Re: [TLS] Bakeoffs

[Nikos Mavrogiannopoulos <nmav@redhat.com>]

On Wed, 2014-04-16 at 16:21 -0700, Trevor Perrin wrote:

> > On reflection, I think I may favour this approach, yes:
> >
> > * Keeping TLSv1.3 a cleaned-up v1.2 with better, faster, forward-secure
> >   baseline of fast, constant-time ECDHE and AEADs, legacy/broken lint
> >   removed, bugs fixed and downgrade protection, and getting that out
> >   fairly promptly;
> >
> >   and,
> >
> > * Following that with a TLSv2.0 process in which we look at the far
> >   more radical and challenging changes: handshake improvements,
> >   ClientHello/SNI encryption, perhaps a complete redesign.
> 
> 
> Perhaps we could do both in parallel? -
> 
>  * Start work now on a TLS 1.3 that is a cleaned-up / stripped-down
> profile of TLS 1.2, without major handshake changes or new features,
> aiming to finish in a few months.
> 
>  * Place a call for proposals for TLS 2.0, with the intent of choosing
> one as a WG item within 4-6 months.

I agree that they should be separated as activities since the more
radical and challenging changes require a different approach. 4-6 months
for proposals may be too short though.

> I hear the concern that people don't want a "clean-slate" or
> "revolutionary" redesign of TLS, they just want to quickly make the
> "minimal" changes to 5246 that meet our charter.
> 
> I'd encourage such people to re-read the charter, and look at Eric's
> 1.3 draft.  The goals and designs being considered are *already* a
> radical break from your parent's TLS.  We'll have complex, difficult
> debates involving competing visions for TLS regardless of what process
> we choose.

Indeed, I believe that the most voices heard for a fast-to-be-issued TLS
1.3 that includes all the points in the charter either underestimate the
issues involved, or are unaware of them.

regards,
Nikos