Re: [TLS] TLS Charter Revision

Rene Struik <> Thu, 30 January 2014 23:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 692651A04EE for <>; Thu, 30 Jan 2014 15:50:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UrO3BCuj9lfK for <>; Thu, 30 Jan 2014 15:50:05 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4001:c03::236]) by (Postfix) with ESMTP id 93A211A04ED for <>; Thu, 30 Jan 2014 15:49:32 -0800 (PST)
Received: by with SMTP id lx4so3939443iec.41 for <>; Thu, 30 Jan 2014 15:49:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=TdCDO6OEYMmAXJ7by97kN/s0aKVVvnbDZ2G6QriX8co=; b=utBAVxjH2rZbHEEhd6kM6UxRTsluw4MeL6MsKX6ApfbKbAMkTJQb4/CazfUB1ZukVd DMEOLP2+M2X9HsedniPpt2Ll1eqpQYKs+yn1rW00a4drPSlIBmiKjYBMx9qie0AKOHnJ 2Pu1+vNLrMi50BnZ3PSjo6k6OusBYiEmmdHwzYO+cKwexKI50UuVCKEEJTFgqKHZoqp1 B8siJlae4eBnY7HmLzn57ugvMQhgAaLOKbcENUZrVj7VOv5uEWCrLa9HIWqlZhVtWxq8 n+oUfnVb/8Eu+aCECKXk/2B1N32EUNJjaSkVJfhY2bcDkiHoimALvS9bAy5mFjY+cdAu CDgA==
X-Received: by with SMTP id gd5mr16938137igd.25.1391125769125; Thu, 30 Jan 2014 15:49:29 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id x13sm58251240igp.2.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 30 Jan 2014 15:49:28 -0800 (PST)
Message-ID: <>
Date: Thu, 30 Jan 2014 18:49:18 -0500
From: Rene Struik <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <>, "<>" <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------040905070506090407000204"
Subject: Re: [TLS] TLS Charter Revision
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Jan 2014 23:50:16 -0000

Hi Joe:

Thanks for forwarding this to the group.

I would recommend adding one more objective to the list: improving the efficiency of the handshake protocol, even in scenarios where one does not try and cut down the number of protocol flows, e.g., by exploiting parallel vs. serial key computation and combined key computation and certificate verification techniques.

Some of this was presented at the CFRG meeting in Paris, France, March 28, 2012, see Slide 6 of
and at SAC 2010:René Struik  <>:  Batch Computations Revisited: Combining Key Computations and Batch Verifications.  130-142

This would be especially useful in highly constrained settings, where any computational efficiency gains are highly desirable.

Suggested additional Charter text:

o Consider other mechanisms to reduce handshake time latency, based on reconsideration of packet processing rules that could facilitate more efficient cryptographic processing, while maintaining or improving current security features.

On 1/30/2014 6:00 PM, Joseph Salowey (jsalowey) wrote:
> I updated the charter based on the list discussion and included it below.  Sean is going to forward this version to the IESG.
> Main changes:
> 2nd bullet: added "The aim is also to maintain current security
> features."
> 4th bullet: added "Are
> additional mechanisms needed to prevent version rollback
> needed?"
> 6th Bullet: added Stephen's privacy text.
> Cheers,
> Joe
> The TLS (Transport Layer Security) working group was
> established in 1996 to standardize a 'transport layer'
> security protocol.  The basis for the work was SSL
> (Secure Socket Layer) v3.0.  The TLS working group has
> completed a series of specifications that describe the
> TLS protocol v1.0, v1.1, and v1.2 and DTLS
> (Datagram TLS) v1.2 as well as extensions to the
> protocols and ciphersuites.
> The primary purpose of the working group is to develop
> (D)TLS v1.3.  Some of the main design goals are as follows,
> in no particular order:
> o Develop a mode that encrypts as much of the handshake as
> is possible to reduce the amount of observable data to
> both passive and active attackers.
> o Develop modes to reduce handshake latency, which primarily
> support HTTP-based applications, aiming for one roundtrip
> for a full handshake and one or zero roundtrip for repeated
> handshakes.   The aim is also to maintain current security
> features.
> o Update record payload protection cryptographic
> mechanisms and algorithms to address known weaknesses
> in the CBC block cipher modes and to replace RC4.
> o Reevaluate handshake contents, e.g.,: Is time needed in
> client hello?  Should signature in server key exchange
> cover entire handshake?  Are bigger randoms required?
> Should there be distinct cipher list for each version?  Are
> additional mechanisms needed to prevent version rollback
> needed?
> o The WG will consider the privacy implications of
> TLS1.3 and where possible (balancing with other requirements)
> will aim to make TLS1.3 more privacy-friendly, e.g. via more
> consistent application traffic padding, more considered use
> of long term identifying values, etc.
> A secondary purpose is to maintain previous version of
> the (D)TLS protocols as well as to specify the use of
> (D)TLS, recommendations for use of (D)TLS, extensions to
> (D)TLS, and cipher suites.  However, changes or additions
> to older versions of (D)TLS whether via extensions or
> ciphersuites are discouraged and require significant
> justification to be taken on as work items.
> With these objectives in mind, the TLS WG will also place a priority
> in minimizing gratuitous changes to TLS.
> Milestone/Dates:
> 201404 - CBC Fixes to IESG
> 201405 - RC4 replacement to IESG
> 201411 - (D)TLS 1.3 to IESG
> _______________________________________________
> TLS mailing list

email: | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363