[TLS] Fw: Draft minutes for TLS at IETF 108
tom petch <ietfc@btconnect.com> Thu, 13 August 2020 11:43 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C78EE3A0BBA for <tls@ietfa.amsl.com>; Thu, 13 Aug 2020 04:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsJ9ykgHBEM4 for <tls@ietfa.amsl.com>; Thu, 13 Aug 2020 04:43:58 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60118.outbound.protection.outlook.com [40.107.6.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04D213A0365 for <tls@ietf.org>; Thu, 13 Aug 2020 04:43:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QUBwKOZyo7gZb+jsjiqoiInMRzyGOlKjFWO7lNEnkLLD0qtsaFLtKmze0+ZtGMTv201PdcQiLPHNPQHb1ng2LIXD64oP3jeo1RuwJ+Jeggn/JOFPwBn1s1GQgqk9uIbYTLtMcZbrGiEfwVpAttC6ZaDsSTOJpMmi1Q+lY6nsa5972VQIF1zz7dR7kjYR/vgBV2hHArjnUdPA1aNou0kecosauTy/uoZgLfxjR9O8ax5qojkEvkUVFff4DcVxPIf8VvVRPEvBTW0LgnCfw4dkPOMESiJtqvtTFAkscC82hs5ava61KszelfYpB1ZpLeeipiag3FXl5cTtr25r6lwHXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GtiMrzr4TToN9gIyh6NInm6QNE97m9bLkbqZHubeqhg=; b=cylO5vrBWF2Y77qI+rvM5/KNLvcQ/9X5DcpBTptgDqmMeSlaHtsDK6S3nyYpb6JjjbIi7H6aU3IAi+p3dlimLzFkL6s9pPIzLkzbBAapjCuiICmCdawziK/T9/Q8c6Coqz5/d4TEJT7YOmqOUT7C1q0/mF8aedh8XyJeuwHhkMDMcebJsjJ/6D2M7EyWMhJHcLYR/7ADlML1Uf3zZ/IM/bI0UbwvVrSmkv9gPPbAiQghfo5mhdCcRQqk9WS+7mN8UDEckt2ni17OUFcEeHBLTKod1BbJjBJUYeGhdSv6axZ5Kwppg0u0dKXd9u6QDrSoCO033hdOFEfuAmucsfbFIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GtiMrzr4TToN9gIyh6NInm6QNE97m9bLkbqZHubeqhg=; b=vm6+IVLQ+7btynUmSdibbIvqtB/jqk3HDFXiVvWJBNTgQHIsIws1CqGR7aLTCQG5Vydp3yL0gTlkkCtU8Dyj8nNU2jnrJ0hI56UZDyeT+pkmzMu2YB7Qlzmg4ArTijN2PPZH9+JVeuR13q0969FGDc+UT5LKJNhYpPPsAIv/XHU=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM6PR07MB4965.eurprd07.prod.outlook.com (2603:10a6:20b:3e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.10; Thu, 13 Aug 2020 11:43:55 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b570:437a:db46:400a]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::b570:437a:db46:400a%9]) with mapi id 15.20.3283.014; Thu, 13 Aug 2020 11:43:55 +0000
From: tom petch <ietfc@btconnect.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Draft minutes for TLS at IETF 108
Thread-Index: AQHWZPy7jdLuVcrmF0WE7yzSkQ7obqkoTNkAgAEPGSWACd11gIACw9JSgAAGMy4=
Date: Thu, 13 Aug 2020 11:43:54 +0000
Message-ID: <AM7PR07MB62482DCF41131F31925923A6A0430@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <7f7f3878-446c-4f95-9cdd-cde6bb955134@www.fastmail.com> <c8e841ec-1bbf-412b-bb3c-ee8ecc4f1adb@www.fastmail.com> <AM7PR07MB624877C5210063BC88E692EBA04B0@AM7PR07MB6248.eurprd07.prod.outlook.com>, <20200811170601.GH20623@akamai.com>, <AM7PR07MB62483161975C90725F73705AA0430@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB62483161975C90725F73705AA0430@AM7PR07MB6248.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [81.131.229.35]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c3041fa-3701-4293-725a-08d83f7e2882
x-ms-traffictypediagnostic: AM6PR07MB4965:
x-microsoft-antispam-prvs: <AM6PR07MB4965DC7E88FC0DA60D1C92ECA0430@AM6PR07MB4965.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Nwn4xsQL8TFB8RBwI+Qft5uyOhsKgyFw55eK5/Yq+Ykd0RwjXzFqP3h6QLcHnvaU7af3UzVnTJLZCMsJ6PqdFnEDOeUzb337b1h/xedTbc/0sKPodnFwnbjXKsQmFnk5DjyLq9LwbUr6srTqBt7P94OoFe6IErJg3Pokh2OhQkrz53w0Hg8DUxLCOKZXxO41LKlp9tulTgyfClHl9a99dMCeZgO2ZNpEOx6NR9FauoR821lY1fkebtBqkuQ1CZcEvEAjfZf2qTdnJt+i4Ht/Hf4Q0lil7j3bEFoaNKDyBxLeXCgsJGa5ETXDeYh0o3wBOdK3mlhAFtGtUiP3VJzma+tfaR1avSMoVVFvRTBODvAZz4vOGTaAEtztOFh6sU8cxHV2UhVdhZgSIYlxFDW8rg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(136003)(39860400002)(346002)(396003)(376002)(8676002)(6506007)(5660300002)(478600001)(86362001)(26005)(8936002)(2906002)(6916009)(53546011)(186003)(316002)(76116006)(83380400001)(66574015)(71200400001)(66446008)(91956017)(64756008)(66476007)(66556008)(2940100002)(966005)(52536014)(7696005)(66946007)(55016002)(4326008)(33656002)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: TwwtIDyMX+Dz9QelZtIhbK0y2ljy+rKTPQ7y8rwJ266DDDkZTNYCY4ZEmdo95HFUkMDo2VlOvpYPglhr+6gcapavM4lp/orybv78DQ5dMwughLn2ITRxZ4uuvp3POUo/vZ0mYu17CKnu286qGGM/tLFpLJx834/Oz+LYMOOPhZ8GgLwBjGTzbaL5TkHxK9jSWXDVWfObnGguUw6jvsyVcq+1ZphThkXagoFqLgPmMkKBAnPtQ5A27s9ddM0L4tfJqF9jQQ9dZKwdGMnFmX02O2EHsz4+Tt56LvhnpnWN6zOw7NGo2VCB815aOx9JZuavnBoFyskM9K/IPcr5RjXq1LL0qeNO7Mr3pOdh0TbXqwjKJskAguBwmGLERrC748gJUCnzPaFB0+9G5IEFou74+/eVwFLRzvdf082xhJjpIC3vdMQOdd6jpSNFef2bK+/74aZK5KtnOsi1vtPxmtPvihgpJEOyIyH8kE67fuwEnT9ttlEi66/oS0Dk3ZSpoZGwk4qEclEmk3syrNorITmk3sMhGnsdHGDeJsjG55Y6TDS6EZbdGHfC5QqLleibQo9/gTF43mL4Jum4UlUYHQekwCDXZksVhsT4NNI7l6ua3i7+T0z39kalhGhMP2AXjb8g2XHLaCAf4vHTeEi/2SS9LA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c3041fa-3701-4293-725a-08d83f7e2882
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2020 11:43:54.9986 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9g4K6ZgoGOvRKyFG7BHJO6fDeSbXM09X0qLV9kTZHysmhx2ORpvW3elwmQa8doY0VA9n2GL0TdNU88rDryPFLA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4965
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v-hSbsWMGNLyHKsld0MZb3-iOZ0>
Subject: [TLS] Fw: Draft minutes for TLS at IETF 108
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 11:44:00 -0000
Kathleen I have some thoughts below on RFC5953 and RFC6353 which I cannot find in deprecate but thought that I would. Tom Petch ________________________________________ From: TLS <tls-bounces@ietf.org> on behalf of tom petch <ietfc@btconnect.com> Sent: 13 August 2020 12:33 To: Benjamin Kaduk Cc: TLS Chairs; TLS@ietf.org Subject: Re: [TLS] Draft minutes for TLS at IETF 108 From: Benjamin Kaduk <bkaduk@akamai.com> Sent: 11 August 2020 18:06 On Wed, Aug 05, 2020 at 10:30:39AM +0000, tom petch wrote: > From: TLS <tls-bounces@ietf.org> on behalf of Christopher Wood <caw@heapingbits.net> > Sent: 04 August 2020 19:16 > > The official minutes are now up: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_minutes-2D108-2Dtls_&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=bJwecPEDnXCm7Huw2ovjHwHyzCjhyu2kGMG-qijduH0&s=ksaUzUpfyd4LFplcfnjfXdGBN-jTrMiqS2Z1vk_Iftw&e= > > <tp> > What is Benjamin talking about at the end? > > It looks as if you are proposing action on all or some RFC that have TLS 1.0 or 1.1 as MTI, related to oldversions-deprecate but that is a guess from reading between the lines and that topic is a live one for me so I would appreciate clarity. oldversions-deprecate is already taking action on all RFCs that have TLS 1.0 or 1.1 as MTI (there are some 80-odd documents in the Updates: header). The particular itesm I was mentioning in the meeting relate to various subsets of those documents that may need some additional handling on top of the basic "don't use TLS 1.0/1.1; use 1.2 and 1.3 instead" that is currently the content of the updates. Details are at https://mailarchive.ietf.org/arch/msg/tls/K9_uA6m0dD_oQCw-5kAbha-Kq5M/ So: - RFC 5469 defines DES and IDEA ciphers that are not in TLS 1.2; the document as a whole should be historic - The downgrade-detection SCSV of RFC 7507 is probably in a similar boat - We should be more clear about "if the document being updated says you MUST use TLS 1.0/1.1, that part is removed" <tp> Benjamin This is the bit I could not guess; the rest of the minutes I could guess but your explanation is much easier to understand. I have been tracking 'diediedie', including the AD review, since it first appeared and more a comment on that for Kathleen and Stephen is that RFC5953 does not get a mention although since it is Obsoleted and the Normative Reference is to RFC4347 then that is a category that does not seem to fit in any of the paragraphs of the I-D; Obsolete and TLS1.0 yes, Obsolete and DTLS1.0 no. RFC6353 I did expect to find; Internet Standard, STD0078, Normative Reference to RFC4347; the Security Considerations of that RFC say 'MUST NOT negotiate SSL 2.0' which might not be considered sufficiently strong for 2020 but how do you update a Standard? Tom Petch - No change proposed w.r.t. MTI ciphers (even though the old MTI ciphers are no longer considered very good) Were there additional specific items you were unsure about? -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Draft minutes for TLS at IETF 108 Christopher Wood
- Re: [TLS] Draft minutes for TLS at IETF 108 Christopher Wood
- Re: [TLS] Draft minutes for TLS at IETF 108 tom petch
- Re: [TLS] Draft minutes for TLS at IETF 108 Benjamin Kaduk
- Re: [TLS] Draft minutes for TLS at IETF 108 tom petch
- [TLS] Fw: Draft minutes for TLS at IETF 108 tom petch