[TLS] kicking off charter revision discussion
Sean Turner <sean@sn3rd.com> Thu, 25 October 2018 00:19 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3B781294D7 for <tls@ietfa.amsl.com>; Wed, 24 Oct 2018 17:19:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dsXYTg55i6_a for <tls@ietfa.amsl.com>; Wed, 24 Oct 2018 17:19:36 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2701294D0 for <tls@ietf.org>; Wed, 24 Oct 2018 17:19:36 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id p24-v6so1927158qtq.0 for <tls@ietf.org>; Wed, 24 Oct 2018 17:19:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=pgGhLN3sxEltQp74uC9qQm9Ku72RPBnSuiHNUg1YDE0=; b=CVakkT9NEW9AlpyOwJoe5QpjNpCY9zKnM9/sj47O8aVYijJfy1DbCnIhUailpHcDht Z6kJORwtsnOf34jcczdwH7yL39hqCXm20lvAeFsaTGZzHoma2TOUz8smNXu0/lpnx2ca PcG2KsD3xzV0fprMFakyfr9dN7e4l3mTxAlpg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=pgGhLN3sxEltQp74uC9qQm9Ku72RPBnSuiHNUg1YDE0=; b=e3x7B1ume+1XNaK8wP5ZzCPL79XNJSsuUMKOjC6I0f18P9KnNlIs3A4/rqn5Hl1yLx 7ORUNH4RKRPJ5dVu6mQGC0oQM7t+Tc8x11y78o4Z0mHiezN1001NWt9U/fFYwyGw/H5W B7xQcpyGeSW20OFQekjXGe99cd3cfzG7c8plUrT1b2erzXIijhzB/vAgEdGPW4XSQxlo BWo8ElscjdlwXvdZ79XGLrgkP50FoT0Ih488ITNGfHE3MgDTO9Wkptl3i6vjGcJ6I6B7 fz6LgEPP9o08lFaj4WKC9GG+4Tt8qNp3ilazHOMMFqhboFHIcgKE6Ql/DDOf6S4dBKRw 7blA==
X-Gm-Message-State: AGRZ1gI9unX/poAnV4XmJvYevH0pCl3C0dkvSpnabJEUuX7IFsnGoknq M2ksRBHwNkXnLdsuKvMLuAUITmE7rj0=
X-Google-Smtp-Source: AJdET5fl2Cw+14jwbUKsy+tjN1GxynzADZlroqcSIWNfcBVrhDUtQu7ygpi2L6WPBnWJLxFPTdiXaQ==
X-Received: by 2002:ac8:40c2:: with SMTP id f2-v6mr4721047qtm.218.1540426775613; Wed, 24 Oct 2018 17:19:35 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id z188-v6sm4464925qkz.66.2018.10.24.17.19.34 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Oct 2018 17:19:34 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Message-Id: <E94102EF-0F2E-44B1-9B61-94E4702F9FE1@sn3rd.com>
Date: Wed, 24 Oct 2018 20:19:33 -0400
To: tls@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3MnpFkRCD_bha9KPNNU05g-Il6U>
Subject: [TLS] kicking off charter revision discussion
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 00:19:39 -0000
With the finalization of TLS 1.3 behind us, it is time to consider rechartering the working group to address ongoing and emerging issues in this space. Below is a proposal for the new charter text to get this discussion going before we meet in Bangkok. We plan to have a 20 minute discussion section on the charter in one of the upcoming TLS WG meeting sessions. If you have objections to what is written, please raise them to the list; we will track them with issues in the newly created GH repo [0]. If you feel something is omitted, please also bring it to the list but also feel free to suggest edits via issues/PRs in that repo. Thanks, Chris, Joe, and Sean [0] https://github.com/tlswg/wg-materials/tree/master/charter. Proposed Charter Text The TLS (Transport Layer Security) working group was established in 1996 to standardize a 'transport layer' security protocol. The basis for the work was SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed a series of specifications that describe the TLS protocol v1.0 [RFC2246], v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS) v1.0 [RFC4347] and v1.2 [RFC6347], as well as extensions to the protocols and ciphersuites. The working group aims to achieve three goals. First, to develop DTLS 1.3, in a way that draws upon the design, analysis, and engineering effort put into TLS 1.3. Specifically, the protocol should exhibit the following features, in no particular order: - Encrypt as much of the handshake and datagram packets as possible to reduce the amount of observable data to both passive and active attackers. - Reduce handshake latency and aim for one roundtrip for a full handshake and one or zero roundtrip for repeated handshakes without compromising current security features. - Use cryptographic algorithms equivalent to those used in TLS 1.3. The second working group goal is to improve protocol extensibility, usability, and deployability, e.g., GREASE, Delegated Credentials, Certificate Compression, and Exported Authenticators. These working group items will include a focus on privacy properties of (D)TLS, with a particular emphasis on the following: - Encrypt the ClientHello SNI (Server Name Indication) and other application-sensitive extensions, such as ALPN (Applications-Layer Protocol Negotiation). - Identify and mitigate other (long-term) user tracking or fingerprinting vectors enabled by TLS deployments and implementations. - Consider additional privacy-preserving mechanisms, e.g., consistent application traffic padding. - Develop privacy-friendly profiles describing recommended usage of (D)TLS for generic use. Protocol-specific profiles are out of scope. The third goal is to maintain current and previous version of the (D)TLS protocols as well as to specify general best practices for use of (D)TLS, extensions to (D)TLS, and cipher suites. This includes recommendations as to when a particular version should be deprecated. Changes or additions to older versions of (D)TLS whether via extensions or ciphersuites are discouraged and require significant justification to be taken on as work items. With these objectives in mind, the TLS WG will also place a priority in minimizing gratuitous changes to (D)TLS.
- [TLS] kicking off charter revision discussion Sean Turner
- Re: [TLS] kicking off charter revision discussion William Whyte
- Re: [TLS] kicking off charter revision discussion Brian Sniffen
- Re: [TLS] kicking off charter revision discussion Nico Williams
- Re: [TLS] kicking off charter revision discussion Sean Turner
- Re: [TLS] kicking off charter revision discussion Nico Williams