Re: [TLS] Re-chartering TLS

"Christopher Wood" <caw@heapingbits.net> Fri, 31 January 2020 16:36 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37BBF1208CC for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 08:36:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=PSn79p/I; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=fbiPaqEJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RVHmQ2JIhnvF for <tls@ietfa.amsl.com>; Fri, 31 Jan 2020 08:36:33 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45B90120120 for <TLS@ietf.org>; Fri, 31 Jan 2020 08:36:33 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 2174A240E7; Fri, 31 Jan 2020 11:36:32 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute2.internal (MEProxy); Fri, 31 Jan 2020 11:36:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm3; bh=xE WaiOiSlBJOgPduV92QZvPp+F2THHfIoMzeBxg3kWI=; b=PSn79p/IeyjVywGOnT hJK5BVeKLDesMjtWsWdN02QfBOx0AqQO1rHZu/28sqt+Zkoj3lt1pNB4jcDSD/7/ TOdCNlEFi5G5KS5MEd8T9dhYLWNwBFyZycMWkRqusaoPvr7UQRLYIv0fQosZH3p1 GLxyPnBRRKcb9BBlI9Oij31dbsbYEyWIVRCqmx3YYnmBPdcg/DPiy/4DXPdeJShs 8xgjEQoDHCz/GzA/dSgfjOIL8pWwXPnqubHNrdHNtknfAn4N9SAlHduOgvHamGCP RpDhwJ2a1c7uFaIamuirTAMtt/kKwz4pmNfaSPXfBVFDz70YeZ5sM8CiVYhQjHit IAZQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=xEWaiOiSlBJOgPduV92QZvPp+F2THHfIoMzeBxg3k WI=; b=fbiPaqEJuyz0QjNoxEo0tL3D1vd8+Yx8ZCH0pi4CB6tE6xcnQDuWm8xro /VOVRAswQ+tSabeRtaiSXE4K4IgD/pXJIwg0L2EAB1ta9tk2dm1nAJ/55lncnCrH SJJdvqS4jA0Duk1IUJh5Ms5JFcXEZd40kWVwsraeN86SRDgcOsay1Map/L6iA80k rhtJcfoL9ECqKjBMgZsa8JIQ4lvrYGx2UokxnWCU8bzXuH3aydXct2AZR61aZdaw quT9d95Jz3YkOKUTaTbRRMirN0ILObAqKVA93ZU8OhwtGvRZoPSe0nNs7QG84Jju sMyRQb3cYGrgu5pAP7/5CgPtbGe3g==
X-ME-Sender: <xms:j1c0Xu2_CNrrp2JauiNiJ1s2JgUoBvYML6E0xNdBGHWvht3NF2SX1g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrgedtgdekfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth eqnecuffhomhgrihhnpehgihhthhhusgdrtghomhdpihgvthhfrdhorhhgnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpih hnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:j1c0XoBgeSjH33eiDTBHDrcJwp22WBbGfDv3oxKxK9kamjD-gtcLOg> <xmx:j1c0Xv1L1AgHeAJIaxFrYkwghlwlQAMcoVCA10yR2ci8VAjgJg0Ysg> <xmx:j1c0Xnqgs07hBqSD1E1Xk57NTozPoqH_AaVPuYx7QiyQ9b_kt2wnnw> <xmx:kFc0XvGm0HSZWIhs2MXa70RmFZloKM-pr737ifqjFDj_TqjBpBVRGw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7E9A03C00A1; Fri, 31 Jan 2020 11:36:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-781-gfc16016-fmstable-20200127v1
Mime-Version: 1.0
Message-Id: <3b86db63-669e-49df-a120-f652c136d066@www.fastmail.com>
In-Reply-To: <CABcZeBMqF242dWvYj3gFUD6cdOn7oprgnxTNnGd9p7gXjBCJtQ@mail.gmail.com>
References: <0d5254f7-d51f-4519-95ed-29502c61fa2b@www.fastmail.com> <CABcZeBMqF242dWvYj3gFUD6cdOn7oprgnxTNnGd9p7gXjBCJtQ@mail.gmail.com>
Date: Fri, 31 Jan 2020 08:36:11 -0800
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org," <TLS@ietf.org>
Cc: "Benjamin Kaduk" <kaduk@mit.edu>
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4kIYQgPxow0ObteoJ0XMaOjhr7g>
Subject: Re: [TLS] Re-chartering TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 16:36:35 -0000

Thanks to everyone who provided feedback on the draft charter! It’s all been incorporated in the version on GitHub [1]. We’ll work with Ben in moving this to the next step. 

Thanks,
Chris, on behalf of the chairs

[1] https://github.com/tlswg/wg-materials/blob/master/charter/charter.md

On Mon, Jan 20, 2020, at 1:55 PM, Eric Rescorla wrote:
> LGTM
> 
> On Thu, Jan 16, 2020 at 7:32 PM Christopher Wood <caw@heapingbits.net> wrote:
> > Hi folks,
> > 
> >  As discussed in Singapore, it's time to re-charter the working group to reflect ongoing (e.g., Exported Authenticators and Encrypted SNI/CH) and future work (e.g., cTLS). For reference, the current charter is available here: 
> > 
> > https://datatracker.ietf.org/doc/charter-ietf-tls/
> > 
> >  A draft of the new charter is below, and also available on GitHub [1]. Please have a look and and send comments, either here on the mailing list or in the GitHub repo, by 2359 UTC on 30 January 2020. Any and all feedback is welcome! We would like to complete this in advance of IETF 107 so we can move forward with items such as cTLS. 
> > 
> >  ~~~
> >  The TLS (Transport Layer Security) working group was established in 1996 to standardize a 'transport layer' security protocol. The basis for the work was SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed a series of specifications that describe the TLS protocol v1.0 [RFC2246], v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS) v1.0 [RFC4347], v1.2 [RFC6347], and v1.3 [draft-ietf-tls-dtls13], as well as extensions to the protocols and ciphersuites.
> > 
> >  The working group aims to achieve three goals. First, improve the applicability and suitability of the TLS family of protocols for use in emerging protocols and use cases. This includes extensions or changes that help protocols better use TLS as an authenticated key exchange protocol, or extensions that help protocols better leverage TLS security properties, such as Exported Authenticators. Extensions that focus specifically on protocol extensibility are also in scope. This goal also includes protocol changes that reduce the size of TLS without affecting security. Extensions that help reduce TLS handshake size meet this criteria. 
> > 
> >  The second working group goal is to improve security, privacy, and deployability. This includes, for example, Delegated Credentials, Encrypted SNI, and GREASE. Security and privacy goals will place emphasis on the following:
> > 
> >  - Encrypt the ClientHello SNI (Server Name Indication) and other application-sensitive extensions, such as ALPN (Application-Layer Protocol Negotiation).
> >  - Identify and mitigate other (long-term) user tracking or fingerprinting vectors enabled by TLS deployments and implementations.
> > 
> >  The third goal is to maintain current and previous version of the (D)TLS protocol as well as to specify general best practices for use of (D)TLS, extensions to (D)TLS, and cipher suites. This includes recommendations as to when a particular version should be deprecated. Changes or additions to older versions of (D)TLS whether via extensions or ciphersuites are discouraged and require significant justification to be taken on as work items.
> > 
> >  With these goals in mind, the working group will also place a priority in minimizing gratuitous changes to (D)TLS.
> >  ~~~
> > 
> >  Best,
> >  Chris, on behalf of the chairs
> > 
> >  [1] https://github.com/tlswg/wg-materials/blob/master/charter/charter.md
> > 
> >  _______________________________________________
> >  TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls