Re: [TLS] Draft Agenda for TLS Interim meeting
Watson Ladd <watsonbladd@gmail.com> Mon, 05 May 2014 01:08 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E53E01A01EF for <tls@ietfa.amsl.com>; Sun, 4 May 2014 18:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKG9-9NWuq7T for <tls@ietfa.amsl.com>; Sun, 4 May 2014 18:08:07 -0700 (PDT)
Received: from mail-yk0-x234.google.com (mail-yk0-x234.google.com [IPv6:2607:f8b0:4002:c07::234]) by ietfa.amsl.com (Postfix) with ESMTP id B1B871A017A for <tls@ietf.org>; Sun, 4 May 2014 18:08:07 -0700 (PDT)
Received: by mail-yk0-f180.google.com with SMTP id q9so5679425ykb.39 for <tls@ietf.org>; Sun, 04 May 2014 18:08:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KzNH8d7nJrSpEf2cSiFvqNhUgUQzvvcOIKBQQVZ9IPc=; b=gJmCgVEhDm/xRa2bUuUVHcVmbh7urZCmrEiloKGu94qoaQyccMkgaBgHNwt00aA7oW 46CjqpeRpVDiJEM2rOnQnjSDc6+65PqwmpF0f91Q+0wgvBVSFbM6HofiQzGtxHMo2dW3 B/VSDwS7ZoswqpgfvBBi93V2+rpJKWZYWLWQx0PMWHawfOBazT5B5TJ2Xk43IBSWoDaa MEwDoeWuzfQZwQphnsGCtd7VA/H01TrLqDcA4UA9AwswkZjJhWZaleIJSw4IXJXnGgvZ ygjsX0XXiew0cJGP+yhFpdc6KQi7mDww1ypNZHWgarhbytHfNlCNScH8NOq+Mo/ke01w g/AQ==
MIME-Version: 1.0
X-Received: by 10.236.46.225 with SMTP id r61mr6292975yhb.107.1399252084427; Sun, 04 May 2014 18:08:04 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Sun, 4 May 2014 18:08:04 -0700 (PDT)
In-Reply-To: <22308616-C7DB-4C1B-8DD9-EA65202FDA65@cisco.com>
References: <22308616-C7DB-4C1B-8DD9-EA65202FDA65@cisco.com>
Date: Sun, 04 May 2014 18:08:04 -0700
Message-ID: <CACsn0c=ZK9gUJRL6-w_zAfLqsZk8xbiVmrbj22VEbPTg70owsw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Kz2UADwdZio2BqU687YkcYRD-yA
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Draft Agenda for TLS Interim meeting
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 01:08:12 -0000
On Thu, May 1, 2014 at 11:29 AM, Joseph Salowey (jsalowey) <jsalowey@cisco.com> wrote: > Draft agenda is posted at http://www.ietf.org/proceedings/interim/2014/05/15/tls/agenda/agenda-interim-2014-tls-1 and copied below: > > TLS Working Group Interim Meeting > Dates/Times: > 15 May 2014 (9:00 am - 5:00 pm MDT) > 16 May 2014 (9:00 am - 2:00 pm MDT) > Location: > 1899 Wynkoop Street, Suite 600, Denver, CO, USA > > > Day 1 > ----------------- > 9:00. Get Settled, Administrivia, Agenda (30 min) > 9:30 - 10:30 Fixing Session Resumption (Triple Handshake) (60 Min) > 10:30 - 12:30 Encrypt SNI or not (120 min) > 12:30 - 1:30 Lunch > 1:30 - 2:00 Wrap up SNI discussion > 2:00 - 3:00 Client Puzzles > 3:00 - 5:00 Discuss Handshake Flows > > Day 2 > -------------- > 9:00 Arrival > 9:30 - 12:30 Discuss Handshake Flows > 12:30 - 1:00 Wrap up Handshake discussion > 1:00 - 2:00 Summary and next steps So I unfortunately won't be at the meeting. I do wonder about the scope: are Session Resumption fixes and Client Puzzles for TLS 1.2 and prior, or only TLS 1.3? If we are discussing them in the context of TLS 1.3 then session resumption fixes aren't really a good idea, depending on how much you want to break. If you want to break backwards compatibility, then you take a known-good key exchange and use that. If TLS 1.3 is really TLS 1.2.1: that is TLS 1.2 with some new extensions added and some options removed, then patching makes some sense. However, I don't understand how patching a protocol when you can do a real fix is a good idea, and so why discuss a particular attack, when you can rule them all out by making a few simple changes? (There are good arguments on both sides. Encrypting SNI is likely to be a break of compatibility, as is Finished changes for analysis improvements, and cleaning the protocol in general. But breaking compatibility will slow adoption, and at this point we need significant adoption of fixes to TLS and workarounds to security issues. We've also got the general "well, what you really do isn't in the spec" problem, which makes it difficult to see what's going on) Sincerely, Watson Ladd
- [TLS] Draft Agenda for TLS Interim meeting Joseph Salowey (jsalowey)
- Re: [TLS] Draft Agenda for TLS Interim meeting Watson Ladd
- Re: [TLS] Draft Agenda for TLS Interim meeting Eric Rescorla