IETF Logo Mail Archive

Re: [TLS] kicking off charter revision discussion

William Whyte <wwhyte@onboardsecurity.com> Mon, 29 October 2018 16:30 UTC

Return-Path: <wwhyte@onboardsecurity.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD67130DF9 for <tls@ietfa.amsl.com>; Mon, 29 Oct 2018 09:30:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=onboardsecurity-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RMgGsNOQKIBA for <tls@ietfa.amsl.com>; Mon, 29 Oct 2018 09:30:41 -0700 (PDT)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B18621292F1 for <tls@ietf.org>; Mon, 29 Oct 2018 09:30:41 -0700 (PDT)
Received: by mail-pl1-x635.google.com with SMTP id s5-v6so2429444plq.11 for <tls@ietf.org>; Mon, 29 Oct 2018 09:30:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onboardsecurity-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=cA8eR2sB/W0y3FZr4Hma7+o/FCVSXAgcA6Zwnlu6kxU=; b=GQl626fzM9odtvS189xjGZ+Y3T2p8u83viFulPOLDjnEks8DKzWX1M6vwOujxM8W7I p6AfuBCs0Tr+R/Zy+RkXcBJZ211155AsqAujJXlV63ektElJoqeoTf9GFyMSUGurCS+v kaNvUdeMX8SjnempCAFBOuFLPuk7ZKUGAbdNQJzl86PSHvXe35iv+9WaNSBz3iVo3zNS SpNOfNbMPPVmh+F8ExfBrYWEiZDm3e9lSR5i7enKmtCDTO7Qx/ytqanUER4lJhnvZELv tMvpTmj7t5CoJ3ZXSvXgeTcn1h2LLBijWSbYYDNGByv2IHSNdJTuCWS2qJAC2IjKGbPT 6HbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=cA8eR2sB/W0y3FZr4Hma7+o/FCVSXAgcA6Zwnlu6kxU=; b=PeLkm+D+z6iJEpj6ySpp/XsRvRX8SRMqh21N6xx0GFAPhv9Jt38v+7LjrhT+/A6fti tI61wLkR8wMPYs5sBYERcbSWOmoBzdGqPRX1OaJebBAdTdL3albnAFnDijKFEjj9yWH9 nGzVFfuZbQyKlsSRMKdQElFM+w6NCjaiz7vAI4fLT85fhjkzGgSZNLHWrs13jMjIOIMN AjsM+m0jEOQeRQwHipjzvFnS/0R2J57l4br013U/MrT6X/00f9I9Rp8rQ3UvCQr+J4lO OB0UGJOk1zNfo2dO2Og6wXJgTxRgDbfdjv6dQQdrA4J+AMeZIod8q97ePAUOpX6r38nZ Q5cA==
X-Gm-Message-State: AGRZ1gL0NKxLwtnyt+Sh5MSn0GZmxKjivXnHMeu5nAe6smSy0BqK2J8S ABRjl7Er5lh61modoALSGBt+btjBvs0=
X-Google-Smtp-Source: AJdET5diWCkyqGNZXe9mXl9yTarhwPZ9WpZs86mIflzQAlNy0DQ4Nqy00GaxfrDbLS16rXBJ4+EEUg==
X-Received: by 2002:a17:902:7847:: with SMTP id e7-v6mr15154485pln.104.1540830640628; Mon, 29 Oct 2018 09:30:40 -0700 (PDT)
Received: from [100.72.53.212] ([216.4.53.35]) by smtp.gmail.com with ESMTPSA id x23-v6sm22118186pfh.56.2018.10.29.09.30.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 09:30:39 -0700 (PDT)
Date: Mon, 29 Oct 2018 07:34:52 -0700
From: William Whyte <wwhyte@onboardsecurity.com>
To: tls@ietf.org, Sean Turner <sean@sn3rd.com>
Cc: 张 振飞 <zhenfei.zhang@hotmail.com>
Message-ID: <086da519-3cfe-4287-9efb-f20a1c9d4c72@Spark>
In-Reply-To: <E94102EF-0F2E-44B1-9B61-94E4702F9FE1@sn3rd.com>
References: <E94102EF-0F2E-44B1-9B61-94E4702F9FE1@sn3rd.com>
X-Readdle-Message-ID: 086da519-3cfe-4287-9efb-f20a1c9d4c72@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5bd735ad_7c3dbd3d_110cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/d6kK_VBiUlgcvDjTgMWIelka26A>
Subject: Re: [TLS] kicking off charter revision discussion
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 16:30:44 -0000

I’m happy to submit the draft as it stands. I think it’s covered by the recharter below under “maintain” the spec, though perhaps we should suggest that this is changed to “maintain and, as necessary, extend”.

Cheers,

William
On Oct 24, 2018, 8:20 PM -0400, Sean Turner <sean@sn3rd.com>, wrote:
> With the finalization of TLS 1.3 behind us, it is time to consider rechartering the working group to address ongoing and emerging issues in this space. Below is a proposal for the new charter text to get this discussion going before we meet in Bangkok. We plan to have a 20 minute discussion section on the charter in one of the upcoming TLS WG meeting sessions. If you have objections to what is written, please raise them to the list; we will track them with issues in the newly created GH repo [0]. If you feel something is omitted, please also bring it to the list but also feel free to suggest edits via issues/PRs in that repo.
>
> Thanks,
> Chris, Joe, and Sean
>
> [0] https://github.com/tlswg/wg-materials/tree/master/charter.
>
> Proposed Charter Text
>
> The TLS (Transport Layer Security) working group was established in 1996 to standardize a 'transport layer' security protocol. The basis for the work was SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed a series of specifications that describe the TLS protocol v1.0 [RFC2246], v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS) v1.0 [RFC4347] and v1.2 [RFC6347], as well as extensions to the protocols and ciphersuites.
>
> The working group aims to achieve three goals. First, to develop DTLS 1.3, in a way that draws upon the design, analysis, and engineering effort put into TLS 1.3. Specifically, the protocol should exhibit the following features, in no particular order:
>
> - Encrypt as much of the handshake and datagram packets as
> possible to reduce the amount of observable data to both
> passive and active attackers.
> - Reduce handshake latency and aim for one roundtrip for a full
> handshake and one or zero roundtrip for repeated handshakes
> without compromising current security features.
> - Use cryptographic algorithms equivalent to those used in TLS 1.3.
>
> The second working group goal is to improve protocol extensibility, usability, and deployability, e.g., GREASE, Delegated Credentials, Certificate Compression, and Exported Authenticators. These working group items will include a focus on privacy properties of (D)TLS, with a particular emphasis on the following:
>
> - Encrypt the ClientHello SNI (Server Name Indication) and other
> application-sensitive extensions, such as
> ALPN (Applications-Layer Protocol Negotiation).
> - Identify and mitigate other (long-term) user tracking or fingerprinting
> vectors enabled by TLS deployments and implementations.
> - Consider additional privacy-preserving mechanisms, e.g., consistent
> application traffic padding.
> - Develop privacy-friendly profiles describing recommended usage of
> (D)TLS for generic use. Protocol-specific profiles are out of scope.
>
> The third goal is to maintain current and previous version of the (D)TLS protocols as well as to specify general best practices for use of (D)TLS, extensions to (D)TLS, and cipher suites. This includes recommendations as to when a particular version should be deprecated. Changes or additions to older versions of (D)TLS whether via extensions or ciphersuites are discouraged and require significant justification to be taken on as work items.
>
> With these objectives in mind, the TLS WG will also place a priority in minimizing gratuitous changes to (D)TLS.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email