Re: [TLS] TLS extension

To: "Mike" <mike-list at pobox.com>, <TLS at lists.ietf.org>
Subject: Re: [TLS] TLS extension
From: <home_pw at msn.com>
Date: Sun, 21 Jan 2007 03:13:10 -0800
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <003201c73cf0$537172f0$7ea95e41@pbo8f8e10aowa> <45B2B47A.40907@pobox.com>

Take this with a pinch of salt, Mike - that IESG must approve your extension. National authorities are NEVER BEHOLDEN to an unrepresentative committee.

If they start to get all formal on you, just abuse the OCSP extension. It has its own extensibility model that you can abuse all day. And never forget you can define you own record_type whenever you want.

Now, more properly, in terms of commenting on actual documents:- overall extensibility policy for TLS, as issued by IESG, is looking weak. On the one hand you can define your own private messages types, your own private certificate types, private ciphersuites, but you cannot define your own extensions!?

When I looked at the flight of the standards, from TLS 1.0 onwards, it all got less precise and controlled from TLS1.0 onwards. TLS1.0 was a VERY tight spec. Then it all went into more typical IETF style with a flurry of updates and rewrites. Now there is a mix of tight and not-tight spec, a mix of editing styles, and some confusing policy signals due to the mix of mandate style(s).

Incidentally, I have been looking at WTLS 1.2, for my Bluetooth/voip project. There is a lot IETF could learn from that (monotonic seq_numbers for datagrams, not increasing; use of nullWithNull; multiplexed connections; extensions). The design art is all open (including all the debates about how to handle TCP in a wire/wireless environment). It is just so NOT DOGMATIC; it just takes SSLv3 and updates it for the different KDFs in the TLS-era and then tunes it for the different bearers and upper layer stack process. It just does several jobs, without any pretension. The state machines are excellent addition to the community art, as is the formal model of the protocol spec.

If someone has the formal WTLS spec for the modern WAP2.0 spec on a public link, please supply it. I want to see how it evolved further, to merge with TLS extensions, tickets, DTLS etc (assuming that happened).

[http://www.wmlclub.com/docs/especwap1.2/SPEC-WTLS-19991105.pdf]

----- Original Message -----
From: "Mike" <mike-list at pobox.com>
To: <TLS at lists.ietf.org>

All extensions must be approved by the IETF since

they could compromise the security of TLS.  See RFC 4366.

Mike

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS extension
  - From: home_pw

References:
- [TLS] TLS extension
  - From: Omirjan Batyrbaev
- Re: [TLS] TLS extension
  - From: Mike

Prev by Date: Re: [TLS] TLS extension
Next by Date: Re: [TLS] TLS extension
Previous by thread: Re: [TLS] TLS extension
Next by thread: Re: [TLS] TLS extension
Index(es):
- Date
- Thread

Re: [TLS] TLS extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.