[saag] TLS WG Report

Eric Rescorla <ekr@rtfm.com> Thu, 02 August 2012 18:34 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 452DA11E822F for <saag@ietfa.amsl.com>; Thu, 2 Aug 2012 11:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzSCVWH4xnwg for <saag@ietfa.amsl.com>; Thu, 2 Aug 2012 11:34:03 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id AD15811E8229 for <saag@ietf.org>; Thu, 2 Aug 2012 11:34:03 -0700 (PDT)
Received: by yenq13 with SMTP id q13so9800829yen.31 for <saag@ietf.org>; Thu, 02 Aug 2012 11:34:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:from:date:message-id:subject:to:cc :content-type:x-gm-message-state; bh=ubc5BUYF61lqPYy967ildRFS2LI/d7ZUmE7iS6/6sN0=; b=UjwDOlTpwbTCvzNW7TPddoW+vlyUw46NVqYsXkBqsmsiDv2ZBEsyN8we8O5OzYXbp8 CAPTNFTUiQLlcPLdxNG8oucjrSWgzLUzPXJ6LXRFat3vZ7sPoLxYYOupGspwdEc8Ktoh 7SISu4thXsq/6oW1QGYsPSb7XO5tByZATBKbAb2Q3GsYmpEDBt7LXI9HXPt4OyLg0rTg /AxiyXbo5kRS6uy+N8ivTyK2OSoP+RQXBKY++ENDKvFGi5UdFNw5jqcwdBhJemywdg6O Iv6Hz5oWEj3yIVCW7/Q3lKDsCRg6uEgMTi1oBWn7/TP0zqfhNQk8B3EegW0ilY6Hqqg+ IyZw==
Received: by 10.50.149.225 with SMTP id ud1mr5193334igb.74.1343932442968; Thu, 02 Aug 2012 11:34:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.71.37 with HTTP; Thu, 2 Aug 2012 11:33:22 -0700 (PDT)
X-Originating-IP: [130.129.85.212]
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 2 Aug 2012 11:33:22 -0700
Message-ID: <CABcZeBMV-O0XT-EUP=ryVt6SNzXTvYRAc6M8TVa4isxapO_J8g@mail.gmail.com>
To: saag@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnKPnKRXhYwUrgPgBGUK4flyRc01ENCgygfqKfGuXQmu67rQxeA9diTgHB5wxD65XHhxglS
Cc: tls@ietf.org
Subject: [saag] TLS WG Report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 18:34:04 -0000

The TLS WG met at 10:30 AM on Tuesday:

- TLS-OOB is effectively done. There was discussion of the relationship
   to RFC 6091, which is Informational, but depended upon. Consensus
   is to cut-and-paste the relevant portions. Authors to prepare a new
   draft and WGLC.
http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-04


- The CachedInfo draft is ready for WGLC with some minor changes.
  The authors will prepare a new draft.
http://tools.ietf.org/html/draft-ietf-tls-cached-info-12

- The OCSP Multistapling draft needs some more review but is believed
   nearly done. The chairs called for more reviewers of this.
http://tools.ietf.org/html/draft-ietf-tls-multiple-cert-status-extension-01

- There was a discussion of rollback protection mechanisms (to compensate
for broken servers). The WG agreed to proceed in this line and to discuss
specific mechanisms on-list.

- There was consensus for the WG to accept the TLS-PWD mechanism.
We will confirm on the list.
http://tools.ietf.org/id/draft-harkins-tls-pwd-02.txt

- There was extensive discussion on explicit TLS proxy support (for
proxies which encrypt and decrypt, not RFC 2817 proxies) but
generally the WG seemed not to want to take this work on.
http://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-01

-Ekr