[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] draft-tschofenig-lwig-tls-minimal = TLS profile proposal
From: "Schwarz, Albrecht (Albrecht)" <albrecht.schwarz () alcatel-lucent ! com>
Date: 2012-11-08 9:47:51
Message-ID: 5F7BCCF5541B7444830A2288ABBEBC9623DF010287 () FRMRSSXCHMBSD2 ! dc-m ! alcatel-lucent ! com
[Download RAW message or body]
Dear All,
like to raise a general comment to the group, driven by the "TLS minimal" d=
raft:
Do agree to the message of this doc, guess that the subject as such is out =
of question in the TLS community.
Actually I've expected more concrete specification guidelines from the conc=
lusion section.
Notions such as "TLS can be customized ...", "... required TLS functionalit=
y" or "It can be tailored to fit the needs of a specific deployment environ=
ment." point out that TLS related parameters and procedures could and shoul=
d be specified in detail for a particular communication (and security) envi=
ronment.
The answer could be the explicit introduction of a profile concept, - which=
is very well known already for some protocols.
Profiles could be more high level (like the "RTP profiles" (e.g. RFC 3551 a=
s a "minimum" ...) or fairly detailed (such as the 3GPP "SIP Gm profile" or=
H.248 profiles).
And there are already concepts for "TLS profiles" around, see e.g.
- "3GPP TLS Protocol Profile" (Annex E/33.310)
- "OMA TLS Profile" (OMA-TS-TLS-V1_...) or
- "Operating system xyz TLS Profile" ('xyz' as a placeholder for some well =
known OSs)
However, all these TLS profile concepts are not really identical, sharing s=
ome common capabilities, but also adding some specifics.
The rational behind is the fact that an explicit TLS profile concept is not=
(yet?) introduced in the IETF TLS core RFCs in my understanding.
We faced the same situation in ITU-T SG16 in work items for H.248-controlle=
d TLS services.
Thus, we made a definition proposal as a working assumption.
Interested parties may have a look in:
a) H.248.TLS "H.248 packages for control of transport security"
http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-23.zip
3.2.6 TLS-profile: A selection of options from a set of TLS related param=
eters and procedures.
and a concrete example may be found in:
8.7 Example for the TLS profile concept
b) H.248.TLSPROF "Guidelines on the use of H.248 capabilities for transport=
security in TLS networks in H.248 Profiles"
http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-24.zip
Would be interested whether the TLS WG experts
a) thought already about the definition of a profile for TLS (and DTLS)?
[Which would be a terminology definition and could be additionally a templa=
te for protocol profiling]
b) got any comments on our proposed TLS terms in above ITU-T work items?
Thanks,
Albrecht
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 \
2px solid; } --></style> </head>
<body>
<font face="Courier New, monospace" size="2">
<div>Dear All,</div>
<div>like to raise a general comment to the group, driven by the “TLS \
minimal” draft:</div> <div><font face="Calibri, sans-serif" \
size="2"> </font></div> <div>Do agree to the message of this doc, guess that the \
subject as such is out of question in the TLS community.</div> <div>Actually \
I’ve expected more concrete specification guidelines from the conclusion \
section.</div> <div>Notions such as “TLS can be customized …”, \
“… required TLS functionality” or “It can be tailored to fit \
the needs of a specific deployment environment.” point out that TLS related \
parameters and procedures could and should be specified in detail for a particular \
communication (and security) environment.</div> <div> </div>
<div>The answer could be the explicit introduction of a profile concept, - which is \
very well known already for some protocols.</div> <div>Profiles could be more high \
level (like the “RTP profiles” (e.g. RFC 3551 as a “minimum” \
…) or fairly detailed (such as the 3GPP “SIP Gm profile” or H.248 \
profiles).</div> <div> </div>
<div>And there are already concepts for “TLS profiles” around, see \
e.g.</div> <div>- „3GPP TLS Protocol Profile“ (Annex E/33.310)</div>
<div>- „OMA TLS Profile“ (OMA-TS-TLS-V1_...) or</div>
<div>- „Operating system xyz TLS Profile“ (‘xyz’ as a \
placeholder for some well known OSs) </div> <div><font face="Calibri, sans-serif" \
size="2"> </font></div> <div>However, all these TLS profile concepts are not \
really identical, sharing some common capabilities, but also adding some \
specifics.</div> <div>The rational behind is the fact that an explicit TLS profile \
concept is not (yet?) introduced in the IETF TLS core RFCs in my understanding.</div> \
<div> </div> <div>We faced the same situation in ITU-T SG16 in work items for \
H.248-controlled TLS services.</div> <div>Thus, we made a definition proposal as a \
working assumption.</div> <div><font face="Calibri, sans-serif" \
size="2"> </font></div> <div>Interested parties may have a look in:</div>
<div>a) <b>H.248.TLS "H.248 packages for control of transport \
security"</b></div> <div><font face="Calibri, sans-serif" size="2"><a \
href="http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-23.zip"><font \
face="Courier New, monospace" size="2" \
color="#0000FF"><u>http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-23.zip</u></font></a><font \
face="Courier New, monospace" size="2"> </font></font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"><b>3.2.6 TLS-profile</b>: \
A selection of options from a set of TLS related parameters and \
procedures.</font></div> <div><font face="Calibri, sans-serif" \
size="2"> </font></div> <div><font face="Calibri, sans-serif" size="2">and a \
concrete example may be found in:<a name="_Toc323896465"></a><a \
name="_Toc336871304"></a><br>
<b>8.7 Example for the TLS profile \
concept</b></font></div> <div><font face="Calibri, sans-serif" \
size="2"> </font></div> <div>b) <b>H.248.TLSPROF</b> "Guidelines on the use \
of H.248 capabilities for transport security in TLS networks in H.248 \
Profiles"</div> <div><font face="Calibri, sans-serif" size="2"><a \
href="http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-24.zip"><font \
face="Courier New, monospace" size="2" \
color="#0000FF"><u>http://wftp3.itu.int/av-arch/avc-site/2009-2012/1209_Bri/TD-2</u></font><font \
face="Courier New, monospace" size="2" color="#0000FF"><u>4</u></font><font \
face="Courier New, monospace" size="2" color="#0000FF"><u>.zip</u></font></a><font \
face="Courier New, monospace" size="2"> </font></font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div> </div>
<div>Would be interested whether the TLS WG experts </div>
<div>a) thought already about the definition of a profile for TLS (and DTLS)?<br>
[Which would be a terminology definition and could be additionally a template for \
protocol profiling]</div> <div>b) got any comments on our proposed TLS terms in above \
ITU-T work items?</div> <div> </div>
<div>Thanks,</div>
<div>Albrecht</div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
<div><font face="Calibri, sans-serif" size="2"> </font></div>
</font>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic