[IPP] Fwd: [TLS] Kicking off the TLS 1.3 formal analysis triage panel
Ira McDonald via ipp <ipp@pwg.org> Thu, 18 April 2024 16:03 UTC
Return-Path: <ipp-bounces@pwg.org>
X-Original-To: ietfarch-ipp-archive@ietfa.amsl.com
Delivered-To: ietfarch-ipp-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51C2C151071 for <ietfarch-ipp-archive@ietfa.amsl.com>; Thu, 18 Apr 2024 09:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.095
X-Spam-Level:
X-Spam-Status: No, score=-3.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pwg.org header.b="p4nks4np"; dkim=pass (1024-bit key) header.d=pwg.org header.b="P5xZyApd"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=gmail.com header.b="VcCp79h+"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgiQFbe-LQhy for <ietfarch-ipp-archive@ietfa.amsl.com>; Thu, 18 Apr 2024 09:03:45 -0700 (PDT)
Received: from mail.pwg.org (mail.pwg.org [172.104.19.21]) by ietfa.amsl.com (Postfix) with ESMTP id F16E7C14F6E1 for <ipp-archive2@ietf.org>; Thu, 18 Apr 2024 09:03:44 -0700 (PDT)
Received: by mail.pwg.org (Postfix, from userid 1002) id C84E7E5AA; Thu, 18 Apr 2024 16:03:43 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org C84E7E5AA
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default; t=1713456223; bh=niezv49MrVuejQGDvFEyLD5Zr94Nl3MPvqr/2C2OgZA=; h=References:In-Reply-To:Date:To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=p4nks4np0ZpWtDC5iWlQzKo6f1GKj3BfMF8v62AiT9dOqKwhV2Tir1ZVxbwZ9IjDG 3EWBRkSSwe8tu1As9YJRJ+TAuPCQ30OcgY9c0vxQdPyKZJ+N9kIhAxwrcG4METli7w s0Fz4kjBisPuuYpDYltT619NF34UXcRkd959GJe0=
Received: from mail.pwg.org (localhost [IPv6:::1]) by mail.pwg.org (Postfix) with ESMTP id 899FD6C0; Thu, 18 Apr 2024 16:03:41 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 899FD6C0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pwg.org; s=default; t=1713456221; bh=niezv49MrVuejQGDvFEyLD5Zr94Nl3MPvqr/2C2OgZA=; h=References:In-Reply-To:Date:To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=P5xZyApdV5KZPLAijp43VxTZsjtyGUZ6QEIjb0DF7zUvIKvXh4eKCrD3d2T9xr2SF lttUFYPz5s04iAEfl1QX9sPeV62wN/Y+P08DbMksBX33JAcnAcc9elqs5i2bPIoEiC R1coYXCOTy9s31YSJGl0QOmCaerrBa+2qhX6QW3k=
X-Original-To: ipp@pwg.org
Delivered-To: ipp@pwg.org
Received: by mail.pwg.org (Postfix, from userid 1002) id 854D63A77; Thu, 18 Apr 2024 16:03:39 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 854D63A77
Authentication-Results: mail.pwg.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VcCp79h+"
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) by mail.pwg.org (Postfix) with ESMTPS id 80EA96C0 for <ipp@pwg.org>; Thu, 18 Apr 2024 16:03:13 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.pwg.org 80EA96C0
Received: by mail-ua1-x929.google.com with SMTP id a1e0cc1a2514c-7e61a25900cso231259241.3 for <ipp@pwg.org>; Thu, 18 Apr 2024 09:03:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713456192; x=1714060992; darn=pwg.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=SDXSoSrYZcFxXD1W1Muw9ld2L5DT1tkt+sCzfXZLh7s=; b=VcCp79h+TOv36NaDsjvuHYiqMwjaPewyGlVfgcOTWm+eF9cZDBFgB4SSTmCIxLmlIT uJ2GkkBQ37LzpcIRCZltRtb8ERAQ3vRElK//Kii+YvNCfCf4uBbRRi7hQ/dCg9cKxuLQ RWTZ2QjMdFb7CqmB1BJDfbSHaT90ZURsfHgVO+79BoneELIlhIrBm7ELfi6Y3s/Lxx/N tvTWPZegYS/tgNR7LKRRYBzM7//4Eac3EkcCS0ftJowZ7JrMOz1tWt7DDakmLE8JxBbj y3XChFjNRKu9IIzATQXTRdDTNMfy7dkrUQ92LFt+7pSVwwvwCwnC/9MpNjvMITJW6Z/h EEUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713456192; x=1714060992; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SDXSoSrYZcFxXD1W1Muw9ld2L5DT1tkt+sCzfXZLh7s=; b=Ge8zDbA4toz9a2VcRj/Tk0/ONehyqvuErC8DzL7M+nIrLyv6eiEMh0RqnNMK6rJlUa vOHOrToiwSEulHsDvd3M+XtPUzdl3FAtSaJTBc8xEwLnlli3FU05wRAJ5cBI3h3bmmhA 9ElGxMphqruScF/ajl2xGEnT+Nox/pmClWd9ZGX4BX+s3DnR2RVp/T0Owb9y1hL++ImW dieKdWiLdW0NlH2eOM/SYVTw7gL+LHo+ZEhwu/GwLN17HdSDh0oEWuKqlF0tCACCw3Dw SfiEHgKdBXsKHf8nOPU188eUmMcpsKoqJIvgRn8o3tBJMg3o4PfcLt8t3Z9wssJwkGMp jeeQ==
X-Gm-Message-State: AOJu0YyC20loy2w9AJ2Os6CUSBPDCHLam9wcbqs0rWfKXOSj48JcwLLt 4pCAtKeZ8Le445VMSoReXI2rwHTRyVNNB7M3Zg4N0+2v5ikhYC+pqQwlD51j1M13jaMBNMp7Ecq 8EcQiXR/q+NjSeudAT9A+cQzxDv0I0g==
X-Google-Smtp-Source: AGHT+IEB+IkFG3Lu3S9wrzV9JQJu+fxylMAIn3+DcB6afM3nIUgj8dtQuBdHkG/7DawRIWBYSqFu4tiu6Q3Jq8jhveQ=
X-Received: by 2002:a05:6122:881:b0:4c8:e5a0:4222 with SMTP id 1-20020a056122088100b004c8e5a04222mr3502810vkf.12.1713456192328; Thu, 18 Apr 2024 09:03:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAFR824zDWTGB_SoTxK+fuRXpPf1+4=3t=ghEUkGtPXDBM5nqoA@mail.gmail.com>
In-Reply-To: <CAFR824zDWTGB_SoTxK+fuRXpPf1+4=3t=ghEUkGtPXDBM5nqoA@mail.gmail.com>
Date: Thu, 18 Apr 2024 12:02:52 -0400
Message-ID: <CAN40gSuZ=M=GOmmSNz4h8_T57JC_etVK_jDQ2YkmhQ=T28M3Yg@mail.gmail.com>
To: "ipp@pwg.org" <ipp@pwg.org>, Ira McDonald <blueroofmusic@gmail.com>
Subject: [IPP] Fwd: [TLS] Kicking off the TLS 1.3 formal analysis triage panel
X-BeenThere: ipp@pwg.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: ISTO-PWG Internet Printing Protocol workgroup discussion forum <ipp.pwg.org>
List-Unsubscribe: <https://www.pwg.org/mailman/options/ipp>, <mailto:ipp-request@pwg.org?subject=unsubscribe>
List-Archive: <http://www.pwg.org/pipermail/ipp/>
List-Post: <mailto:ipp@pwg.org>
List-Help: <mailto:ipp-request@pwg.org?subject=help>
List-Subscribe: <https://www.pwg.org/mailman/listinfo/ipp>, <mailto:ipp-request@pwg.org?subject=subscribe>
From: Ira McDonald via ipp <ipp@pwg.org>
Reply-To: ISTO-PWG Internet Printing Protocol workgroup discussion forum <ipp@pwg.org>
Cc: Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/mixed; boundary="===============3995153336204779068=="
Errors-To: ipp-bounces@pwg.org
Sender: ipp <ipp-bounces@pwg.org>
FYI - An important new development in TLS 1.3 extension specs security analysis. ---------- Forwarded message --------- From: Deirdre Connolly <durumcrustulum@gmail.com> Date: Thu, Apr 18, 2024 at 11:37 AM Subject: [TLS] Kicking off the TLS 1.3 formal analysis triage panel To: TLS@ietf.org <tls@ietf.org> Hello everyone! We're kicking off our TLS 1.3 formal analysis triage panel. We have these volunteers participating: - Douglas Stebila - Dennis Jackson - Franziskus Kiefer - Cas Cremers - Karthikeyan Bhargavan - Vincent Cheval Some of them are on this list, some are not, major welcomes and thank yous all around! I will link to my write up to the working group <https://mailarchive.ietf.org/arch/msg/tls/RupKEHeJdAzxpNEZnRgerk4en1c/>and the recording of the most recent meeting <https://youtu.be/Oo1UzQtfRYw?feature=shared&t=1485> for more context if you want it. The goal of the triage panel is to maintain the high degree of cryptographic assurance in TLS 1.3 as it evolves as a living protocol. To paraphrase a recent analysis of Encrypted Client Hello, one can see three prongs motivating formal analysis of changes or extensions to TLS 1.3: - Preservation of existing security properties: the authentication, integrity, and confidentiality properties that have already been proven are preserved - New, stronger security properties: such as improved privacy demonstrated by ECH, prove that extensions satisfies new goals - Downgrade resilience: prove that active attackers cannot downgrade the changed/updated/extended protocol to bypass/remove the new guarantees These are especially salient for new features like Encrypted Client Hello, but I would say the top bullet is the front of mind for most proposed documents coming through TLSWG: people want to use TLS 1.3 in new settings, in updated contexts, and want to tweak it a bit for their use case, and we want to make sure these changes do not degrade the already proven security properties of TLS 1.3. Here's how I envision this going: every few weeks or so, more likely than not spurred by a document introduced at a (March, July, November) IETF meeting, we chairs ping the triage panel directly with document drafts that we'd like a first pass sniff test on whether these proposals: - imply a change to previous security analysis assumptions (via pen and paper, formal methods tools, computer-aided provers, any/all of the above) - whether such a change behooves updated analysis - if updated analysis is recommended, of what type, what scope, and estimated time to complete, given such and such a person or team We (the chairs) will collect responses, collate them, and bring them to the working group as part of an adoption call or other working group discussions about a document. If this process did not occur (say something was adopted long ago and has been dormant but now is being revived etc) we may come back and run a similar procedure again. If the working group agrees on requiring formal analysis for a document before it goes through a last call, we will ask the triage panel for recommendations or advice on trying to match the project with a group or a researcher who can work with the document authors on delivering the analysis. The first thing on deck is 8773bis <https://datatracker.ietf.org/doc/draft-ietf-tls-8773bis/>, with more to come. Hopefully this is useful. Yay! Deirdre, for the chairs _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ ipp mailing list ipp@pwg.org https://www.pwg.org/mailman/listinfo/ipp
- [IPP] Fwd: [TLS] Kicking off the TLS 1.3 formal a… Ira McDonald via ipp