[saag] IETF 101 TLS SAAG Summary
Joseph Salowey <joe@salowey.net> Wed, 21 March 2018 14:29 UTC
Return-Path: <joe@salowey.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F278012DA4D for <saag@ietfa.amsl.com>; Wed, 21 Mar 2018 07:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_20_30=1.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2ngWXbp07FE for <saag@ietfa.amsl.com>; Wed, 21 Mar 2018 07:29:06 -0700 (PDT)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5F3912DA4A for <saag@ietf.org>; Wed, 21 Mar 2018 07:29:06 -0700 (PDT)
Received: by mail-pf0-x22d.google.com with SMTP id 68so2037048pfx.3 for <saag@ietf.org>; Wed, 21 Mar 2018 07:29:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=qyMG3t2CepjJF4x2cXZZQC1D9UFNajCapLKIU0F7BhY=; b=M6RmN08l5/N1tOE5cty1KVsnSCX7WA0LGkjfZNHNSM54wVmkYhPMtOBt1aHmobj7Rq kzLnRKsJ50ytgnJDiPRnG1+4QgyQdCakdWUFXnn51h6A4wd+R0lqgio+7SiepR2sn+HH mJMfc8sIm6em6u0uMjg0WBLXrQLvLe0BeRoKyLi7fIOS5jUNjzyQjhG/Y7pBQ93eRJ36 3Lnpb6Sfd4zwRnyIBXvvFfyGN8VyB8k0Ns9BY/IB57ghthaJiLJ63/UmJ7CjbQvSYTBx ZlGUWRl4spEeg3RKNPXQgxDZhC+Fu1KXCEgbj/eN+5k9wHvVwswVj6UH5BLzXsaFCUi7 UoUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qyMG3t2CepjJF4x2cXZZQC1D9UFNajCapLKIU0F7BhY=; b=VqhXHL+ptO56VkFtt8uiRttt4aPtg12oI2oqIsm8/DKmHaDmAvGgGBs9KFPkCRpCrV 7MzWz5Rqor5L1LkQ72vZiXNVcFJuwRKITUIm46qH4S3o8XUXVyJIfh70xSeXglOiAaER vVF+Li9hWFIIIm9ZlKoQTyI2vjDxuxeCeURZ7Un5RbmFjo2Gbm1HzXV9Pwlh79SpzzcF TQzCRJeWTixTWBCvH06DmJdAgT8oOEla7gNWrRpQQ1X/cHbrs+HNii9f10HRx9f53xNj m69VsCeN9+UPrr9RPHQEBzkkYEhRQfLibyku7b6cmBwBqHdh+iE44/qTfiNKk02RvmCU 19wQ==
X-Gm-Message-State: AElRT7EVg1US70b5Ti4zGzlBvA0Yg3HGeZAvT/ydGYYg/sI8mQjnILXQ bcLein9DLdMQfabgjhfyhYrSOGCjUd0Rich0CZJJEoKQ
X-Google-Smtp-Source: AG47ELugSkBrX5B3GG2O439YS6DsmKKUhM5u2mhLMQTV9Zb7qxGDIQdBd2iTsoglqoYqcJIr73vSf7YwFDbAAwfNbkY=
X-Received: by 10.99.55.1 with SMTP id e1mr10736724pga.237.1521642545928; Wed, 21 Mar 2018 07:29:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.168.77 with HTTP; Wed, 21 Mar 2018 07:28:45 -0700 (PDT)
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 21 Mar 2018 14:28:45 +0000
Message-ID: <CAOgPGoBup-tEPO44SXB4BCGUpxqqFSUoiBB03qL70Mx-v=5z4A@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="001a114aefac6cf0340567ed03e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_gJaHsX2nJqcTBFR0UAy84Vyvuk>
Subject: [saag] IETF 101 TLS SAAG Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 14:29:13 -0000
The TLS working group met on Monday and Wednesday this week. Main points
of discussion:
- TLS 1.3 <https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/>is
approved by the IESG and heading to the RFC editor queue.
- The main topic on Monday was a proposal for TLS visibility
<https://datatracker.ietf.org/doc/draft-rhrd-tls-tls13-visibility/> in
the data center. The TLS working group was unable to reach consensus to
adopt this work. The security ADs will handle the discussion of
alternative paths for this work.
- Discussion on Connection ID
<https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/> for
TLS 1.2 and 1.3 resulted in consensus to use an explicit mechanism to
indicate the presence of the connection ID. There was desire to keep
changes to DTLS 1.2 a minimal as possible.
- After some discussion of the DNSSEC chain extension
<https://datatracker.ietf.org/doc/draft-ietf-tls-dnssec-chain-extension/>
the working group reached consensus that the draft in its current state
will move forward and authenticated denial of existence and pinning work
would need to be considered in a separate document.
- There was presentation on security analysis for the exported
authenticators draft
<https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/>
- We will seek an advance code point assigned for Certificate compression
<https://datatracker.ietf.org/doc/draft-ietf-tls-certificate-compression/>
from IANA
- The SNI encryption
<https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/> work
will be split out into 1 draft that discusses the problem, requirements and
current state and several other documents that detail possible solutions.
- There was some discussion of Semi-static DH keys for TLS
<https://datatracker.ietf.org/doc/draft-rescorla-tls13-semistatic-dh/>
(similar
to OPTLS)
- We ran out of time to discuss a proposal to supplement certificate
based authentication with a PSK
<https://datatracker.ietf.org/doc/draft-housley-tls-tls13-cert-with-extern-psk/>
to provide resistance to advances in quantum computing.
- We had a presentation on a header extension format
<https://datatracker.ietf.org/doc/draft-fossati-tls-ext-header/> for DTLS
- A query was issued to the working group on if there is interest in
using PAKEs such as SRP with TLS 1.3.
- [saag] IETF 101 TLS SAAG Summary Joseph Salowey