[saag] TLS report

"Christopher Wood" <caw@heapingbits.net> Thu, 21 November 2019 05:32 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 85B72120971 for <saag@ietfa.amsl.com>; Wed, 20 Nov 2019 21:32:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=RIZw2a2T; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HBwtUxmP
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YSd4vyVaHq-n for <saag@ietfa.amsl.com>; Wed, 20 Nov 2019 21:32:12 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A41D3120143 for <saag@ietf.org>; Wed, 20 Nov 2019 21:32:12 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id BF1A6220BD for <saag@ietf.org>; Thu, 21 Nov 2019 00:32:11 -0500 (EST)
Received: from imap4 ([]) by compute6.internal (MEProxy); Thu, 21 Nov 2019 00:32:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm2; bh=Mc67T8dNNTdugovpYQVLP6bKBPteuslcYq4BcAUke+8=; b=RIZw2a2T PwUioeWET0edYmJXsiAbyhk1swHrBCZEDhM9IU/0Ew8F6ZU4EMMrvwhukly9IDE+ aYAWwjEhjHiIftNbwC0ScUHmNvVzX1zcFewchCWkzy1q7bc3K+D8FMHGtX4W8+ft OhVrq5j2NpJSAtKGVLBcpg220LPY9CHAyMtJbhj5XQs1JXYowAWNgqwGCuutv86s VH4cJldcbE+GN4Zl/Cs5x6nXajgVydqvMpT8rGei5GkfGDK88x8Jj13UQzjUrfnC IqsMS6jJqmgmptN+BA6+M83rKisu2Qyq6Hu7B7BXJ6mtVvD39FREe20u0iJZJPJd B6YC9fw2Og4CUw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=Mc67T8dNNTdugovpYQVLP6bKBPteu slcYq4BcAUke+8=; b=HBwtUxmP433yu2b2lr+TpSpkw5TY1OJg24ivuTqCg3tnT u4Vzs1YxFESEK52+8MqO0vgGeDFwjwkuwaiQ07Lp/izyXeoL6OcR9Lv09m7M+vvC 1t70js6EcsDt5f7bHI+4pqI5ZuMOQpH2l1IslrxmSuy13eQRVmSOwLqW3m+zeiDt /k1jyiOXxJ354mswrz4MqaRKEv/UAvKEVmCC4Is4MNhb6uL7/dP+5zLrLvua+fob OCsTJ1taec+8rdiurGSWpvJELBmCMSGCGdWBH4iLVpiS2vrgsnlBLvokZpSlFCWe Vt+bhH2hbGrf/XoEWXYnjgrKekiNlWLScU1hKQ4Bg==
X-ME-Sender: <xms:WyHWXWlwrWAV9PN9aLdfPkvb-Zn2Hxh79Ydqhw4SmMvKot_c4d-NOA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudehuddgkeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomheptggrfi eshhgvrghpihhnghgsihhtshdrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:WyHWXT3SNoQc16Q7lzmmGYgCUPBzecUHLHFRUcbTqBevCTwCx5rt0A> <xmx:WyHWXSRIv3Zv7u91OQVez6Ot_VPjB4VV8e8wFQ4HtotcyF2rI0R7yQ> <xmx:WyHWXVtYTEul_5iZ2jD4SMFziV8TfqClZ_ufwBbwr-O6bsGxY2MA0g> <xmx:WyHWXVzTMmYsw_SbeAzI_iqu8ug4FZHUTP5YbD1MJX6B9S6hgyLGyw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6EA383C00A1; Thu, 21 Nov 2019 00:32:11 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-578-g826f590-fmstable-20191119v1
Mime-Version: 1.0
Message-Id: <a6ce0b90-2d60-4f12-b008-3ccf90c99099@www.fastmail.com>
Date: Thu, 21 Nov 2019 13:31:51 +0800
From: "Christopher Wood" <caw@heapingbits.net>
To: saag@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/IwlDBqF6nN9MoftgqiZve3vpVM0>
Subject: [saag] TLS report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 05:32:15 -0000

TLS met Thursday morning and will meet again Thursday afternoon. 

TLS External PSK was discussed. There was agreement to revise the document and move forward with a few minor revisions.  The WG will also start a design team to document and clarify external PSK usage and more sophisticated mitigations for Selfie-style attacks. Final updates to the Exported Authenticators draft were presented based on last call comments. An existing PR to clarify comments exists yet did not have consensus in the room. Discussion on the list will continue. Changes to the Delegated Credentials (DC) draft were presented. The WG seems to be in favor of adding a signature algorithms list to the DC extension citing possible benefits for semi-static DH as a use case. 

The WG received new work on an extended key schedule for TLS 1.3 to support better security and consistency for additional use cases such as Hybrid Key Exchange, ESNI, External PSK, and Semi-Static DH. The design injects secret into key schedule in a predictable and composable way. There will be more discussion on the list. Compact TLS (cTLS) was presented. The design introduces a variety of changes (removal of legacy fields, variable-length encoding, pre-defined extensions) that aim to help better use TLS in other contexts, such as QUIC, LAKE, and EAP.  Strong support in the room to adopt this in the working group pending rechartering.  A proposal on a 1-RTT Semi-Static DH handshake mode was presented.  There was support to adopt this draft as a WG item. The WG will confirm on the list. A new proposal for batch signing was presented.  There was support to adopt this draft as a WG item. The WG will confirm on the list.

The afternoon TLS session will cover Encrypted SNI and the ongoing work to deprecate MD5+SHA1 signature hash algorithms.