Re: [TLS] TLS1.3 status/expectations
Eric Rescorla <ekr@rtfm.com> Wed, 02 March 2016 02:56 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 192611B45B6 for <tls@ietfa.amsl.com>; Tue, 1 Mar 2016 18:56:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHs0qBLMBR3x for <tls@ietfa.amsl.com>; Tue, 1 Mar 2016 18:56:09 -0800 (PST)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6286A1B45B5 for <tls@ietf.org>; Tue, 1 Mar 2016 18:56:08 -0800 (PST)
Received: by mail-yw0-x233.google.com with SMTP id g127so166587803ywf.2 for <tls@ietf.org>; Tue, 01 Mar 2016 18:56:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+72/1xQYof/T6AL8KTob0DYpVsPr2fzBmFaDFk6XMGA=; b=XZVV2BtziewKhtJ6ZSQfW7j2B7jSI9IaoC4ncyQ3MzOIeVrcEiusKoyDXek1spCNCQ djkCdMdfpsro+AM3Y+1CsmH44CrXsIcifHTFM6EZIecijk3qXIVnoSPj95PPzEkDdON2 z4bN1//WCxis/yDoH489HuO0s+8o1uw9MxIHuvSkZGkk6z9hdMBcQkSj+KS/1gI2hRkb wZGVv18GeM8ClJb25tIFg5ECc24Wwy89dqzxsZErwu07lumJEb2Z1RvYWBh2fEnCvibw WS+Xw2aco85qBj6drgvMvQdPRwdogdGRffQbNGO0O4kR16qRVM8Std9kEOmFASeBdzIM TOFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+72/1xQYof/T6AL8KTob0DYpVsPr2fzBmFaDFk6XMGA=; b=MvmAzkOWkiIpVbV8DGRBcgmtxlhCMg6tzyZuYFkaK/xoZdoBEdAjtVwsoHnkpDHeuD SeQeZrqTwjgCoWw4JOio6nQBj7NHX0Fls9xuCNoFbBW/dkJh/Q5gaa95baxEnJ2GpDoO xqtSOBueo0OD6yh8Xd87Pm8S7zmOMSfS2enjobt2zw4Mvomd3vv1zqY+Geaeo/6iJPIV cDmvZk1ndpb/lEatghvMkg2rYfU4fpkNoP5IKXwe9A+cjVWrvY6Jusl7RS4q85anv521 bUBPvnKefSVrFX2KaIdWXTAQd5N1YekyClXDPzL4TWJs24LsWFo5PBL9vrAbw+mCy+Tr 8qkw==
X-Gm-Message-State: AD7BkJIAIyapxLD/wh6QR2FYyH7Hk50YOFs/VHOSnwZXNL1TBQyS0km7EO1UpLXX93C1aXFKkNvG3mfefqPfPA==
X-Received: by 10.129.38.135 with SMTP id m129mr13631003ywm.155.1456887367484; Tue, 01 Mar 2016 18:56:07 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Tue, 1 Mar 2016 18:55:27 -0800 (PST)
In-Reply-To: <CACsn0cnr=C73gYRPp8bNB-C6TcRACKbdV5HWwtky6KLoUUR8-Q@mail.gmail.com>
References: <84AEB140-D703-4AC0-91D7-02A01FD71A5A@sn3rd.com> <CACsn0cnr=C73gYRPp8bNB-C6TcRACKbdV5HWwtky6KLoUUR8-Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 01 Mar 2016 18:55:27 -0800
Message-ID: <CABcZeBOdoYOP+o2v+oCa=5rg-GV4Ua5XOECApYNPBdF1C3OA6A@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1141618c04891e052d0806d6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ISVZTMqOhne7VoWoIBe1ojX3TzM>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS1.3 status/expectations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 02:56:11 -0000
On Tue, Mar 1, 2016 at 6:42 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > On Mon, Feb 29, 2016 at 6:45 AM, Sean Turner <sean@sn3rd.com> wrote: > > At the TRON workshop [0], we (Joe and Sean) were asked to provide our > views about the status and timeline for TLS 1.3; we wanted to share the > same information with the WG. > > > > Before that though, we want to thank the researchers for the time they > put into analyzing the protocol as well as the TRON Workshop sponsors. The > workshop was constructive and helpful. There are a number of groups > formally analyzing the protocol, some by hand and some with automated > tools, they’ve already discovered issues that we’ve fixed [1]. > > > > The workshop made the following clear to us wrt TLS 1.3: > > > > o - Basically OK overall, but there was some sentiment that we should > only do 0-RTT with PSK (see recent list discussion). > > > > o - Some researchers prefer the key schedule that is currently > documented in the draft because it eases modular analysis of the protocol. > Others prefer the simplified proposals in [2,3]. > > > > We are hoping to be able to do a WGLC sometime shortly after Buenos > Aires (i.e., mid-April). Of course, this timeline is entirely dependent on > the WG reaching consensus on the remaining issues. > > > > At this point we are looking at reducing change to the protocol. We are > not looking to add any more features, removal of features and slight > changes that improve the protocol are still on the table. Obviously, if we > find any glaring issues we will fix them regardless. > > > > One thing that was reinforced at TRON and we think the TLS WG should be > aware of is that the research community needs time to do their analysis. > With that in mind, the chairs are very strongly leaning towards an extended > WGLC of 6 weeks. > > Is the Core TLS proposal something that the Chairs and WG think should > be adopted? Essentially this is a stripped down TLS 1.3 without > dangerous bits that we encourage highly reliable implementations to > stick to. I think a "safer" profile of TLS, as in "implement the following features (section XXX, YYY) and not the following (section ZZZ)" then that seems like something that might potentially be a useful exercise. Depending on length, this might eventually make sense to pull into TLS 1.3 as an appendix or just leave as a self-contained document. Just to preempt this, I think a separate self-contained draft would be bad. -Ekr > I know I still need to make a concrete proposal: probably > this weekend will see it done. The idea is that we've already done the > analysis of the Core TLS, and implementations can be significantly > simplified if they only support this core, thus removing the > possibility of very nasty bugs. > > Sincerely, > Watson > > > > > J&S > > > > [0] > https://www.internetsociety.org/events/ndss-symposium-2016/tls-13-ready-or-not-tron-workshop-programme > > [1] > https://mailarchive.ietf.org/arch/msg/tls/TugB5ddJu3nYg7chcyeIyUqWSbA > > [2] > https://mailarchive.ietf.org/arch/msg/tls/uUbeVDQwJuZO_bYhOWJRvlNlNtg > > [3] > https://mailarchive.ietf.org/arch/msg/tls/rgiTKwRb23T7iKjlkAQAt112ipY > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > -- > "Man is born free, but everywhere he is in chains". > --Rousseau. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] TLS1.3 status/expectations Sean Turner
- Re: [TLS] TLS1.3 status/expectations Bill Frantz
- Re: [TLS] TLS1.3 status/expectations Watson Ladd
- Re: [TLS] TLS1.3 status/expectations Eric Rescorla
- Re: [TLS] TLS1.3 status/expectations Martin Thomson
- Re: [TLS] TLS1.3 status/expectations Watson Ladd
- Re: [TLS] TLS1.3 status/expectations Eric Rescorla
- Re: [TLS] TLS1.3 status/expectations Martin Thomson