[saag] TLS WG Report

Eric Rescorla <ekr@rtfm.com> Thu, 08 November 2012 17:48 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 5964B21F8536 for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 09:48:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 7CfeNPUWmtiY for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 09:48:07 -0800 (PST)
Received: from mail-la0-f44.google.com (mail-la0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 92B5621F8533 for <saag@ietf.org>; Thu, 8 Nov 2012 09:48:06 -0800 (PST)
Received: by mail-la0-f44.google.com with SMTP id b11so2541220lam.31 for <saag@ietf.org>; Thu, 08 Nov 2012 09:48:05 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=OoKpMhmP6gxvSXSWb75O5mdWdOAsyb5HVlf+FSPlVCM=; b=lxky8E5gOpP+qNGKeI0nOeHzIddrVKLSIoDNJ8naPHlYc79S8aPoVoEKlScoSyfcUZ sYcCQKkbDO1081jr8uVW5yFHo1v5RUaAxoZre+6QcOWITVK3Gut9H/3yO49I+f1ToRbH 9MULvxHi1nkDZys2KZutyMBXgZHlQwpGXAmoe4XrAM4JjIf7WbnwEgnfd/GarlhYrVUR RY9cRg1Y8uqGJm1BzpDAZIFpzNbE3Oisn9TfycqY0G7g7fDk75EkRJiLc2OOLf5pL8V7 hcT9H4kaUgGMsRap+zAAvH/BSebofW10ZsSJdkIENxgbBw8WXN3GSwBWUSjjyEcgW7ax LTPw==
Received: by with SMTP id gj12mr8357046lab.19.1352396885292; Thu, 08 Nov 2012 09:48:05 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Thu, 8 Nov 2012 09:47:24 -0800 (PST)
X-Originating-IP: []
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 8 Nov 2012 12:47:24 -0500
Message-ID: <CABcZeBNi+mfXxLiHLpafQU+Pez_XETP-CSYofnkthC-pnuijZA@mail.gmail.com>
To: saag@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmmv3ha9x7abaqeEC4WUAvQus4XuAlFyHLDxHdMg9z2a3YuVchqzeWpMsNZEHFIDZXHJwwK
Subject: [saag] TLS WG Report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 17:48:07 -0000

The TLS WG met at 5:00 PM on Tuesday

The following notes are drawn largely from Paul Hoffman's minutes.

* TLS Cached Info draft (draft-ietf-tls-cached-info)
In mailing list discussion afterwards, Stefan proposed some syntactic
changes. We will need to discuss on the list.

* The Certificate Status Extension
is ready for WGLC.

* Out of Band Public key Validation ( draft-ietf-tls-oob-pubkey)
There was some debate about whether we should be using the same
mechanism/registry as RFC 6901. There was general consensus on
the desired properties and a question about whether RFC 6091
could support it. EKR to analyze and report back.

* We had a request from HTTPbis to take on a TLS-based upper-layer
protocol negotiation mechanism. The WG agreed to take this on.

* Origin Bound Certificates. Google has abandoned this in favor of
a new approach and may bring that to IETF later.

* We also had presentations about DTLS Multicast Security, TACK,
and an AuthZ extension to use DTCP certificates in TLS. None of
these have any immediate actions.