[saag] TLS@IETF109: SAAG summary

Sean Turner <sean@sn3rd.com> Wed, 18 November 2020 05:05 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C40C63A0A50 for <saag@ietfa.amsl.com>; Tue, 17 Nov 2020 21:05:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id nQMy-t6r0RMb for <saag@ietfa.amsl.com>; Tue, 17 Nov 2020 21:05:45 -0800 (PST)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22E9D3A0A8C for <saag@ietf.org>; Tue, 17 Nov 2020 21:05:45 -0800 (PST)
Received: by mail-il1-x136.google.com with SMTP id h6so815983ilj.8 for <saag@ietf.org>; Tue, 17 Nov 2020 21:05:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=cMO/8V+qXPL22+uf1mRmvZxnJ2VLHjhk3dPGSZMqhNw=; b=QFVwtWmpNFVlouCdX9kSK0hCqeW4snbbr4NgaoG2U2DDZ9169v88ENfs/DVJV5X+ce OPxKL/ICFm35LuAO00PNhQYCrsvOuNnutAO7T3jgxvdEk8CJqWLVGsfe0W2yKhUQvNaU +fOFDWNyK0p2n4IygvdEGnhR6x1LDbek/PfNw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=cMO/8V+qXPL22+uf1mRmvZxnJ2VLHjhk3dPGSZMqhNw=; b=UzFtXVAQ3VYnt2KcuKSArOZMoL1f2zhLCmYXwU/53cm/mqk+gr6MQS0HnXx0/YH/17 yzg+vTo2jLNVTD0FV5gLq9O7T3xw4Y+2XSalRy8pg/NUaDb+Lb/Xwnd0wAAUIHM6jb3a eIBpTh1TDThgYKfJEBbwQohTur6f3TaqXGOosh1es7owNXSZE24i+PnFyjVzp+ZZM+80 FSpLBkk0Z4X4+hX+Z7/CweSFRpr2DA20OLGAQNy5hyGe9aivb7cHwd2SyMSNHnMINrEe amnpkXU+9EcnOI+RlgtPyOVYsN0ph7ltVpS0kmQWD5SSYYJSyJWg3pqDN9wCuAEDXAh4 aGYw==
X-Gm-Message-State: AOAM53349/a1b7ycBL8YPoNQqmdBJXOv98V1xKx4lYBrsZsijFAUGHfd J+QW+++EYfLagAlGCqbPN9r+5MlbuMGykg==
X-Google-Smtp-Source: ABdhPJzIQCHFGaEGQcj3z64+dmY5X+l27yaO9j6f5aJrgPZyeS/TigfHMN6E6zD9F8ohzBWMCw5r2w==
X-Received: by 2002:a92:9f42:: with SMTP id u63mr15795839ili.146.1605675943922; Tue, 17 Nov 2020 21:05:43 -0800 (PST)
Received: from [] (pool-108-31-39-252.washdc.fios.verizon.net. []) by smtp.gmail.com with ESMTPSA id v22sm504413ila.84.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Nov 2020 21:05:43 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Message-Id: <86DD1296-3A89-412B-AFDB-7F1136D64111@sn3rd.com>
Date: Wed, 18 Nov 2020 00:05:42 -0500
Cc: TLS List <tls@ietf.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.3608.
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/wNyzlu73FBS5i5RM0kz6yeIZW0U>
Subject: [saag] TLS@IETF109: SAAG summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 05:05:47 -0000

The TLS WG meet Tuesday the 11th of November 2020 from 1430 to 1530 UTC time.

During the WG I-D status update portion of the agenda, it was noted that a normative reference to draft-kucherawy-rfc8478bis might significantly delay publication of draft-ietf-tls-certificate-compression. draft-kucherawy-rfc8478bis is also in the RFC editor’s queue, but has been pulled back because of a late breaking errata [0]. I suggested and Ben, our AD, agreed that a way forward was to refer to RFC 8478 and rely on the the “obsoletes” header for readers to locate the RFC-to-be for draft-kucherawy-rfc8478bis. No objections were raised.

A fix for the lone remaining AD review comment on draft-ietf-tls-dtls-connection-id was proposed (will be modified based on list discussion after the meeting) to tweak the MAC (AtE) input to something similar to approaches for AEAD and EtM. No objections were raised.

Work on ECH (Encrypted Client Hello) continues. Further work remains including WG agreement on “do not stick out” considerations [1] as well as HRR (Hello Retry Request) inconsistencies with RFC 8446 [2]. It was suggested that an interim meeting be held to solely address the “do not stick out” considerations.

There was consensus at the session to use Interoperability Targets as a mechanism for I-Ds with active implementers; this idea is unabashedly stolen from the QUIC WG. tl;dr: the WG would declare a particular I-D the target for an interop event. A wiki, e.g., [3], would be created to list implementations and an interoperability matrix as well as the I-D that is the interoperability target.

spt for the chairs

[0] https://www.rfc-editor.org/errata/eid6303
[1] https://github.com/tlswg/draft-ietf-tls-esni/issues/354
[2] https://github.com/tlswg/draft-ietf-tls-esni/issues/358
[3] https://github.com/tlswg/draft-ietf-tls-esni/wiki/Draft--09-Interop