[saag] IETF 120 TLS working group report
Joseph Salowey <joe@salowey.net> Thu, 25 July 2024 00:59 UTC
Return-Path: <joe@salowey.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F011AC1E7245 for <saag@ietfa.amsl.com>; Wed, 24 Jul 2024 17:59:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCoztDClL2Yl for <saag@ietfa.amsl.com>; Wed, 24 Jul 2024 17:59:04 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AB89C1EBF45 for <saag@ietf.org>; Wed, 24 Jul 2024 17:59:04 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2f0271b0ae9so4298131fa.1 for <saag@ietf.org>; Wed, 24 Jul 2024 17:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1721869142; x=1722473942; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=t1WgN8jMEVDPt+VhkLANQtWBR3PdTVTJMGWj71LGogc=; b=VKkrU2mlYfwlVgqDdPiGDJ+A9QgT6WWTXMzF0fTFe3ZM/Ykd/sDNEt+ky5itGjpbof 6j08q/u6CexvWXn3J3Z269H5xR/SBtocqy9uZYrj1/pnpLY0NBKwCpjYC8TbpcJ828n5 FLSk2IBqsfeULLRJ5H6rRLx8IBjme8V1yhxc9Aq1xyN37uPB1LMJ/ApO1Ry4fy/VGGHJ p2boxjqlCo+CRkgWEJymNxES2kc27W6d+cbLXFvJPmcKRZpLHlwLIToVGPWM6VFySGk1 Nn/gxU/G5I9Fjt9KEiZLEhZ1Auh5ZNpBwctfOaskKhggygRiCZ7fk2t9OqVWApuLIpjK DupA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721869142; x=1722473942; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=t1WgN8jMEVDPt+VhkLANQtWBR3PdTVTJMGWj71LGogc=; b=lh9/lbhBqZyErLcwWk3MuoMcxjQgd5C5+8oTCye6BOWPwVkRI/A4DXOd1j6B31KN80 1KBGA2BZ224XsDhNsWqhORG6pUFBX5rwhdK2nuqZaivEGRu5VUZFAb5ny5HRmoKZTJs+ w3tfO3lXEAV+xW4Af6HxDHQ2tx9Jo4ol50N2KCn08zLQOQdy1iSySSRozcIyntWHXZSD x4EelnNSqsMzI6nnhFnLwfP60cLgj4drdN5mxXf17KuYrBIjqr/qGh1AcCP2hT+bX04U tvmdVfbHSYRMvPYBdQ2qjhUZpVKXO1ssx16UND39VFLDXbfHnKH66l+kog49B7R0mLu5 9M0A==
X-Gm-Message-State: AOJu0YyU0nD4e2yILZDOwk76vdV9J4B6Y1nD8TzdxVbco0nLcgGxK0dl hi23x2VBNA9zDowm+vazpAsYOlnpGU886Ic4bZIKaRLvmLn8H6jkvuVPK9dF518OCIoM5IYPGDk wYnVN+OX77D9eG7a0SdXuRTNaEbxRck+HfoolOGkwo5hPkFs/9xs7c+O7q20=
X-Google-Smtp-Source: AGHT+IETnt/DTAb5AVGn96CWgmmmxMh6B19Fe8wJu2kbmZyOFFrYgfKzSsNYH37eAPhbVH/ilumhBkalFKAohscick8=
X-Received: by 2002:a2e:be0c:0:b0:2f0:3cff:30ce with SMTP id 38308e7fff4ca-2f03cff31ccmr3747211fa.0.1721869141632; Wed, 24 Jul 2024 17:59:01 -0700 (PDT)
MIME-Version: 1.0
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 24 Jul 2024 17:58:50 -0700
Message-ID: <CAOgPGoBMWF3coHGOwry-E8Pr9ZkCCFCLrZSzM8x96i8hSyJbLw@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000089861c061e07e68f"
Message-ID-Hash: NDTRIK2ZX4ALIRL65HNPIAKUXDZGZSOV
X-Message-ID-Hash: NDTRIK2ZX4ALIRL65HNPIAKUXDZGZSOV
X-MailFrom: joe@salowey.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [saag] IETF 120 TLS working group report
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/nuW7-9IHqinuo9Ct2keNVHFh1GM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>
TLS met on Wednesday afternoon. We had some discussion on both Pure KEM PQ and hybrid KEM PQ key exchange for TLS. It seems like there is support for also defining a pure KEM approach, but there is some decisions that need to be made on whether the general mechanism and specific KEMs are defined in one or two documents. There was consensus in the room not to try to update the MTI in 8446 bis. We had some discussion on the requirements and process for the formal analaysis triage panel for tls. The current process needs more refinement. The mechanism for ECH configuration continues to evolve and there was a question whther it should be made into a general mechanism. Presentation on SSLKEYLOG for ECH and Extended Key Update received some interest. We finished of with a discussion of improving trust store negotiation for TLS. Two mechanisms were proposed: Trust expressions and Trust Achor IDs. The group seemed to favor trust anchor IDs, but there is still a contingent of the group who don’t like the general idea.
- [saag] IETF 120 TLS working group report Joseph Salowey