[TLS] IETF 72 - TLS Working Group Draft Minutes
"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Thu, 31 July 2008 15:58 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A3333A6949; Thu, 31 Jul 2008 08:58:32 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 989CF3A6C81 for <tls@core3.amsl.com>; Thu, 31 Jul 2008 08:58:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7k0ODWl-uKi0 for <tls@core3.amsl.com>; Thu, 31 Jul 2008 08:58:24 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 4872B3A67EC for <tls@ietf.org>; Thu, 31 Jul 2008 08:58:20 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.31,287,1215388800"; d="scan'208";a="91609086"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 31 Jul 2008 15:57:25 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m6VFvLST022215 for <tls@ietf.org>; Thu, 31 Jul 2008 08:57:21 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m6VFvL7s006104 for <tls@ietf.org>; Thu, 31 Jul 2008 15:57:22 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 31 Jul 2008 08:57:21 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 31 Jul 2008 08:57:55 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE5063FF076@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: IETF 72 - TLS Working Group Draft Minutes
thread-index: AcjzJjI+WfrPbyCWTginigMCO7f7ug==
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: tls@ietf.org
X-OriginalArrivalTime: 31 Jul 2008 15:57:21.0808 (UTC) FILETIME=[1E061100:01C8F326]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3859; t=1217519844; x=1218383844; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@ci sco.com> |Subject:=20IETF=2072=20-=20TLS=20Working=20Group=20Draft=2 0Minutes |Sender:=20; bh=Swqp8iW+XgceeW7jzTIMUlCWhRS06CQDn/LjljGfENE=; b=W4bOgO/guF8eOvMhXry1nbF1YVj+T+b8Or0J7pQtimXrix9gSfm3Sbgzs4 TaN5mzpuTyviZGdGHfDuK5hOSJkHhBe5d0aV1xxCnXZa15xRdVk0ICHcwUmd +G+/yVH7yg;
Authentication-Results: sj-dkim-2; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Subject: [TLS] IETF 72 - TLS Working Group Draft Minutes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Below are draft minutes for the IETF-72 meeting. Please send any corrections or additions. Thanks to Pratima for taking notes. Joe Minutes for TLS working Group session at IETF 72 July 28, 2008 - 1520-1720 - Dublin ----------------------------------------------- Chairs: Joe Salowey Eric Rescorla (on Jabber) Notes Taker: Pratima Sethi ----------------------------------------------- 1) TLS 1.2 status (RFC4346bis) Joe Salowey: Handling of version mismatch in pre-master secret to avoid side-channel attacks. Recommendation to keep the document as is. Eric Rescorla: Mechanism described in current draft and complicated and working is unclear. Original paper by Klima is hard to follow. He is planning to have discussions with some cryptographers and thinks better explanation is all that will be needed. 2) Extensions (RFC4366bis) Client cert url Joe Salowey: current proposal to make hash extension to be made mandatory. Other related topics - add hash agility and truncated HMAC Yoav Nir: Extension never been used in IKE or TLS and hence changes can be made. Eric: mentions that the issue was raised by NIST and Tim can comment on it. Tim not present. Pasi: clarifies NIST -- after you run the authentication protocol, parties would know who the peers are, and this isn't clear without the hash. Hence the need for hash inclusion. Joe: Hash agility can be added in a backward compatible way. Joe: show of hands for making hash mandatory shows a preference for making the hash mandatory w/o need of a new extension 4 for making existing hash mandatory 0 for new extension Take it too the list Pasi: Slide should not be about truncated hash but about max fragment length. (fix in slide) 3) cipher suite status Joe: Several drafts waiting on TLS 1.2 Badra: New Version submitted for EDCHE draft just before meeting Comment from jabber: Is there expired draft on ghost(?) cipher suites. Joe: Not sure what the status of the document is, it expired a while ago. 4) DTLS update (rfc4347bis) Abhijit Choudhury: Queries group about thoughts on aligning headers on word boundaries. Abhijit comments that unaligned headers increases die sizes on ASICs and this has been a historical problem inherited from TLS. Joe: so the problem is it requires more silicon to achieve the same speed. Joe: This change may be too big to include in DTLS 1.2 and preferable to discuss some more. Perhaps is possible to have a solution for TLS and DTLS. 5) TLS Key Generation draft-urien-tls-keygen-00 <presentation by Pascal Urien> Joe: what is different about this than TLS extractor Pascal: difference with tls-extractor which uses a TLS PRF function is used and secondly the use case where server pushes the key which is not addressed by tls-extractor. Joe: why not use the same PRF ? Pascal: Is the same PRF function well suited for everything? Eric: What is the use case of this draft Pascal: for applications outside TLS or on top of TLS. A) Outside TLS for protocols like BGP ( peer to peer mode) or Push TV( server) Eric: applications for usage of keys outside of TLS is out of scope of this Working Group Pasi Eronen(AD): agrees. Joe: Agrees with Eric and Pasi's comments and recommends. If we are going pursue something like this, it should tie into the extractor draft as the extractor draft is going to be the default way of extracting keys from TLS. Bob Morgan: What type of implementation have you done Pascal: implemented what is in the draft, could be applied to many different things 6) Camellia cipher suites for TLS. draft-kato-tls-rfc4132bis-02 <presentation by Satoru Kannu> Joe: This may be better as an individual submission since it is only changing an encryption algorithm. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] IETF 72 - TLS Working Group Draft Minutes Joseph Salowey (jsalowey)