Re: [TLS] TLS chairing changes

Trevor Perrin <trevp@trevp.net> Thu, 13 March 2014 19:51 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E43FD1A0A1B for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 12:51:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knbAV-cWSpeD for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 12:51:51 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 137461A0990 for <tls@ietf.org>; Thu, 13 Mar 2014 12:51:50 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hi5so4435418wib.17 for <tls@ietf.org>; Thu, 13 Mar 2014 12:51:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4FEkY0qc2lGkUNPtOXifPddgth2HI07iNavDSdH8ym0=; b=fvApwwGIEjJ0hcj642uKStfRTkO5Yp4/ETQ4ao9IT/qjxzgjSxm4wXkdbLL7IrYW3B StSigDvUcvu1L8pN1KTFKUqS4v08iect4cKfj2/BtrBcmyUfa5Sl/JG6qdMZvniI+qRR 744cIosRN3rEAVLct6+qrGYJvEZE/MtigPHaQ60gkuQEVHChbswC+kgf29l1pZXE7x4H Jub07HE0A76U0YRw+XdnxYwtTSFi7ukoZjFJvvDxN57i++cHtuMQW1GfUhVFjZqpxDdf 3wWTBFwIKXZ3EzNWlJZ2vJREdqwcMS08NZUsprKy9W80TeWA5ZSMkU7b8hcRuSPdqEDI JnQQ==
X-Gm-Message-State: ALoCoQkNOpA+E79QCMYuvz4lkQTHLOPHDNWcJ0jamRCVrsZ2rhWrJmo1cUS4xvOjlHKkPFX/UljS
MIME-Version: 1.0
X-Received: by 10.194.185.148 with SMTP id fc20mr3252730wjc.27.1394740303990; Thu, 13 Mar 2014 12:51:43 -0700 (PDT)
Received: by 10.216.45.146 with HTTP; Thu, 13 Mar 2014 12:51:43 -0700 (PDT)
X-Originating-IP: [184.23.29.222]
In-Reply-To: <532080AD.6080907@cs.tcd.ie>
References: <531F9443.1000002@cs.tcd.ie> <CAGZ8ZG3bQq77n3OaJeLGgQ__KXLfFUfmYR+egKJY0=rdN1jJhg@mail.gmail.com> <532080AD.6080907@cs.tcd.ie>
Date: Thu, 13 Mar 2014 12:51:43 -0700
Message-ID: <CAGZ8ZG1YhAGSfuH+EOC5nLf67Fj2mwYpMKaSKxm38duRr5iz5w@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="047d7bdcab7c5fa6b004f48248d2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/np-UiIUiFtbONHuBbSoSS8zzMMY
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS chairing changes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 19:51:54 -0000

On Wed, Mar 12, 2014 at 8:43 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

>
> Hi Trevor,
>
> On 03/12/2014 03:06 PM, Trevor Perrin wrote:
> > On Tue, Mar 11, 2014 at 3:54 PM, Stephen Farrell
> > <stephen.farrell@cs.tcd.ie>wrote:
> >
> >>
> >> Effective April 1st, Sean Turner will become a third TLS
> >> co-chair in order to free up Eric who will be a TLS 1.3
> >> document editor.
> >
> >
> >
> > Hi Stephen,
> >
> > There was discussion about having a more competitive process for TLS 1.3
> > [1].
>
> I'm not at all sure a "competition" is the right way to pick
> an initial draft as a starting point. Of course, people are
> free to write any I-D they choose and propose that to the WG,
> but I think that the process being followed so far of discussing
> the features and building from those seems to be going fine.
>

I thought EKR's drafts were more of a brainstorming / strawman to get
people thinking about things [1,2].

I assumed at some point after re-chartering we'd discuss process,
timelines, and requirements some more, and have an open process for TLS 1.3
candidates.  Until your email, it wasn't made clear - at least to the list
- that EKR's draft was the presumptive TLS 1.3.

It's great that EKR's draft is driving discussion.  But that draft makes
many choices which may be optimal, or may not:

 * For an initial handshake, EKR's draft recommends a 2-RTT flow with 2 DH
computations.  I think it could also support a flow with 1-RTT, 2 DH, and
reduced foward secrecy for the first RT of Application Data.  This seems a
step backwards from current TLS, which can support a False-Start handshake
with 1-RTT, 1 DH, and full forward secrecy.

 * For a "reconnect" handshake, EKR's draft performs DH with a
"semi-static" DH key.  This is more computation than a traditional
session-ticket resumption.

 * EKR's draft assumes we want to reuse TLS structures as much as possible,
for simplicity.  An alternative would be to design structures which are
more different from TLS, but more simple in their own right.

And there's a lot else to be decided wrt key agreement, ciphersuites,
renegotiation, SNI, potential integration with (Client Auth, ChannelID,
PAKE, TACK), etc.

Anyways, I'd prefer a process where the WG held off from anointing a single
draft as "the" TLS 1.3 WG item for several months, and invited individual
contributions.  Eric's draft would be such a contribution, but so could
designs based on QUIC or MinimaLT, or anything else.

This would let us to explore the design space via comparing and contrasting
different designs.  Once the WG was satisfied that it preferred one
candidate, this would be made a WG item for finishing the spec.


Trevor


[1] http://www.ietf.org/mail-archive/web/tls/current/msg10404.html
[2] http://www.ietf.org/mail-archive/web/tls/current/msg11300.html