Re: [TLS] Is there a way forward after today's hum?

[Russ Housley <housley@vigilsec.com>]

The agenda included:

- Data Center use of Static DH (30 min)
 https://datatracker.ietf.org/doc/draft-green-tls-static-dh-in-tls13/ <https://datatracker.ietf.org/doc/draft-green-tls-static-dh-in-tls13/>

- National Cybersecurity Center of Excellence (NCCOE) project for
 visibility within the datacenter with TLS 1.3 (10min)
 aka implementing draft-green-tls-static-dh-in-tls13

- Discussion about the previous topic (40min)

At the start of the Discussion portion of the agenda, Stephen Farrell talked about https://github.com/sftcd/tinfoil <https://github.com/sftcd/tinfoil>.

At the end of the Discussion, the chairs asked for a hum about working on visibility in the datacenter, and the room was evenly split.

Russ


> On Jul 19, 2017, at 3:29 PM, Ryan Hamilton <rch@google.com> wrote:
> 
> Can you provide more context for those of us not in the room? What was the hum in reference to?
> 
> On Wed, Jul 19, 2017 at 10:10 AM, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> The hum told us that the room was roughly evenly split.  In hind sight, I wish the chairs had asked a second question.  If the split in the room was different for the second question, then I think we might have learned a bit more about what people are thinking.
> 
> If a specification were available that used an extension that involved both the client and the server, would the working group adopt it, work on it, and publish it as an RFC?
> 
> I was listening very carefully to the comments made by people in line.  Clearly some people would hum for "no" to the above question, but it sounded like many felt that this would be a significant difference.  It would ensure that both server and client explicitly opt-in, and any party observing the handshake could see the extension was included or not.
> 
> Russ
> 
>