[TLS] TLS@IETF109: SAAG summary

Sean Turner <sean@sn3rd.com> Wed, 18 November 2020 05:05 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 964263A0A9C for <tls@ietfa.amsl.com>; Tue, 17 Nov 2020 21:05:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Hnq6vFz_0Lvm for <tls@ietfa.amsl.com>; Tue, 17 Nov 2020 21:05:45 -0800 (PST)
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 027043A0A50 for <tls@ietf.org>; Tue, 17 Nov 2020 21:05:44 -0800 (PST)
Received: by mail-il1-x135.google.com with SMTP id l13so845961ilg.3 for <tls@ietf.org>; Tue, 17 Nov 2020 21:05:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=cMO/8V+qXPL22+uf1mRmvZxnJ2VLHjhk3dPGSZMqhNw=; b=QFVwtWmpNFVlouCdX9kSK0hCqeW4snbbr4NgaoG2U2DDZ9169v88ENfs/DVJV5X+ce OPxKL/ICFm35LuAO00PNhQYCrsvOuNnutAO7T3jgxvdEk8CJqWLVGsfe0W2yKhUQvNaU +fOFDWNyK0p2n4IygvdEGnhR6x1LDbek/PfNw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=cMO/8V+qXPL22+uf1mRmvZxnJ2VLHjhk3dPGSZMqhNw=; b=sowYub+8qiE4FX5hXkp61JqyfD6jyIgDdStj8zlECYye/XbVEUeOWt7sGJ6fr33cQe 29VJKrInyNw20HClqW1m18LyuQHBsxyTT3+8W03Y3Ht3vVm8Y5zmFznqQnl/GKzDcspb oXR7+R74WnJkg7oAd/LLTsG6Yo56Z/Zp23hQd+mMZDgbHA4ckjdbsxcKP6Pfm3Rqy10b yg3VWX47TS09jlHkSwBISdyKd3aXEQ7TeCW1l5gHLglJSeJNgJVa3C6GssjrA9x6zhP1 ZUahyWD5SaRuiZhPkoC+ZsYJqxRuMRMJFe6YrZvcWKb2iPzT2puHXzZacWLoftY3qa/j twtQ==
X-Gm-Message-State: AOAM531gUUthaRnXQPU44//rwynA79Nr7wz+i8F4OUHioNaC6L1FQj25 k6hB7rU1bU+7DwlsfjGjtGddAw==
X-Google-Smtp-Source: ABdhPJzIQCHFGaEGQcj3z64+dmY5X+l27yaO9j6f5aJrgPZyeS/TigfHMN6E6zD9F8ohzBWMCw5r2w==
X-Received: by 2002:a92:9f42:: with SMTP id u63mr15795839ili.146.1605675943922; Tue, 17 Nov 2020 21:05:43 -0800 (PST)
Received: from [] (pool-108-31-39-252.washdc.fios.verizon.net. []) by smtp.gmail.com with ESMTPSA id v22sm504413ila.84.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Nov 2020 21:05:43 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Message-Id: <86DD1296-3A89-412B-AFDB-7F1136D64111@sn3rd.com>
Date: Wed, 18 Nov 2020 00:05:42 -0500
Cc: TLS List <tls@ietf.org>
To: saag@ietf.org
X-Mailer: Apple Mail (2.3608.
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2aeS9hRaJzqlmeeivywuDSRO8bY>
Subject: [TLS] TLS@IETF109: SAAG summary
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 05:05:47 -0000

The TLS WG meet Tuesday the 11th of November 2020 from 1430 to 1530 UTC time.

During the WG I-D status update portion of the agenda, it was noted that a normative reference to draft-kucherawy-rfc8478bis might significantly delay publication of draft-ietf-tls-certificate-compression. draft-kucherawy-rfc8478bis is also in the RFC editor’s queue, but has been pulled back because of a late breaking errata [0]. I suggested and Ben, our AD, agreed that a way forward was to refer to RFC 8478 and rely on the the “obsoletes” header for readers to locate the RFC-to-be for draft-kucherawy-rfc8478bis. No objections were raised.

A fix for the lone remaining AD review comment on draft-ietf-tls-dtls-connection-id was proposed (will be modified based on list discussion after the meeting) to tweak the MAC (AtE) input to something similar to approaches for AEAD and EtM. No objections were raised.

Work on ECH (Encrypted Client Hello) continues. Further work remains including WG agreement on “do not stick out” considerations [1] as well as HRR (Hello Retry Request) inconsistencies with RFC 8446 [2]. It was suggested that an interim meeting be held to solely address the “do not stick out” considerations.

There was consensus at the session to use Interoperability Targets as a mechanism for I-Ds with active implementers; this idea is unabashedly stolen from the QUIC WG. tl;dr: the WG would declare a particular I-D the target for an interop event. A wiki, e.g., [3], would be created to list implementations and an interoperability matrix as well as the I-D that is the interoperability target.

spt for the chairs

[0] https://www.rfc-editor.org/errata/eid6303
[1] https://github.com/tlswg/draft-ietf-tls-esni/issues/354
[2] https://github.com/tlswg/draft-ietf-tls-esni/issues/358
[3] https://github.com/tlswg/draft-ietf-tls-esni/wiki/Draft--09-Interop