subject:"\[Pce\] Murray Kucherawy's No Objection on draft\-ietf\-pce\-pceps\-tls13\-03\: \(with COMMENT\)"

[Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-03 Thread Murray Kucherawy via Datatracker

Murray Kucherawy has entered the following ballot position for
draft-ietf-pce-pceps-tls13-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/



--
COMMENT:
--

Further to Eric's comment, I'm completely confused by question #4 of the
shepherd writeup.  While the document claims there are no implementations
known, the shepherd writeup says there's at least one (and it was easy), and
makes another "Yes" remark that I don't understand.



___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

[Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-03 Thread Murray Kucherawy via Datatracker

Murray Kucherawy has entered the following ballot position for
draft-ietf-pce-pceps-tls13-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/



--
COMMENT:
--

Further to Eric's comment, I'm completely confused by question #4 of the
shepherd writeup.  While the document claims there are no implementations
known, the shepherd writeup says there's at least one (and it was easy), and
makes another "Yes" remark that I don't understand.

Forwarding a comment from Orie Steele, incoming ART Area Director:

Noting the comment on 0-RTT / early data regarding secrecy, and the comment on
https://datatracker.ietf.org/doc/html/rfc8253#section-3.4

 *  Negotiation of a ciphersuite providing for confidentiality is  RECOMMENDED.

I'm not an expert on PCEPS, but I wonder why the need for the note at all given
PCEPs only recommends confidentiality, and the requirement above states early
data is forbidden.



___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-03 Thread Dhruv Dhody

Hi Murray,

On Thu, Jan 4, 2024 at 11:30 AM Murray Kucherawy via Datatracker <
nore...@ietf.org> wrote:

> Murray Kucherawy has entered the following ballot position for
> draft-ietf-pce-pceps-tls13-03: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
>
>
>
> --
> COMMENT:
> --
>
> Further to Eric's comment, I'm completely confused by question #4 of the
> shepherd writeup.  While the document claims there are no implementations
> known, the shepherd writeup says there's at least one (and it was easy),
> and
> makes another "Yes" remark that I don't understand.
>
>
>
Dhruv: The shepherd writeup mentions this email response on the mailing
list -
https://mailarchive.ietf.org/arch/msg/pce/dLdcUan2psssBUgzCtXPluEr_ok/ that
mentions some implementation experience. When we asked to include that
information in the implementation section we did not get a confirmation
back. Soo that's that :)

We could update the implementation section to say -

OLD:
   At the time of posting the -02 version of this document, there are no
   known implementations of this mechanism.
NEW:
   At the time of posting the -04 version of this document, there are no
   known implementations of this mechanism. It is believed that one
   vendor has implementation, but these plans are too vague to make
   any further assertions.
END

Thanks!
Dhruv
___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-04 Thread Sean Turner



> On Jan 4, 2024, at 01:12, Dhruv Dhody  wrote:
> 
> Hi Murray, 
> 
> On Thu, Jan 4, 2024 at 11:30 AM Murray Kucherawy via Datatracker 
>  wrote:
> Murray Kucherawy has entered the following ballot position for
> draft-ietf-pce-pceps-tls13-03: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to 
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
> 
> 
> 
> --
> COMMENT:
> --
> 
> Further to Eric's comment, I'm completely confused by question #4 of the
> shepherd writeup.  While the document claims there are no implementations
> known, the shepherd writeup says there's at least one (and it was easy), and
> makes another "Yes" remark that I don't understand.
> 
> 
> 
> Dhruv: The shepherd writeup mentions this email response on the mailing list 
> - https://mailarchive.ietf.org/arch/msg/pce/dLdcUan2psssBUgzCtXPluEr_ok/ that 
> mentions some implementation experience. When we asked to include that 
> information in the implementation section we did not get a confirmation back. 
> Soo that's that :)
> 
> We could update the implementation section to say - 
> 
> OLD: 
>At the time of posting the -02 version of this document, there are no
>known implementations of this mechanism.
> NEW:
>At the time of posting the -04 version of this document, there are no
>known implementations of this mechanism. It is believed that one 
>vendor has implementation, but these plans are too vague to make 
>any further assertions.
> END
> 
> Thanks! 
> Dhruv

see: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/21

spt
___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-04 Thread Andrew Stone (Nokia)

Hi Murray,



Just +1 and acknowledging with the same from Dhruv. The shepherd writeup 
question was if there are any implementation reported somewhere (“or 
elsewhere”) thus figured thorough to reference the mailing list response.



Thanks!

Andrew


From: Dhruv Dhody 
Date: Thursday, January 4, 2024 at 1:12 AM
To: Murray Kucherawy 
Cc: The IESG , "draft-ietf-pce-pceps-tl...@ietf.org" 
, "pce-cha...@ietf.org" 
, "pce@ietf.org" , "Andrew Stone (Nokia)" 

Subject: Re: Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: 
(with COMMENT)

Hi Murray,

On Thu, Jan 4, 2024 at 11:30 AM Murray Kucherawy via Datatracker 
mailto:nore...@ietf.org>> wrote:
Murray Kucherawy has entered the following ballot position for
draft-ietf-pce-pceps-tls13-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/



--
COMMENT:
--

Further to Eric's comment, I'm completely confused by question #4 of the
shepherd writeup.  While the document claims there are no implementations
known, the shepherd writeup says there's at least one (and it was easy), and
makes another "Yes" remark that I don't understand.


Dhruv: The shepherd writeup mentions this email response on the mailing list - 
https://mailarchive.ietf.org/arch/msg/pce/dLdcUan2psssBUgzCtXPluEr_ok/ that 
mentions some implementation experience. When we asked to include that 
information in the implementation section we did not get a confirmation back. 
Soo that's that :)

We could update the implementation section to say -

OLD:
   At the time of posting the -02 version of this document, there are no
   known implementations of this mechanism.
NEW:
   At the time of posting the -04 version of this document, there are no
   known implementations of this mechanism. It is believed that one
   vendor has implementation, but these plans are too vague to make
   any further assertions.
END

Thanks!
Dhruv
___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-04 Thread Sean Turner

More inline...

> On Jan 4, 2024, at 01:02, Murray Kucherawy via Datatracker  
> wrote:
> 
> Murray Kucherawy has entered the following ballot position for
> draft-ietf-pce-pceps-tls13-03: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to 
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
> 
> 
> 
> --
> COMMENT:
> --
> 
> Further to Eric's comment, I'm completely confused by question #4 of the
> shepherd writeup.  While the document claims there are no implementations
> known, the shepherd writeup says there's at least one (and it was easy), and
> makes another "Yes" remark that I don't understand.

Addressed in an earlier email.

> Forwarding a comment from Orie Steele, incoming ART Area Director:
> 
> Noting the comment on 0-RTT / early data regarding secrecy, and the comment on
> https://datatracker.ietf.org/doc/html/rfc8253#section-3.4
> 
> *  Negotiation of a ciphersuite providing for confidentiality is  RECOMMENDED.
> 
> I'm not an expert on PCEPS, but I wonder why the need for the note at all 
> given
> PCEPs only recommends confidentiality, and the requirement above states early
> data is forbidden.

Ah okay I see you saying the bit about not forward secret isn’t really needed 
here if confidentiality is just recommended. I think practical terms  though 
confidentiality is a MUST because all the ciphersuites in s3.4 of RFC 8253 use 
AES_GCM.

In terms of this I-D thought, we could do:

OLD:

  In particular, early data is not
  forward secret, and there is no protection against the replay of
  early data between connections.

NEW:

   In particular, no replay protection is provided for early data.

However, the sentence as written is true.  So …. should I take out the 
reference to FS or leave it in?

spt

___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

2024-01-04 Thread Orie Steele

I defer to the experts.

I assumed that the document is safe to implement ignoring the notes (both
notes could have been removed).

Since they were included and I read the related comment on confidentiality,
I was confused enough to risk embarrassment.

If I were an implementer of this, I might be slightly annoyed reading
context for a feature that I was just forbidden from using.

If you think the extra context will be appreciated by implementers, I
suggest leaving it as is.

OS



On Thu, Jan 4, 2024 at 1:10 PM Sean Turner  wrote:

> More inline...
>
> > On Jan 4, 2024, at 01:02, Murray Kucherawy via Datatracker <
> nore...@ietf.org> wrote:
> >
> > Murray Kucherawy has entered the following ballot position for
> > draft-ietf-pce-pceps-tls13-03: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> > for more information about how to handle DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
> >
> >
> >
> > --
> > COMMENT:
> > --
> >
> > Further to Eric's comment, I'm completely confused by question #4 of the
> > shepherd writeup.  While the document claims there are no implementations
> > known, the shepherd writeup says there's at least one (and it was easy),
> and
> > makes another "Yes" remark that I don't understand.
>
> Addressed in an earlier email.
>
> > Forwarding a comment from Orie Steele, incoming ART Area Director:
> >
> > Noting the comment on 0-RTT / early data regarding secrecy, and the
> comment on
> > https://datatracker.ietf.org/doc/html/rfc8253#section-3.4
> >
> > *  Negotiation of a ciphersuite providing for confidentiality is
> RECOMMENDED.
> >
> > I'm not an expert on PCEPS, but I wonder why the need for the note at
> all given
> > PCEPs only recommends confidentiality, and the requirement above states
> early
> > data is forbidden.
>
> Ah okay I see you saying the bit about not forward secret isn’t really
> needed here if confidentiality is just recommended. I think practical
> terms  though confidentiality is a MUST because all the ciphersuites in
> s3.4 of RFC 8253 use AES_GCM.
>
> In terms of this I-D thought, we could do:
>
> OLD:
>
>   In particular, early data is not
>   forward secret, and there is no protection against the replay of
>   early data between connections.
>
> NEW:
>
>In particular, no replay protection is provided for early data.
>
> However, the sentence as written is true.  So …. should I take out the
> reference to FS or leave it in?
>
> spt
>
>

-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries


___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce

[Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

[Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

Re: [Pce] Murray Kucherawy's No Objection on draft-ietf-pce-pceps-tls13-03: (with COMMENT)

7 matches

Site Navigation

Mail list logo

Footer information