[TLS] TLS Charter Revision

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Mon, 02 December 2013 19:23 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id CB4151ADE8A for <tls@ietfa.amsl.com>; Mon, 2 Dec 2013 11:23:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.502
X-Spam-Status: No, score=-9.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 1HTqwFhLAazr for <tls@ietfa.amsl.com>; Mon, 2 Dec 2013 11:23:54 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com []) by ietfa.amsl.com (Postfix) with ESMTP id 28CAE1ADBCD for <tls@ietf.org>; Mon, 2 Dec 2013 11:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2284; q=dns/txt; s=iport; t=1386012232; x=1387221832; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=m8WNnmm1V8tQHLaTAoIFV/RtL3b1o1n6ck3HFPLaz+g=; b=ADKB1qJdeeE8oK4/SWcfLIeY5o3bu0Tx7jVv3YzmNSfAqMFdD4FREaA7 gJb14BHxJMyz7e6wZh0lQIZM0BASiXkMdUNOqMEHT679M28ScaqQy1M7e DlU58R9L0t3UP5VTjPbtS0/mWaSdrOdjooLOUFlBCE8KrPzrwW07JkoYb U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAI7dnFKtJV2Y/2dsb2JhbABZgwc4U7oMFnSCLDpRATgGQicEiBShI55fF48ngwiBEwOUMYNjkhODKYFqJBw
X-IronPort-AV: E=Sophos;i="4.93,812,1378857600"; d="scan'208";a="3727410"
Received: from rcdn-core-1.cisco.com ([]) by alln-iport-3.cisco.com with ESMTP; 02 Dec 2013 19:23:51 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com []) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id rB2JNpaJ005310 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <tls@ietf.org>; Mon, 2 Dec 2013 19:23:51 GMT
Received: from xmb-rcd-x09.cisco.com ([]) by xhc-aln-x07.cisco.com ([]) with mapi id 14.03.0123.003; Mon, 2 Dec 2013 13:23:51 -0600
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: TLS Charter Revision
Thread-Index: AQHO75QH12xj16hlv0SmAgrMfgWOIQ==
Date: Mon, 2 Dec 2013 19:23:50 +0000
Message-ID: <2F2286E3-7717-4E8F-B1EA-B2E4155F7C17@cisco.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4C605628926CD941AAB679BAA481DF39@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [TLS] TLS Charter Revision
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 19:23:55 -0000

Hi Folks,

Sean, Eric and I have been put together a revised TLS working group charter to cover the TLS 1.3 work.   Please review the following charter and send any comments to the TLS list by December 16, 2013.


[For the Chairs]

The TLS (Transport Layer Security) working group was
established in 1996 to standardize a 'transport layer'
security protocol.  The basis for the work was SSL
(Secure Socket Layer) v3.0.  The TLS working group has
completed a series of specifications that describe the
TLS protocol v1.0, v1.1, and v1.2 and DTLS
(Datagram TLS) v1.2 as well as extensions to the
protocols and ciphersuites.

The primary purpose of the working group is to develop
(D)TLS v1.3.  Some of the main design goals are as follows,
in no particular order:

o Develop a mode that encrypts as much of the handshake as
is possible to reduce the amount of observable data to
both passive and active attackers.

o Develop modes to reduce handshake latency, which primarily
support HTTP-based applications, aiming for one roundtrip
for a full handshake and one zero roundtrip for repeated

o Reevaluate record payload protection cryptographic
 mechanisms and algorithms to address known weaknesses
 in RC4 and the CBC block cipher modes.

o Reevaluate handshake contents, e.g.,: Is time needed in
client hello?  Should signature in server key exchange
cover entire handshake?  Are bigger randoms required?
Should there be distinct cipher list for each version?

A secondary purpose is to maintain previous version of
the (D)TLS protocols as well as to specifying the Use of
(D)TLS, recommendations for use of (D)TLS, extensions to
(D)TLS, and cipher suites.  However, changes or additions
to older versions of (D)TLS whether via extensions or
ciphersuites are discouraged and require significant
justification to be taken on as work items.

With these objectives in mind, the TLS WG will also place a priority
in minimizing gratuitous changes to TLS.


201311 - Out-of-Band Public Key Validation for TLS to IESG
201401 - Secure Password Ciphersuites for TLS to IESG
201404 - TLS ALPN (Application Layer Protocol Negotiation)
       Extension to IESG
201411 - (D)TLS 1.3 to IESG