On Mon, Jul 25, 2016 at 6:32 PM David Benjamin <david...@chromium.org> wrote:
> Hi folks, > > I'm not sure how this process usually works, but I would like to reserve a > bunch of values in the TLS registries to as part of an idea to keep our > extension points working. Here's an I-D: > https://tools.ietf.org/html/draft-davidben-tls-grease-00 > > (The name GREASE is in honor of AGL's rusted vs. well-oiled joints analogy > from https://www.imperialviolet.org/2016/05/16/agility.html ) > > One problem we repeatedly run into is servers failing to implement TLS's > various extension points correctly. The most obvious being version > intolerance. When we deployed X25519 in Chrome, we discovered an intolerant > implementation. (Thankfully it was rare enough to not warrant a fallback or > revert!) > Er, I lost a sentence here, sorry. I meant that, in addition to version intolerance other extension points have also gathered rust. The X25519 trouble was an example of named curve intolerance, not version. (Someone forgot a default in their switch-case.) > It appears that signature algorithms maybe also be gathering rust. Ciphers > and extensions seem to have held up, but I would like to ensure they stay > that way. > > The root problem here is these broken servers interoperate fine with > clients at the time they are deployed. It is only after new values get > defined do we notice, by which time it is too late. > > I would like to fix this by reserving a few values in our registries so > that clients may advertise random ones and regularly exercise these > codepaths in servers. If enough of the client base does this, we can turn a > large class of tomorrow's interop failures into today's interop failures. > This is important because an bug will not thrive in the ecosystem if it > does not work against the current deployment. > > If you were in Berlin, you may recognize this idea from the version > negotiation debate. Alas that all happened in the wrong order as I hadn't > written this up yet. This idea can't be applied to versioning without > giving up on ClientHello.version, but we can start with the rest of the > protocol. > > David > > PS: This is actually my first I-D, so apologies if I've messed it up > somewhere! >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls