IETF Logo Mail Archive

Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)

Brian Smith <brian@briansmith.org> Thu, 12 December 2013 00:58 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D3201AE0DE for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 16:58:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79Z37FN20rlR for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 16:58:22 -0800 (PST)
Received: from mail-qc0-f180.google.com (mail-qc0-f180.google.com [209.85.216.180]) by ietfa.amsl.com (Postfix) with ESMTP id 72ACE1AD791 for <tls@ietf.org>; Wed, 11 Dec 2013 16:58:22 -0800 (PST)
Received: by mail-qc0-f180.google.com with SMTP id w7so5792320qcr.11 for <tls@ietf.org>; Wed, 11 Dec 2013 16:58:16 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=eAUpEMXk2qVtyEHfe7fdAfJso2itdHyOXRdrsxdrhRI=; b=Q5LBYw3qLxNPKtlwAD3LHvYG9MTJJ7qjrNFYUpVetzLTmUPrGKrais+vRnwhlvnCXc CNWeZC4T8LR6FwLtv0hs32Q8fN5u/ojCo9iTTOD4wIVN5mSDA7iPAG3tFAK5BxJyrdTY wuHQOWNQuDnEAseGaqba25gWOUr8nCzoFLENmN0pP27yAINolGSo2cJJkLE2FumDWC4+ Ml8/NRPcD2oPjCZT2ju3A8QVDjGwwKXgy9P6pRO5oDuh85we3qBSm107mpqC+6mNrm7I SmBtCo2UwVU1eoKDT5QvYl3tbkvWJTGIVPyqVUlGsoQVdoA4auLH+xnlKqFHFl9hKGMN CHvQ==
X-Gm-Message-State: ALoCoQnuZ++U0KLhymmSYnfWEXwE/G4tQOytuXSrW48OlOwEzUXlmom5iiWBg/XLyYWmDiiBS/5h
MIME-Version: 1.0
X-Received: by 10.224.171.196 with SMTP id i4mr886329qaz.38.1386809896541; Wed, 11 Dec 2013 16:58:16 -0800 (PST)
Received: by 10.224.40.11 with HTTP; Wed, 11 Dec 2013 16:58:16 -0800 (PST)
X-Originating-IP: [63.245.219.54]
In-Reply-To: <CABcZeBM=gOZrm1EGDSer2RmGsbOoxPDSQK5t-+LZmWaB6a_swQ@mail.gmail.com>
References: <CAFewVt7SS9ud8J=6VtR-Zv-9bhaTHEnjT8XD+ULaRSVUkYftaQ@mail.gmail.com> <CABcZeBM=gOZrm1EGDSer2RmGsbOoxPDSQK5t-+LZmWaB6a_swQ@mail.gmail.com>
Date: Wed, 11 Dec 2013 16:58:16 -0800
Message-ID: <CAFewVt6ufrcteLfKA+r_7kby3fNRcwG410FJ1enu=pVO=xeBBQ@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 00:58:24 -0000

On Tue, Dec 10, 2013 at 10:30 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> After reviewing your request, the chairs believe that it does not raise any
> new substantive issues that were not known to the WG at the time of the
> decision to adopt ALPN and the subsequent WGLC. Therefore, we do not
> believe it is appropriate to re-open the issue at this time.
>
> Because the document has already passed WGLC, we will be asking the
> AD for advancement. You should of course feel free to reraise your objections
> during IETF LC.

Thanks for the response Eric.

I can understand that the chairs may not think it is appropriate to
re-open the issue at this time. It isn't surprising, because you have
lobbied for ALPN and against NPN, and you've also said that it is
important for Cisco (the other chair's employer) to have its
inspection appliances capable of learning which protocol is being used
on TLS connections.

But, don't you think it would be better for the whole working group to
make that determination, instead of just the chairs? I think that if
you simply asked the working group if we (still) have have a
consensus, and the consensus is "go ahead with ALPN," then the whole
issue would be resolved within a week or two, and there would be no
trouble with IETF LC. But, if we don't verify that we actually have a
consensus now, then during IETF LC there will be doubt about whether
we still have a consensus.

I remember somebody once saying that, when we have authority, it is
important to avoid not just impropriety, but also the *appearance* of
impropriety. We as a working group have the authority and
responsibility to everybody that uses IETF protocols and products
based on TLS to make sure we've made good decisions and achieved
consensus. So, I still think it is important, before advancing the
document to IETF LC, that we clarify and verify that we actually have
a consensus.

Thanks again,
Brian

v2.23.0 | Report a Bug | By Email