Re: [TLS] kicking off charter revision discussion
Brian Sniffen <bsniffen@akamai.com> Tue, 30 October 2018 14:59 UTC
Return-Path: <bsniffen@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39D8C130E00 for <tls@ietfa.amsl.com>; Tue, 30 Oct 2018 07:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.999, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PZ5fqWyOF9z7 for <tls@ietfa.amsl.com>; Tue, 30 Oct 2018 07:59:55 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E030A130DC2 for <tls@ietf.org>; Tue, 30 Oct 2018 07:59:54 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.23/8.16.0.23) with SMTP id w9UEr2J8016196; Tue, 30 Oct 2018 14:59:54 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type; s=jan2016.eng; bh=BpBqLWh6DZJ1j4MliAO3e8516DyCIWZ9xaRwNYa0jJo=; b=fzTJhzZi4PqDWVPzrKY002sW0eMvBpsPFvVA3UtxzjJbIfJTTyCh84jQHs2oNcq7Onfo WBieLWZB9Mj0Q183CBsGInRR8GuqrkpbfcSFiRwHtf86+4thXHdGJy2zPstZLn69LyAW 7b+Wm5Wr8fo4SwDD+4jw8D1qnceqAQinyaoWgxjuaEnwI+WZDPnjTvwBgOplQMagpO5a +P8/G+ZzfvJIrliFzBGVf3pqhlAFmNUugL+SDiEldA1SMnR0IlbquHcL32C++PMUBiZQ rnUo8mgWd5agyD/fdCHc98cVKOwF7Mkcww9Mq4Bu9fuwbp2f3iAWq3YnwCJFEXZJjdsR /g==
Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2nepq98cnv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 30 Oct 2018 14:59:53 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w9UEnwaw029355; Tue, 30 Oct 2018 10:59:51 -0400
Received: from prod-mail-relay14.akamai.com ([172.27.17.39]) by prod-mail-ppoint3.akamai.com with ESMTP id 2nckccc5bx-1; Tue, 30 Oct 2018 10:59:51 -0400
Received: from Tereva.local (unknown [172.19.32.76]) by prod-mail-relay14.akamai.com (Postfix) with ESMTP id 7F08381394; Tue, 30 Oct 2018 14:59:51 +0000 (GMT)
From: Brian Sniffen <bsniffen@akamai.com>
To: Sean Turner <sean@sn3rd.com>, tls@ietf.org
In-Reply-To: <E94102EF-0F2E-44B1-9B61-94E4702F9FE1@sn3rd.com>
References: <E94102EF-0F2E-44B1-9B61-94E4702F9FE1@sn3rd.com>
Date: Tue, 30 Oct 2018 10:59:51 -0400
Message-ID: <m2sh0no4yg.fsf@abstraction.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-30_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810300129
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-30_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810300129
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7_vHZYTYVY-VzTCBLtXYWlMSLUY>
Subject: Re: [TLS] kicking off charter revision discussion
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 15:00:00 -0000
> The second working group goal is to improve protocol extensibility, usability, and deployability, e.g., GREASE, Delegated Credentials, Certificate Compression, and Exported Authenticators. These working group items will include a focus on privacy properties of (D)TLS, with a particular emphasis on the following: > > - Encrypt the ClientHello SNI (Server Name Indication) and other > application-sensitive extensions, such as > ALPN (Applications-Layer Protocol Negotiation). > - Identify and mitigate other (long-term) user tracking or fingerprinting > vectors enabled by TLS deployments and implementations. > - Consider additional privacy-preserving mechanisms, e.g., consistent > application traffic padding. > - Develop privacy-friendly profiles describing recommended usage of > (D)TLS for generic use. Protocol-specific profiles are out of scope. [...snip...] > With these objectives in mind, the TLS WG will also place a priority in minimizing gratuitous changes to (D)TLS. I think that last sentence is meant to prevent bright ideas from complicating---or harming---the security of TLS as defined or as implemented. But I'd like to see it as part of the second working group goal too. For example: "The second working group goal is sustain TLS' properties of confidential and authenticated communication, while also improving protocol extensibility, usability, and deployability..." The first obligation of an extension, whether it's heartbeat or key escrow, is to show that it isn't going to hurt core TLS to have it out there in the ecosystem. -Brian -- Brian Sniffen Akamai Technologies
- [TLS] kicking off charter revision discussion Sean Turner
- Re: [TLS] kicking off charter revision discussion William Whyte
- Re: [TLS] kicking off charter revision discussion Brian Sniffen
- Re: [TLS] kicking off charter revision discussion Nico Williams
- Re: [TLS] kicking off charter revision discussion Sean Turner
- Re: [TLS] kicking off charter revision discussion Nico Williams