IETF Logo Mail Archive

[TLS] Draft minutes from IETF 92

"Salz, Rich" <rsalz@akamai.com> Thu, 26 March 2015 16:33 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB21D1A87E2 for <tls@ietfa.amsl.com>; Thu, 26 Mar 2015 09:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOR5kHYW04zR for <tls@ietfa.amsl.com>; Thu, 26 Mar 2015 09:33:26 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 1F19C1A8949 for <tls@ietf.org>; Thu, 26 Mar 2015 09:33:17 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 6B8AC47798 for <tls@ietf.org>; Thu, 26 Mar 2015 16:33:16 +0000 (GMT)
Received: from prod-mail-relay07.akamai.com (prod-mail-relay07.akamai.com [172.17.121.112]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 5FEDF47795 for <tls@ietf.org>; Thu, 26 Mar 2015 16:33:16 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay07.akamai.com (Postfix) with ESMTP id 5BF478003C for <tls@ietf.org>; Thu, 26 Mar 2015 16:33:16 +0000 (GMT)
Received: from USMA1EX-DAG1MB2.msg.corp.akamai.com (172.27.123.102) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.913.22; Thu, 26 Mar 2015 12:31:24 -0400
Received: from USMA1EX-DAG1MB2.msg.corp.akamai.com ([172.27.123.102]) by usma1ex-dag1mb2.msg.corp.akamai.com ([172.27.123.102]) with mapi id 15.00.0913.011; Thu, 26 Mar 2015 12:31:23 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Thread-Topic: Draft minutes from IETF 92
Thread-Index: AdBnzMwJmCFbGvO3RB6aOB5sq2b72w==
Date: Thu, 26 Mar 2015 16:31:22 +0000
Message-ID: <4c1c3b9cad294bd49d6a5ba5f007eeff@usma1ex-dag1mb2.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.114.188]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/KX6QuLsE34lKbnkntITznE23axg>
Subject: [TLS] Draft minutes from IETF 92
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 16:33:29 -0000

Draft minutes; please post corrections.

Swap two agenda items (0RTT and OPTLS)

Draft status update; see pages 5 and 6 of http://tools.ietf.org/agenda/92/slides/slides-92-tls-1.pdf   WG chairs intend to ask if WG wants to adopt
draft-mavrogiannopoulos-chacha-tls, draft-josefsson-tls-curve25519 and draft-bmoeller-tls-falsestart as documents (starting points, 

Backward compatibility:  reviewed github pull request 107; no controversy, going to adopt it.
 
Changes since -03 draft http://www.ietf.org/proceedings/92/slides/slides-92-tls-3.pdf  Point format negotiation removed; add context to signatures (to prevent re-use); remove renegotiation; remove ChangeCipherSpec; extendedMasterSecret draft is included; remove ability to negotiate sslv3

0RTT; client has "static" ephemeral key, encrypts first part using that, server reply has its ephemeral, and now rest of data is PFS.  This is well-understood key exchange.  Issues arise with anti-reply, based on each side providing random value mixed into keying material. With 0RTT client anti-reply guaranteed, but not server.   Protect this with server cache.  But that doesn't work; see p8-10, and mail list thread.  Propose concept of a special API to set or read the 0RTT payload.  Strong consensus to do this, to be confirmed on the list. There are concerns about how/when other protocols could use this. Sean to take up initial conversations. Ekr, dkg, agl to post something to the list based on "option 3" on p11.

DH-based handshake.  First brought up in Paris Interim, discussed in HI, Seattle Interim, etc.   Moving to static DH based (two DH key exchanges) unifies 0RTT, 1RTT, PSK ciphers. There are some extra costs; server that doesn't do 0RTT it can make both keys the same and avoid the extra modexp Hugo presented slides on the rationale for this approach; see http://www.ietf.org/proceedings/92/slides/slides-92-tls-4.pdf .   Basically since TLS 1.3 has PFS 0RTT and EC-centric, there can be a unified approach (two dh keys). Also benefit of simpler protocol to analyze and (perhaps only brand new) implementations.  Discussion of possible loss of resumption.   Should we move to OPtls (pull request 90).  Consensus hum was to do this.

Move to HKDF. (Is there anything wrong with TLS PRF?  Hugo: Yes, initially keyed with a secret that is not necessarily strongly random; okay with RSA). HKDF has better properties. Strong consensus to do this.

AEAED IV. Strong consensus to do nothing; some support for per-sesion XOR mask.  To go to the list .


--  
Senior Architect, Akamai Technologies
IM: richsalz@jabber.at Twitter: RichSalz

v2.23.0 | Report a Bug | By Email