Re: [TLS] TLS Charter Revision

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 10 December 2013 08:26 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91B2A1AE123 for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 00:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYZ5HusRPtwo for <tls@ietfa.amsl.com>; Tue, 10 Dec 2013 00:26:23 -0800 (PST)
Received: from mail-ea0-x236.google.com (mail-ea0-x236.google.com [IPv6:2a00:1450:4013:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 2F9361AE0C4 for <tls@ietf.org>; Tue, 10 Dec 2013 00:26:23 -0800 (PST)
Received: by mail-ea0-f182.google.com with SMTP id a15so2066502eae.13 for <tls@ietf.org>; Tue, 10 Dec 2013 00:26:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=5lRvr+dcUaLzYbGqALMlJCKh0QlqhOHM3DVE/duUn5w=; b=TjcWvynn0B5cdiUDwFRMmm478RmKMSvSCUlMDJ3NYy4EDy6oCEUYQt9n5NqUB3PY04 zsBny3b19388iv2fJnw+tO2x/rjGKoVVjftUEhbUZPudSybOoD+L0VltxZ+USVFvmEc4 zxU+FzAKGI2W11k8MORCOmm1dj8Xtd7Akvp42/+rW1/OB00raF3wR+0smmdscjzV+R7L sFqurh+ewFyiaJqHaw9a9AYRRZjgVcT80EW435GnSrszXZCnbWcpyWrf0UHjfzDg4Mhy lGc/PV5TmGFbAbCXmWYLp3W0fz3Js9rnf+xAKh+dYxXldd5CpOlXrxB4Srz0d7Vusrm1 RyKQ==
X-Received: by 10.15.49.193 with SMTP id j41mr16433525eew.10.1386663977644; Tue, 10 Dec 2013 00:26:17 -0800 (PST)
Received: from [10.0.0.7] (93-173-133-53.bb.netvision.net.il. [93.173.133.53]) by mx.google.com with ESMTPSA id h48sm38281754eev.3.2013.12.10.00.26.14 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 10 Dec 2013 00:26:14 -0800 (PST)
Message-ID: <52A6D025.3030902@gmail.com>
Date: Tue, 10 Dec 2013 10:26:13 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <2F2286E3-7717-4E8F-B1EA-B2E4155F7C17@cisco.com> <A86275E1-44B7-444B-9E50-FD6DE5CC5190@cisco.com>
In-Reply-To: <A86275E1-44B7-444B-9E50-FD6DE5CC5190@cisco.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] TLS Charter Revision
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 08:26:25 -0000

Hi Joe,

There is never-ending discussion on this list about servers that do not 
implement version negotiation correctly, and various solutions to 
prevent, secure, or provide policy for client-side version fallback. 
Shouldn't this be part of the group's charter?

Thanks,
	Yaron

On 12/10/2013 08:38 AM, Joseph Salowey (jsalowey) wrote:
> Updated Charter text based on the discussion so far is below.  Changes:
>
> 1. Fixed typos
> 2. Third bullet to "Update record payload protection cryptographic
> mechanisms and algorithms to address known weaknesses
> in the CBC block cipher modes and to replace RC4."
>
> Thanks,
>
> Joe
>
> The TLS (Transport Layer Security) working group was
> established in 1996 to standardize a 'transport layer'
> security protocol.  The basis for the work was SSL
> (Secure Socket Layer) v3.0.  The TLS working group has
> completed a series of specifications that describe the
> TLS protocol v1.0, v1.1, and v1.2 and DTLS
> (Datagram TLS) v1.2 as well as extensions to the
> protocols and ciphersuites.
>
> The primary purpose of the working group is to develop
> (D)TLS v1.3.  Some of the main design goals are as follows,
> in no particular order:
>
> o Develop a mode that encrypts as much of the handshake as
> is possible to reduce the amount of observable data to
> both passive and active attackers.
>
> o Develop modes to reduce handshake latency, which primarily
> support HTTP-based applications, aiming for one roundtrip
> for a full handshake and one or zero roundtrip for repeated
> handshakes.
>
> o Update record payload protection cryptographic
> mechanisms and algorithms to address known weaknesses
> in the CBC block cipher modes and to replace RC4.
>
> o Reevaluate handshake contents, e.g.,: Is time needed in
> client hello?  Should signature in server key exchange
> cover entire handshake?  Are bigger randoms required?
> Should there be distinct cipher list for each version?
>
> A secondary purpose is to maintain previous version of
> the (D)TLS protocols as well as to specify the use of
> (D)TLS, recommendations for use of (D)TLS, extensions to
> (D)TLS, and cipher suites.  However, changes or additions
> to older versions of (D)TLS whether via extensions or
> ciphersuites are discouraged and require significant
> justification to be taken on as work items.
>
> With these objectives in mind, the TLS WG will also place a priority
> in minimizing gratuitous changes to TLS.
>
> Milestone/Dates:
>
> 201311 - Out-of-Band Public Key Validation for TLS to IESG
> 201401 - Secure Password Ciphersuites for TLS to IESG
> 201404 - TLS ALPN (Application Layer Protocol Negotiation)
>        Extension to IESG
> 201411 - (D)TLS 1.3 to IESG
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>