IETF Logo Mail Archive

Re: [TLS] Next steps for draft-ietf-tls-renegotiation

Stefan Santesson <stefan@aaa-sec.com> Sat, 28 November 2009 00:06 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30EB53A681E for <tls@core3.amsl.com>; Fri, 27 Nov 2009 16:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.229
X-Spam-Level:
X-Spam-Status: No, score=-2.229 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XDTF5Ssa5hYI for <tls@core3.amsl.com>; Fri, 27 Nov 2009 16:06:43 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.114]) by core3.amsl.com (Postfix) with ESMTP id 2824D3A67AC for <tls@ietf.org>; Fri, 27 Nov 2009 16:06:42 -0800 (PST)
Received: from s24.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 2B71228E25F for <tls@ietf.org>; Sat, 28 Nov 2009 01:06:44 +0100 (CET)
Received: (qmail 79819 invoked from network); 28 Nov 2009 00:06:34 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s24.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <Pasi.Eronen@nokia.com>; 28 Nov 2009 00:06:34 -0000
User-Agent: Microsoft-Entourage/12.23.0.091001
Date: Sat, 28 Nov 2009 01:06:33 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Pasi.Eronen@nokia.com, tls@ietf.org
Message-ID: <C7362819.6C1D%stefan@aaa-sec.com>
Thread-Topic: [TLS] Next steps for draft-ietf-tls-renegotiation
Thread-Index: AcpvsK00o1AiVoleTQuKgrA4F9s+kwADfdv9
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB774F3118C3CA@NOK-EUMSG-01.mgdnok.nokia.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: Re: [TLS] Next steps for draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2009 00:06:44 -0000

Pasi,

For the record I just need to say that I strongly disagree with this
decision.

We have two solutions on the table and the essence of them has been
concluded during the very last few days. I would say that the support for
either of the two approaches has been quite even lately. It surprises me
that we don't even have time to seriously ask the WG members what approach
they prefer.

I can just hope this in the end will turn out to be of service to the
community and that all implementers get this right. I would really hate for
us to conclude that we patched one vulnerable security design with another
due to implementer shortcomings, or that a large part of the community
turned off a useful TLS feature.

It was interesting to have the discussion.

/Stefan


On 09-11-27 11:26 PM, "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com> wrote:

> <wearing Area Director hat>
> 
> I have asked the secretariat to start IETF Last Call for
> draft-rescorla-tls-renegotiation-01.
> 
> I've gone through the list archives for the past month, and it seems a
> large majority of the WG members support the overall approach in this
> draft (with a small, but very vocal, minority preferring a totally
> extension-less approach to signalling).
> 
> I think the users of TLS at this point are served better by a timely
> solution that works and is "good enough", rather than continuing the
> tweaking. Especially since a large majority of the WG is OK with the
> signalling approach in the current draft, it looks like continuing to
> tweak the non-signalling parts is not going to provide any significant
> additional benefits to the users of TLS.
> 
> The exact text in the -01 draft is still a bit rough (a number of
> places could probably benefit from clarifications, and perhaps some
> implementation advice, too), and I hope we can continue improving it
> during the last call (for example, Martin's draft has lot of
> well-written text we should probably consider including here).
> 
> Best regards,
> Pasi
> IETF Security Area Director
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email