There is consensus to adopt this draft as a working group item. I'll work with the authors to migrate to the official repository and submit an updated draft.
On Tue, May 21, 2024 at 11:23 AM Eric Rescorla <e...@rtfm.com> wrote: > These are all fair points, and it's possible we don't need to do anything > with the transcript. > > I don't think we need to resolve this before adoption, I just wanted to > make sure that I said something now to make sure people weren't surprised > later. > > -Ekr > > > On Tue, May 21, 2024 at 6:46 AM David Benjamin <david...@chromium.org> > wrote: > >> Off the cuff, folding it into the transcript sounds tricky, since >> existing TLS servers won't know to do it, and, as with any other DNS hints, >> we need to accommodate the DNS being out of sync with the server. It'll >> also be more difficult to deploy due to needing changes in the TLS stack >> and generally require much, much tighter coordination between DNS and TLS. >> I'd like for that coordination to be more viable (see my comments on the >> .well-known draft), but I don't think we're there yet. >> >> But I'm certainly open to continue discussing it and this problem space! >> The original version of the draft actually tried a lot harder to handle the >> downgrade story. Rather than mess with the transcript, it defined away all >> the negotiation algorithms where this would be a problem and keyed the >> NamedGroup codepoints to know when you could be guaranteed of the narrower >> server behavior. >> >> My read of the feedback was that people thought this was an unnecessary >> complication and that servers doing a key-share-first selection were doing >> so intentionally because they believed the options roughly equivalent. So I >> took all that out and replaced it with text to that effect. >> >> David >> >> >> On Tue, May 21, 2024, 08:54 Eric Rescorla <e...@rtfm.com> wrote: >> >>> I agree that it's attractive to be able to hint in the HTTPS RR, but I'm >>> less sure about addressing the basic insecurity of the DNS channel with the >>> approach this draft takes. I don't have a complete thought here, but what >>> if we were to somehow fold the hint into the handshake transcript? I >>> suppose we can sort this out post-adoption, but I'd like the question to be >>> on the table. >>> >>> -Ekr >>> >>> >>> On Fri, May 3, 2024 at 3:05 PM Joseph Salowey <j...@salowey.net> wrote: >>> >>>> This is a working group call for adoption >>>> for draft-davidben-tls-key-share-prediction. This document was presented >>>> at IET 118 and has undergone some revision based on feedback since then. >>>> The current draft is available here: >>>> https://datatracker.ietf.org/doc/draft-davidben-tls-key-share-prediction/. >>>> Please read the document and indicate if and why you support or do not >>>> support adoption as a TLS working group item. If you support adoption >>>> please, state if you will help review and contribute text to the document. >>>> Please respond to this call by May 20, 2024. >>>> >>>> Thanks, >>>> >>>> Joe, Deidre, and Sean >>>> _______________________________________________ >>>> TLS mailing list >>>> TLS@ietf.org >>>> https://www.ietf.org/mailman/listinfo/tls >>>> >>> _______________________________________________ >>> TLS mailing list -- tls@ietf.org >>> To unsubscribe send an email to tls-le...@ietf.org >>> >>
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
