukhovni wrote:
> >> The sound-bite version is: first raise the ceiling, *then* the floor.
> >
> > Yep. We've done the ceiling bit twice now.
> > Once in 2008
Thank you for your feedback in this review. Responses inline as to how I
propose it is addressed:
On Sat, Apr 13, 2019 at 12:16 AM Martin Thomson wrote:
> Section 1.1 doesn't say *how* those listed documents are updated. Might
> pay to include a few works on how.
>
Thank you, that was
Hi Gary,
Thanks for your review and support. I'll respond inline and if Stephen
disagrees, he will chime in :-)
On Wed, Apr 24, 2019 at 9:51 AM Gary Gapinski wrote:
> On 4/12/19 7:28 PM, Christopher Wood wrote:
>
> This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1”
On Fri, Apr 26, 2019 at 5:29 PM Viktor Dukhovni
wrote:
> > On Apr 26, 2019, at 11:24 AM, Salz, Rich wrote:
> >
> > If they haven’t already moved off TLS 1 then maybe this document will
> give the right people a push to do so.
> >
> > Nobody is going to arrest an MTA for non compliance.
>
> Of
Victor,
Thank you very much for your work and pushing the points on uses of TLS
outside of web as this is an important point.
On Thu, Apr 25, 2019 at 9:30 PM Viktor Dukhovni
wrote:
> > On Apr 12, 2019, at 7:28 PM, Christopher Wood
> wrote:
> >
> > This is the working group last call for the
On Thu, May 2, 2019 at 7:51 PM Martin Thomson wrote:
> Thanks Kathleen, these look like good changes.
>
> Nits in the proposed BCP195 section: Lose the "p" in mpost and s/off of/on/
>
Thank you, Martin!
>
> On Fri, May 3, 2019, at 01:12, Kathleen Moriarty w
Sent from my mobile device
> On May 3, 2019, at 3:56 PM, Eric Rescorla wrote:
>
>
>
>> On Fri, May 3, 2019 at 10:31 AM Peter Gutmann
>> wrote:
>> Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what the
>> original discussion was about, why not also add MUST NOT MD5
On Fri, May 3, 2019 at 4:09 PM Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
>
>
> Sent from my mobile device
>
> On May 3, 2019, at 3:56 PM, Eric Rescorla wrote:
>
>
>
> On Fri, May 3, 2019 at 10:31 AM Peter Gutmann
> wrote:
>
>&g
Thanks, Gary and others for the helpful feedback and support! I like
Stephen can look at integrating the suggestions this weekend/early next
week. Please do keep the comments coming.
Best regards,
Kathleen
On Wed, Apr 24, 2019 at 9:51 AM Gary Gapinski wrote:
> On 4/12/19 7:28 PM, Christopher
On Tue, Oct 1, 2019 at 3:58 AM John Mattsson
wrote:
> Kathleen Moriarty wrote:
>
> >NIST has pushed back their date for US government organizations to have a
> plan to support TLSv1.3, what’s the driver to get ahead of that?
>
> NIST SP 800-52 rev 2 requires support for
On Tue, Oct 1, 2019 at 4:04 AM John Mattsson wrote:
> Hi,
>
> I think draft-ietf-tls-oldversions-deprecate needs to update
> draft-ietf-rtcweb-security-arch as well.
>
> draft-ietf-rtcweb-security-arch-20 uses DTLS and even talks about support
> of DTLS 1.0.
>
> "Earlier drafts of this
On Tue, Oct 1, 2019 at 4:00 AM John Mattsson wrote:
> Martin Thomson ; wrote:
>
> >When we release a new version of something, we are sending a message:
> >
> >1. new implementations and deployments MUST include support for newer
> versions
> >2. existing implementations and deployments SHOULD
Hi Ben,
Just replying to the parts of the tread that were not responded to already
as Stephen will likely be looking at the headers/updates per his message.
Thanks for your careful review.
On Mon, Nov 11, 2019 at 2:54 PM Benjamin Kaduk wrote:
> Hi all,
>
> This is a "preliminary" review only
On Wed, Dec 18, 2019 at 1:20 PM Russ Housley wrote:
> I support the progress of this document, but I have one tardy comment.
>
> I think that Section 6 should have some introductory text similar to the
> text at the beginning of Section 7.
>
Thank you, Russ.
>
> Russ
>
>
> > On Dec 17, 2019,
On Mon, Jan 6, 2020 at 10:17 AM Stephen Farrell
wrote:
>
> Hi all,
>
> I've just submitted -06 that (I think/hope:-) addresses
> the issues in Ben's preliminary AD review.
>
Thank you!
>
> So the ball's back in Ben's court until he finds more
> stuff that needs fixing or starts IETF LC:-)
>
>
Hi Mike,
This is a pretty big topic that’s been explored quite a bit. The long term
impact of these changes could be very positive. I just published a book on the
topic of embracing E2E among other topics after exploring the impact on
operators in RFC8404. In other words, both directions
Hi Ben,
Thanks for your review. Some initial responses are inline.
On Sun, Jul 26, 2020 at 5:22 PM Benjamin Kaduk wrote:
> Thanks for putting together the -06 based on my preliminary comments, and
> my apologies for taking so long to get back to it. It turns out that going
> through the
Thank you, Joe.
Sent from my mobile device
> On Jun 25, 2020, at 1:10 AM, Joseph Salowey wrote:
>
>
> Hi All,
>
> I submitted a PR [1] for draft-ietf-tls-md5-sha1-deprecate to move the
> recommended IANA registry entries for rsa_pkcs1_sha1 and ecdsa_sha1 in the
> Signature Scheme
Hi Eliot,
Thanks for raising your concern. I’ll note that I first started working on
this because a well deployed library already had plans to drop support for
versions 1.0 and 1.1 in their next release. Customers that wanted those
versions would have to use a prior library. This history may
Having risk management experience as well as policy establishment and
enforcement, I would rather see the clear notification that something is not
secure. Then the organization makes the decision to take that risk based on
likelihood/impact considerations. This factors in risk tolerance and
I disagree here as those other implementations just need to make their own
business risk decisions and put in place an exception process. One option in
the risk decision process is to accept risk, you can also mitigate, eliminate,
or transfer the risk.
Best regards,
Kathleen
Sent from my
Thank you for your review, Nagendra and finding several nits. We'll
correct them.
Best regards,
Kathleen
On Mon, Nov 30, 2020 at 4:21 PM Nagendra Nainar via Datatracker <
nore...@ietf.org> wrote:
> Reviewer: Nagendra Nainar
> Review result: Ready
>
> Hi,
>
> I have reviewed this document as
Thank you for your review and to Stephen for making the speedy updates.
Best regards,
Kathleen
On Tue, Jan 19, 2021 at 9:28 AM Stephen Farrell
wrote:
>
> Hiya,
>
> On 19/01/2021 10:23, Éric Vyncke via Datatracker wrote:
> > Éric Vyncke has entered the following ballot position for
> >
Thank you for your careful review, the change looks good to me.
Best regards,
Kathleen
On Tue, Jan 19, 2021 at 10:07 AM Rob Wilton (rwilton)
wrote:
> LGTM.
>
> Regards,
> Rob
>
>
> > -Original Message-
> > From: Stephen Farrell
> > Sent: 19 January 2021 14:28
> > To: Rob Wilton
Thank you, Mohit, Stephen, and Alyssa!
On Wed, Jan 20, 2021 at 2:34 PM Alissa Cooper wrote:
> Mohit, thanks for your review. Stephen, thanks for your response. I
> entered a Yes ballot.
>
> Alissa
>
> On Nov 25, 2020, at 6:47 AM, Stephen Farrell
> wrote:
>
>
>
> On 25/11/2020 11:46, Mohit
bound to the
>> origin, and a phishing site can't access the correct origin.
>> * Anything that doesn't involve asymmetric cryptography will be replayable,
>> and thus perishable, through this attack or others.
>>
Thank you. From a different thread, I thought WebAuthn was vulnera
Greetings!
In thinking about the attacks prompting for credentials to access SSO
credentials in browsers, I am wondering if the fix is in the interface to
each type of storage container for credentials, e.g. OASIS PKCS#11, W3C
WebAuthn, and maybe OAuth if that has been hit as well by these
, Apr 11, 2022 at 3:35 PM Kathleen Moriarty <
kathleen.moriarty.i...@gmail.com> wrote:
> Greetings!
>
> In thinking about the attacks prompting for credentials to access SSO
> credentials in browsers, I am wondering if the fix is in the interface to
> each type of storage cont
Thank you, Ben. Much appreciated. I’ll think about this a bit more and a few
others now are as well.
Best regards,
Kathleen
Sent from my mobile device
> On Apr 11, 2022, at 5:05 PM, Ben Schwartz wrote:
>
>
>
>
>> On Mon, Apr 11, 2022 at 4:42 PM Kathlee
say that the store is accessed.
Thanks for thinking about it,
Kathleen
>
>> On Mon, Apr 11, 2022 at 3:48 PM Kathleen Moriarty
>> wrote:
>> This has to be dealt with at the container interface for non-browser
>> interfaces too, right?
>>
>> If ther
Please excuse typos, sent from handheld device
> On Mar 16, 2017, at 11:37 AM, Yoav Nir wrote:
>
>
>> On 16 Mar 2017, at 17:17, Eric Rescorla wrote:
>>
>> Hi folks
>>
>> I note that we are proposing to uplift RFC 5289 to PS, despite the fact that
>>
Please excuse typos, sent from handheld device
> On Mar 14, 2017, at 6:57 PM, Martin Thomson wrote:
>
>> On 15 March 2017 at 09:05, Yoav Nir wrote:
>> A secure hash function such as the SHA-256, SHA-384, and SHA-512
>>
>> [FIPS.180-4] MUST
99 matches
Mail list logo