Re: [TLS] Re-chartering TLS

Eric Rescorla <> Mon, 20 January 2020 21:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B0638120232 for <>; Mon, 20 Jan 2020 13:56:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OqCRL9E7Y-Pv for <>; Mon, 20 Jan 2020 13:56:02 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D8611120045 for <>; Mon, 20 Jan 2020 13:56:01 -0800 (PST)
Received: by with SMTP id j1so638322lja.2 for <>; Mon, 20 Jan 2020 13:56:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aMwi9/KUiNLC7R+VDre0h1598zda3aJOSFP9rRA5h6A=; b=bCh1Llh4gr+U5XVi1ZIPpgMXWv9HlFn3GhHa/L1m8Sw7RQat1AaKXH/mTEBnxdtzhp D+3mmXFnOiAtTpfG6bzfE6vbD1unc66EQShVHQOiz7Y10qaTo4TfEYoHqIfDDb2Y6igc SeieYDJuCu8hewUXzGtCK6a9SuW4OgwHolo0vve4sWJ+n8YsJCV1aJ34Y7IWOVHv38Bj bVCiJCvIK6AQpJFojIewpUlY1fdBevJe1kQJ33WFn0tDtd5UMgu9k+wfcND+pTb2Wivl CTyuIggsaaF9va1DI3yqdScZhI5iLGuFEIWNvkRyZeuXyb7Anr95dBvkqk2mDt74cODR QZvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aMwi9/KUiNLC7R+VDre0h1598zda3aJOSFP9rRA5h6A=; b=gVY3mMk9iQZ3s5SPRRDOJEe97yHcULVgD0mlObz98SyqlDxDFZNkth3UhFHe/RPkyY yQJmfR0Lz2Uwqqwn50oxBQLAeCbLaH2fdhUu/RbiAC0S5dkhYltt24Y7su/cfUilJxhP xNLPlx6icBSWMSJlBgykuc5znZ1DDmRi61EzHIU1mA20fH6unZgg45vUeJLPfa57tZlC mJfHIZmIy94nGKujLU5RJ4S5yeqs/DasIeZRpxg1wDOGuQiliZGg0vOSowpu0Wc4LuQX MwcWk1XeBoWzebGFX8rXYEtQyYCjCAmrSIqoGMQCjbhYTe21bFIfN/MUEtU0srsn3cGA JOVA==
X-Gm-Message-State: APjAAAUjzkREqc4tmYI5Q5KnuJ5uO+Yt+iqtv/cDaUfYwDiYYt6UDKov O9ZqdPaVnf8R1X2+oe5q7TP6V+oqFBrZ4NyA3QP9TTBwwzE=
X-Google-Smtp-Source: APXvYqzwjsVdVEjgRiQinAzIa553XswgbafWjF9zJ3vVUC5fCFrug/RTgKHDFk9EEi3My6nnNCCcV+uZ+EOOq7yWJDI=
X-Received: by 2002:a2e:b054:: with SMTP id d20mr14403097ljl.190.1579557359795; Mon, 20 Jan 2020 13:55:59 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Eric Rescorla <>
Date: Mon, 20 Jan 2020 13:55:22 -0800
Message-ID: <>
To: Christopher Wood <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="000000000000555292059c995b44"
Archived-At: <>
Subject: Re: [TLS] Re-chartering TLS
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jan 2020 21:56:05 -0000


On Thu, Jan 16, 2020 at 7:32 PM Christopher Wood <>

> Hi folks,
> As discussed in Singapore, it's time to re-charter the working group to
> reflect ongoing (e.g., Exported Authenticators and Encrypted SNI/CH) and
> future work (e.g., cTLS). For reference, the current charter is available
> here:
> A draft of the new charter is below, and also available on GitHub [1].
> Please have a look and and send comments, either here on the mailing list
> or in the GitHub repo, by 2359 UTC on 30 January 2020. Any and all feedback
> is welcome! We would like to complete this in advance of IETF 107 so we can
> move forward with items such as cTLS.
> ~~~
> The TLS (Transport Layer Security) working group was established in 1996
> to standardize a 'transport layer' security protocol. The basis for the
> work was SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group
> has completed a series of specifications that describe the TLS protocol
> v1.0 [RFC2246], v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and
> DTLS (Datagram TLS) v1.0 [RFC4347], v1.2 [RFC6347], and v1.3
> [draft-ietf-tls-dtls13], as well as extensions to the protocols and
> ciphersuites.
> The working group aims to achieve three goals. First, improve the
> applicability and suitability of the TLS family of protocols for use in
> emerging protocols and use cases. This includes extensions or changes that
> help protocols better use TLS as an authenticated key exchange protocol, or
> extensions that help protocols better leverage TLS security properties,
> such as Exported Authenticators. Extensions that focus specifically on
> protocol extensibility are also in scope. This goal also includes protocol
> changes that reduce the size of TLS without affecting security. Extensions
> that help reduce TLS handshake size meet this criteria.
> The second working group goal is to improve security, privacy, and
> deployability. This includes, for example, Delegated Credentials, Encrypted
> SNI, and GREASE. Security and privacy goals will place emphasis on the
> following:
> - Encrypt the ClientHello SNI (Server Name Indication) and other
> application-sensitive extensions, such as ALPN (Application-Layer Protocol
> Negotiation).
> - Identify and mitigate other (long-term) user tracking or fingerprinting
> vectors enabled by TLS deployments and implementations.
> The third goal is to maintain current and previous version of the (D)TLS
> protocol as well as to specify general best practices for use of (D)TLS,
> extensions to (D)TLS, and cipher suites. This includes recommendations as
> to when a particular version should be deprecated. Changes or additions to
> older versions of (D)TLS whether via extensions or ciphersuites are
> discouraged and require significant justification to be taken on as work
> items.
> With these goals in mind, the working group will also place a priority in
> minimizing gratuitous changes to (D)TLS.
> ~~~
> Best,
> Chris, on behalf of the chairs
> [1]
> _______________________________________________
> TLS mailing list