Re: [TLS] TLS Charter Revision
Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 10 December 2013 08:26 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91B2A1AE123 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 00:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYZ5HusRPtwo for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 00:26:23 -0800 (PST)
Received: from mail-ea0-x236.google.com (mail-ea0-x236.google.com [IPv6:2a00:1450:4013:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9361AE0C4 for <tls@ietf.org>; Tue, 10 Dec 2013 00:26:23 -0800 (PST)
Received: by mail-ea0-f182.google.com with SMTP id a15so2066502eae.13 for <tls@ietf.org>; Tue, 10 Dec 2013 00:26:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=5lRvr+dcUaLzYbGqALMlJCKh0QlqhOHM3DVE/duUn5w=; b=TjcWvynn0B5cdiUDwFRMmm478RmKMSvSCUlMDJ3NYy4EDy6oCEUYQt9n5NqUB3PY04 zsBny3b19388iv2fJnw+tO2x/rjGKoVVjftUEhbUZPudSybOoD+L0VltxZ+USVFvmEc4 zxU+FzAKGI2W11k8MORCOmm1dj8Xtd7Akvp42/+rW1/OB00raF3wR+0smmdscjzV+R7L sFqurh+ewFyiaJqHaw9a9AYRRZjgVcT80EW435GnSrszXZCnbWcpyWrf0UHjfzDg4Mhy lGc/PV5TmGFbAbCXmWYLp3W0fz3Js9rnf+xAKh+dYxXldd5CpOlXrxB4Srz0d7Vusrm1 RyKQ==
X-Received: by 10.15.49.193 with SMTP id j41mr16433525eew.10.1386663977644; Tue, 10 Dec 2013 00:26:17 -0800 (PST)
Received: from [10.0.0.7] (93-173-133-53.bb.netvision.net.il. [93.173.133.53]) by mx.google.com with ESMTPSA id h48sm38281754eev.3.2013.12.10.00.26.14 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 10 Dec 2013 00:26:14 -0800 (PST)
Message-ID: <52A6D025.3030902@gmail.com>
Date: Tue, 10 Dec 2013 10:26:13 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <2F2286E3-7717-4E8F-B1EA-B2E4155F7C17@cisco.com> <A86275E1-44B7-444B-9E50-FD6DE5CC5190@cisco.com>
In-Reply-To: <A86275E1-44B7-444B-9E50-FD6DE5CC5190@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] TLS Charter Revision
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 08:26:25 -0000
Hi Joe, There is never-ending discussion on this list about servers that do not implement version negotiation correctly, and various solutions to prevent, secure, or provide policy for client-side version fallback. Shouldn't this be part of the group's charter? Thanks, Yaron On 12/10/2013 08:38 AM, Joseph Salowey (jsalowey) wrote: > Updated Charter text based on the discussion so far is below. Changes: > > 1. Fixed typos > 2. Third bullet to "Update record payload protection cryptographic > mechanisms and algorithms to address known weaknesses > in the CBC block cipher modes and to replace RC4." > > Thanks, > > Joe > > The TLS (Transport Layer Security) working group was > established in 1996 to standardize a 'transport layer' > security protocol. The basis for the work was SSL > (Secure Socket Layer) v3.0. The TLS working group has > completed a series of specifications that describe the > TLS protocol v1.0, v1.1, and v1.2 and DTLS > (Datagram TLS) v1.2 as well as extensions to the > protocols and ciphersuites. > > The primary purpose of the working group is to develop > (D)TLS v1.3. Some of the main design goals are as follows, > in no particular order: > > o Develop a mode that encrypts as much of the handshake as > is possible to reduce the amount of observable data to > both passive and active attackers. > > o Develop modes to reduce handshake latency, which primarily > support HTTP-based applications, aiming for one roundtrip > for a full handshake and one or zero roundtrip for repeated > handshakes. > > o Update record payload protection cryptographic > mechanisms and algorithms to address known weaknesses > in the CBC block cipher modes and to replace RC4. > > o Reevaluate handshake contents, e.g.,: Is time needed in > client hello? Should signature in server key exchange > cover entire handshake? Are bigger randoms required? > Should there be distinct cipher list for each version? > > A secondary purpose is to maintain previous version of > the (D)TLS protocols as well as to specify the use of > (D)TLS, recommendations for use of (D)TLS, extensions to > (D)TLS, and cipher suites. However, changes or additions > to older versions of (D)TLS whether via extensions or > ciphersuites are discouraged and require significant > justification to be taken on as work items. > > With these objectives in mind, the TLS WG will also place a priority > in minimizing gratuitous changes to TLS. > > Milestone/Dates: > > 201311 - Out-of-Band Public Key Validation for TLS to IESG > 201401 - Secure Password Ciphersuites for TLS to IESG > 201404 - TLS ALPN (Application Layer Protocol Negotiation) > Extension to IESG > 201411 - (D)TLS 1.3 to IESG > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] TLS Charter Revision Joseph Salowey (jsalowey)
- Re: [TLS] TLS Charter Revision Daniel Kahn Gillmor
- Re: [TLS] TLS Charter Revision Watson Ladd
- Re: [TLS] TLS Charter Revision Marsh Ray
- Re: [TLS] TLS Charter Revision Watson Ladd
- Re: [TLS] TLS Charter Revision Trevor Perrin
- Re: [TLS] TLS Charter Revision Nikos Mavrogiannopoulos
- Re: [TLS] TLS Charter Revision Martin Thomson
- Re: [TLS] TLS Charter Revision Mohamad Badra
- Re: [TLS] TLS Charter Revision Stephen Farrell
- Re: [TLS] TLS Charter Revision Joseph Salowey (jsalowey)
- Re: [TLS] TLS Charter Revision Yaron Sheffer
- Re: [TLS] TLS Charter Revision Stephen Farrell
- Re: [TLS] TLS Charter Revision Yoav Nir
- Re: [TLS] TLS Charter Revision Hovav Shacham
- Re: [TLS] TLS Charter Revision Salz, Rich
- Re: [TLS] TLS Charter Revision Michael Sweet
- Re: [TLS] TLS Charter Revision Patrick McManus
- Re: [TLS] TLS Charter Revision Michael Sweet
- Re: [TLS] TLS Charter Revision Eric Rescorla
- Re: [TLS] TLS Charter Revision Salz, Rich
- Re: [TLS] TLS Charter Revision Watson Ladd
- Re: [TLS] TLS Charter Revision Brian Smith
- Re: [TLS] TLS Charter Revision Salz, Rich
- Re: [TLS] TLS Charter Revision Marsh Ray
- Re: [TLS] TLS Charter Revision Joseph Salowey (jsalowey)
- Re: [TLS] TLS Charter Revision Rene Struik
- Re: [TLS] TLS Charter Revision Sean Turner