Re: [TLS] TLS Impact on Network Security draft updated

[Stephen Farrell]

I'm not in favour of adoption or discussion of this draft on the
WG list. I'm also against publishing it in the IETF stream. It's
a waste of everyone's time. I hope the chairs take the opportunity
to close this thread soon.

On 24/07/2019 04:13, Benjamin Kaduk wrote:
> the Independent stream of the RFC series is purpose-built for
> individual commentary on the consequences of a particular standard

Yes. If the authors want an RFC for this text they ought contact
the ISE.

Cheers,
S.



0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-lvelvindron-tls-md5-sha1-deprecate

[Chris Inacio]

Favor of adoption.




On July 24, 2019 at 8:49:22 AM, Christopher Wood 
(c...@heapingbits.net) wrote:

At TLS@IETF105, there was interest in the room to adopt 
draft-lvelvindron-tls-md5-sha1-deprecate as a WG item. The draft can be found 
here:

https://datatracker.ietf.org/doc/draft-lvelvindron-tls-md5-sha1-deprecate/

This email starts the call for adoption. It will run until August 7, 2019. 
Please indicate whether or not you would like to see this draft adopted.

Best,
Chris, on behalf of the chairs

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-nir-tls-tlsflags

[Nick Sullivan]

I am in favor of adoption.

On Wed, Jul 24, 2019 at 8:47 AM Christopher Wood 
wrote:

> At TLS@IETF105, there was interest in the room to adopt
> draft-nir-tls-tlsflags as a WG item. The draft can be found here:
>
>https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/
>
> This email starts the call for adoption. It will run until August 7, 2019.
> Please indicate whether or not you would like to see this draft adopted.
>
> Best,
> Chris, on behalf of the chairs
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] The TLS WG has placed draft-lvelvindron-tls-md5-sha1-deprecate in state "Call For Adoption By WG Issued"

[Töma Gavrichenkov]

On Wed, Jul 24, 2019 at 4:42 PM IETF Secretariat
 wrote:
> The TLS WG has placed draft-lvelvindron-tls-md5-sha1-deprecate in state
> Call For Adoption By WG Issued (entered by Sean Turner)

I support the adoption.

--
Töma

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-nir-tls-tlsflags

[Thomas Fossati]

On 24/07/2019, 13:47, "TLS on behalf of Christopher Wood"  wrote:
>
> At TLS@IETF105, there was interest in the room to adopt
> draft-nir-tls-tlsflags as a WG item. The draft can be found here:
>
>https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/
>
> This email starts the call for adoption. It will run until August 7,
> 2019. Please indicate whether or not you would like to see this draft
> adopted.

adopt += 1

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-nir-tls-tlsflags

[Watson Ladd]

I support adoption.

On Wed, Jul 24, 2019, 5:47 AM Christopher Wood  wrote:

> At TLS@IETF105, there was interest in the room to adopt
> draft-nir-tls-tlsflags as a WG item. The draft can be found here:
>
>https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/
>
> This email starts the call for adoption. It will run until August 7, 2019.
> Please indicate whether or not you would like to see this draft adopted.
>
> Best,
> Chris, on behalf of the chairs
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-nir-tls-tlsflags

[Martin Thomson]

I like this work.  It needs work, but I would like to help do that work.

On Wed, Jul 24, 2019, at 09:16, Eric Rescorla wrote:
> I am in favor of adopting this.
> 
> On Wed, Jul 24, 2019 at 5:47 AM Christopher Wood  wrote:
> > At TLS@IETF105, there was interest in the room to adopt 
> > draft-nir-tls-tlsflags as a WG item. The draft can be found here:
> > 
> > https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/
> > 
> >  This email starts the call for adoption. It will run until August 7, 2019. 
> > Please indicate whether or not you would like to see this draft adopted.
> > 
> >  Best,
> >  Chris, on behalf of the chairs
> > 
> >  ___
> >  TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] The TLS WG has placed draft-lvelvindron-tls-md5-sha1-deprecate in state "Call For Adoption By WG Issued"

[Daniel Migault]

I support the adoption of the draft.
Yours,
Daniel

On Wed, Jul 24, 2019 at 9:42 AM IETF Secretariat <
ietf-secretariat-re...@ietf.org> wrote:

>
> The TLS WG has placed draft-lvelvindron-tls-md5-sha1-deprecate in state
> Call For Adoption By WG Issued (entered by Sean Turner)
>
> The document is available at
> https://datatracker.ietf.org/doc/draft-lvelvindron-tls-md5-sha1-deprecate/
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Draft minutes for Tuesday

[Patton,Christopher J]

Hey martin,

> Firefox nightly now has the preference 
> "security.tls.enable_delegated_credentials"
> in about:config.  I wouldn't recommend turning that on on a permanent basis, 
> but
> you can now use a browser to drive this.

Is there any indication in the UI that a DC was negotiated?

Thanks,
Chris

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] The TLS WG has placed draft-nir-tls-tlsflags in state "Call For Adoption By WG Issued"

[IETF Secretariat]

The TLS WG has placed draft-nir-tls-tlsflags in state
Call For Adoption By WG Issued (entered by Sean Turner)

The document is available at
https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for draft-lvelvindron-tls-md5-sha1-deprecate

[Eric Rescorla]

I am in favor of adopting this document.

On Wed, Jul 24, 2019 at 5:49 AM Christopher Wood 
wrote:

> At TLS@IETF105, there was interest in the room to adopt
> draft-lvelvindron-tls-md5-sha1-deprecate as a WG item. The draft can be
> found here:
>
>
> https://datatracker.ietf.org/doc/draft-lvelvindron-tls-md5-sha1-deprecate/
>
> This email starts the call for adoption. It will run until August 7, 2019.
> Please indicate whether or not you would like to see this draft adopted.
>
> Best,
> Chris, on behalf of the chairs
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Draft minutes for Tuesday

[Martin Thomson]

On Tue, Jul 23, 2019, at 21:09, Watson Ladd wrote:
> One note: kc2kdm.com is up and working with NSS clients. Please hit it!

Firefox nightly now has the preference 
"security.tls.enable_delegated_credentials" in about:config.  I wouldn't 
recommend turning that on on a permanent basis, but you can now use a browser 
to drive this.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Adoption call for draft-lvelvindron-tls-md5-sha1-deprecate

[Christopher Wood]

At TLS@IETF105, there was interest in the room to adopt 
draft-lvelvindron-tls-md5-sha1-deprecate as a WG item. The draft can be found 
here:

   https://datatracker.ietf.org/doc/draft-lvelvindron-tls-md5-sha1-deprecate/

This email starts the call for adoption. It will run until August 7, 2019. 
Please indicate whether or not you would like to see this draft adopted.

Best,
Chris, on behalf of the chairs

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Adoption call for draft-nir-tls-tlsflags

[Christopher Wood]

At TLS@IETF105, there was interest in the room to adopt draft-nir-tls-tlsflags 
as a WG item. The draft can be found here:

   https://datatracker.ietf.org/doc/draft-nir-tls-tlsflags/

This email starts the call for adoption. It will run until August 7, 2019. 
Please indicate whether or not you would like to see this draft adopted.

Best,
Chris, on behalf of the chairs

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS Impact on Network Security draft updated

[Hubert Kario]

On Wednesday, 24 July 2019 05:17:37 CEST Ackermann, Michael wrote:
> This should not be dismissed as small segments of industries.This
> represents ubiquitous use cases at all large organizations in Insurance,
> Health Care, Banking, Automotive and many others.

Not "all" and not "ubiquitous", the word you're looking for is "some". As it 
was pointed out many times already on this mailing list.

> We as the IETF should
> not lightly dismiss such significant numbers and volume, even (or
> especially),  if the answers are not easy ones. 

Also, the people that are pushing against the IETF consens should not lightly 
dismiss it, even (or especially), if the answers are not the ones that they 
would like to hear.

> From: TLS  On Behalf Of Watson Ladd
> Sent: Tuesday, July 23, 2019 6:58 PM
> To: Filippo Valsorda 
> Cc: TLS List 
> Subject: Re: [TLS] TLS Impact on Network Security draft updated
> 
>  ALERT This email was sent from a source external to BCBSM/BCN.
>  DO NOT CLICK links or attachments unless you recognize the sender and trust
> the content.
 
> 
> On Tue, Jul 23, 2019, 3:47 PM Filippo Valsorda
> mailto:fili...@ml.filippo.io>> wrote:
> Before any
> technical or wording feedback, I am confused as to the nature of this
> document. It does not seem to specify any protocol change or mechanism, and
> it does not even focus on solutions to move the web further. 
> Instead, it looks like a well edited blog post, presenting the perspective
> of one segment of the industry. (The perspective seems to also lack
> consensus, but I believe even that is secondary.) Note how as of
> draft-camwinget-tls-use-cases-05 there are no IANA considerations, no
> security considerations, and no occurrences of any of the BCP 14 key words
> (MUST, SHOULD, etc.).
 
> Is there precedent for publishing such a document as an RFC?
> 
> I was going to say RFC 691 but no, it recommends changes to the protocol (as
> well as being quite amusing). RFC 4074 comes close describing bad behavior
> without an explicit plea to stop doing it, but has a security
> considerations section. RFC 7021 describes the impact of a particular
> networking technique on applications.
 
> So there is precedent.
> 
> Sincerely,
> Watson
> 
> 
> The information contained in this communication is highly confidential and
> is intended solely for the use of the individual(s) to whom this
> communication is directed. If you are not the intended recipient, you are
> hereby notified that any viewing, copying, disclosure or distribution of
> this information is prohibited. Please notify the sender, by electronic
> mail or telephone, of any unintended receipt and delete the original
> message without making any copies.
> 
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are
> nonprofit corporations and independent licensees of the Blue Cross and Blue
> Shield Association.


-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc
Description: This is a digitally signed message part.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS Impact on Network Security draft updated

[Benjamin Kaduk]

On Wed, Jul 24, 2019 at 05:19:46AM +0100, Dennis Jackson wrote:
> 
> 
> On 24/07/2019 04:13, Benjamin Kaduk wrote:
> > On Wed, Jul 24, 2019 at 03:35:43AM +0100, Dennis Jackson wrote:
> >> On 24/07/2019 02:55, Bret Jordan wrote:
> >>> As a professional organization and part of due diligence, we need to try
> >>> and understand the risks and ramifications on the deployments of our
> >>> solutions. This means, understanding exactly how the market uses and
> >>> needs to use the solutions we create. When we remove or change some
> >>> technology, we should try hard to provide a work around. If a work
> >>> around is not possible, we need to cleanly document how these changes
> >>> are going to impact the market so it can prepare. This is the
> >>> responsible and prudent thing to do in a professional organization like
> >>> the IETF. 
> >>>
> >>
> >> The IETF is for development of Internet Standards. If you want to
> >> publish your (subjective) analysis of how a particular standard is going
> >> to impact your market segment, there are any number of better venues:
> >> trade magazines, industry associations, your company website, etc.
> > 
> > Actually, the Independent stream of the RFC series is purpose-built for
> > individual commentary on the consequences of a particular standard
> > [including in a particular segment], and would be superior (at least in
> > my opinion) to any of the venues you list.  (See RFC 4846.)  But I
> > believe the current ISE asks authors to try fairly hard to publish their
> > work in the IETF before accepting it to the Indepndent stream.
> 
> I was thinking of 'published by the IETF' to mean the IETF stream.

Thanks for clarifying (more below).

> Publishing in the Independent stream, without any proper review,
> consensus or claim of fitness is a different matter altogether.

My understanding is that the ISE insists on getting at least three
reviews from knowledgable people in the field as a condition of
publication.  I don't know what constitutes "proper review" to you, but
I do believe that the ISE takes the job seriously.

> >>> The draft that Nancy and others have worked on is a great start to
> >>> documenting how these new solutions are going to impact organizational
> >>> networks. Regardless of whether you like the use-cases or regulations
> >>> that some organizations have, they are valid and our new solutions are
> >>> going to impact them. 
> >>
> >> This isn't a question of quality. The IETF simply doesn't publish
> >> documents of this nature (to my knowledge).
> > 
> > The IETF can publish whatever there is IETF consensus to publish.  (And
> > a little bit more, besides, though that is probably not relevant to the
> > current discussion.)
> > 
> > I don't have a great sense of what you mean by "documents of this
> > nature".  If you were to say "the IETF does not publish speculative and
> > subjective discussion of possible future impact", I'd be fairly likely
> > to agree with you (but I have also seen a fair bit of speculation get
> > published).  
> 
> This was my intended meaning.

Thanks (again) for clarifying.

> I'd feel rather differently about "the IETF does not
> > publish objective analysis of the consequences of protocol changes on
> > previously deployed configurations", and would ask if you think a
> > document in the latter category is impossible for the TLS 1.2->1.3
> > transition.  (My understanding is that the latter category of document
> > is the desired proposal, regardless of the current state of the draft in
> > question.)
> 
> The authors initiated this discussion by stating their draft was stable
> and requesting publication. Consequently, I think it must be judged on
> the current state, rather than the desired outcome.

Sure, and I appreciate the frank comments; I hope the authors do as
well.  However, my and the chairs' job is to tell them something like
"make these changes and come back" or "make these changes and go to the
ISE", so I have to seek feedback on a broader question than just "is it
ready to go right now".

> Even considering your more generous interpretation... the objective
> discussion is only 3 out of 15 pages and none of the 5 claims appears to
> be correct. (As others have pointed out).

In light of my previous remark, I'll try to summarize that it sounds
like you think that it's not worth trying to make all the changes that
would be needed to meet your expectations for the output of the TLS WG.

Thanks,

Ben

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS Impact on Network Security draft updated

[Joseph Birr-Pixton]

Hello,

I would like to suggest that this draft is expanded to cover the use cases
of governments, such as those recently seen in Kazakhstan. This will
ideally leave the reader with a fuller impression of the risks inherent in
the technology being described here.

- section 1: add a sentence to the introduction, eg. "Governments may wish
to intercept their citizen's traffic for the purpose of identifying and
combating political dissent."
- section 4: add subsection "09 - Suppression of Dissent" covering this use
case of the technology.

Thanks,
Joe




On Sun, 21 Jul 2019 at 14:51, Nancy Cam-Winget (ncamwing) <
ncamw...@cisco.com> wrote:
>
> Hi,
>
> Thanks to all the feedback provided, we have updated the
https://tools.ietf.org/html/draft-camwinget-tls-use-cases-04
>
> draft.  At this point, we believe the draft is stable and would like to
request its publication as an informational draft.
>
>
>
> Warm regards,
>
> Nancy
>
>
>
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls