Re: [TLS] WG Review: Transport Layer Security (tls)

wally pratt <wpratt@fieldcommgroup.org> Mon, 16 March 2020 14:15 UTC

Return-Path: <wpratt@fieldcommgroup.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 670113A08FC for <tls@ietfa.amsl.com>; Mon, 16 Mar 2020 07:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fieldcommgroup.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXfLHZF0WHUC for <tls@ietfa.amsl.com>; Mon, 16 Mar 2020 07:15:33 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2134.outbound.protection.outlook.com [40.107.237.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7163A08F9 for <tls@ietf.org>; Mon, 16 Mar 2020 07:15:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DLYD85p1YhTYVT4ZeXMt1gwwKUO2DCo5IGerqGPGOGcOUj+E2UwA5Ucx6Wri4n?= =?utf-8?q?OO4NIhe7riGHBMhl9Knts72Vsjd8j+0ZKGJUIRLXkl/f6uP5/NQOevzWVZDUrr03Y?= =?utf-8?q?0cAuUNBtKbkp8zxk07YE6/A2k5lCkoKE4v0Cdh4Ml56Cxn/tLb4zMOgYREMb7UY4s?= =?utf-8?q?JbGIdIexOVIc4C3u2XKeAut3ePwfFnNFGU4iRTIfkGeoHUYzYk8hjwtwIrYZxt34a?= =?utf-8?q?ldU676wINjlT7dOqhUR7JtOmdlKvJpnR0NH2GViTknouhJC/9cCfcifoJY2c5nTHt?= =?utf-8?q?UxVQ07bNzO3vM76lW8Ulw=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DhtYrHjNKOD8WmHVl+618sJqD/aAvBrtmlZCtstN7bmo=3D=3B_b=3Dgtc9lp?= =?utf-8?q?CtQQ4IT6OZpnw/5ILgzHmELEYh06KXej27rNPiTggOFqjS0OO3ytjzwkFIgxd2/BQ?= =?utf-8?q?0aMIGtWQxhbnBzuFygokFi/SoERMez5Ez3+1Te2GtESQAZRa5uCiqg58Cwz1VSQi/?= =?utf-8?q?aHxde4za0ymBbzCE71Bu9N//Ri185nRr5x36DDxVuLRenhm7OSix2ikyL4SA/advM?= =?utf-8?q?ErDyJ+ph1u3Sq4c4IMLa8WVlc0/svp1s31pPuC2Iwj7DL2vaMK54FFMVXMy4SCtI7?= =?utf-8?q?eJ4raLGfDD0+gmcV05kDy8sR4muhMbK5+TbvC+bWuzfvNjm/NCXVepeSTAPO8/v5f?= =?utf-8?q?LPjMBJ4Q9Jw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fieldcommgroup.org; dmarc=pass action=none header.from=fieldcommgroup.org; dkim=pass header.d=fieldcommgroup.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldcommgroup.org; s=selector1; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Typ?= =?utf-8?q?e=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DhtYrHjNKOD8WmHVl+618sJqD/aAvBrtmlZCtstN7bmo=3D=3B_b=3DDAyCpm?= =?utf-8?q?yS/Tmzap+pwa2E0KkKWJuqo7X+Qyg4Nozymf6hGOH90ABNAgDuu1MehV+sCuz2ZI2?= =?utf-8?q?zpZ0e99PiLWCr2ICaYyGeHo0mHxUWzw8dndA/7TkY5y5mWhy1Belu4ig9fOFUA1kv?= =?utf-8?q?Z7XPkopMFSS30PfFMhMuSLoLIYP3UxIojDA=3D?=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=wpratt@fieldcommgroup.org;
Received: from SN6PR11MB3437.namprd11.prod.outlook.com (2603:10b6:805:db::13) by SN6PR11MB3504.namprd11.prod.outlook.com (2603:10b6:805:d0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11; Mon, 16 Mar 2020 14:15:30 +0000
Received: from SN6PR11MB3437.namprd11.prod.outlook.com ([fe80::8cec:bbf9:ad21:a3b5]) by SN6PR11MB3437.namprd11.prod.outlook.com ([fe80::8cec:bbf9:ad21:a3b5%7]) with mapi id 15.20.2793.023; Mon, 16 Mar 2020 14:15:30 +0000
From: wally pratt <wpratt@fieldcommgroup.org>
To: tls@ietf.org
References: <mailman.71.1583524838.21630.tls@ietf.org>
Message-ID: <8f4c6631-fea4-30d1-002c-2ccd57fae135@fieldcommgroup.org>
Date: Mon, 16 Mar 2020 09:15:28 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
In-Reply-To: <mailman.71.1583524838.21630.tls@ietf.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: DM6PR11CA0032.namprd11.prod.outlook.com (2603:10b6:5:190::45) To SN6PR11MB3437.namprd11.prod.outlook.com (2603:10b6:805:db::13)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from JarJar.local (12.197.55.14) by DM6PR11CA0032.namprd11.prod.outlook.com (2603:10b6:5:190::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.18 via Frontend Transport; Mon, 16 Mar 2020 14:15:29 +0000
X-Originating-IP: [12.197.55.14]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0201e101-7c66-4e51-9364-08d7c9b47b85
X-MS-TrafficTypeDiagnostic: SN6PR11MB3504:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: =?utf-8?q?=3CSN6PR11MB35042747EFD1D951CE7B5295ABF?= =?utf-8?q?90=40SN6PR11MB3504=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 03449D5DD1
X-Forefront-Antispam-Report: SFV:NSPM; =?utf-8?q?SFS=3A=2810019020=29=284636?= =?utf-8?b?MDA5KSgzNDYwMDIpKDM3NjAwMikoMTM2MDAzKSgzNjYwMDQpKDM5ODMwNDAw?= =?utf-8?b?MDAzKSgzOTYwMDMpKDE5OTAwNCkoODExNTYwMTQpKDgxMTY2MDA2KSg1MzU0?= =?utf-8?b?NjAxMSkoODY3NjAwMikoMjYwMDUpKDMxNjAwMikoNjUwNjAwNykoMzE2OTYwMDIp?= =?utf-8?q?=288936002=29=2852116002=29=28956004=29=286512007=29=281565050000?= =?utf-8?b?MSkoNjY1NTYwMDgpKDg2MzYyMDAxKSg2Njk0NjAwNykoMjYxNjAwNSkoNjY0?= =?utf-8?q?76007=29=286916009=29=2866574012=29=2831686004=29=2836756003=29?= =?utf-8?b?KDI5MDYwMDIpKDk2NjAwNSkoNjQ4NjAwMikoMTg2MDAzKSg1NjYwMzAwMDAyKSg0?= =?utf-8?q?78600001=29=2816526019=29=3B?= DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB3504; H:SN6PR11MB3437.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
Received-SPF: None (protection.outlook.com: fieldcommgroup.org does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?v2yKH8V6Psf3YZDgNqKfGQr7s0OhT13?= =?utf-8?q?0RJRINWL3PLOIL1Ndp9GNNuwOygN0exkpdwHcqE2MQW2aplUJItmJlMxOWYAPkxoU?= =?utf-8?q?/+JRWQycYAmnOk6CiRTKNgVOhBbocu0R77J6QxleDG0NRXtmr191y5qBPAkjZNDQ1?= =?utf-8?q?MvAa06q8jOvb3Buq5xZ9WUhU+1WBPmJ1gBMZJMNkwkqrT9oeRfmUA4//a+wguTNg0?= =?utf-8?q?tOz1OzFNAFg+OgOqkRghwvIpDtKF5ziESr1SAchrw73A+T7yLSr2mOdTQpQQXc3TH?= =?utf-8?q?biqjgt2MMFZqaMvApcLCepnO0KfjoKkX6ScvQSTEasTXEESviWr9p7O+OC1w1vdRx?= =?utf-8?q?KT1i73nAW6hoiOCEr6WoUzEBxC0GbCAtA8UYLMsLit1cls2wvZ6PIYjVPONGLKu5f?= =?utf-8?q?ZHy8ZsNaSQuEEVWIfVmfTN/6N8oo+kawDMLltW3hFruUmKpVEpKAJX292znhou9eQ?= =?utf-8?q?21pMiUoG3LfgleXZ/E9WkRcQhVo1i3vmyaVg9EpsVrQM8gsA=3D=3D?=
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?ft9ItwEJw2H6YEORVf4ZDjzY1iBlMH?= =?utf-8?q?5Kc/dql3q6Ri04n59k28XaOACVnGaEPI2nP47sJtfP7AG3dxqWTHn4o1n5rMpvANg?= =?utf-8?q?FwIgAbsr6ZyOAVj0LtGT002xtkvJ2ieEckLNIouFnRKpx0/lb7QtykQ=3D=3D?=
X-OriginatorOrg: fieldcommgroup.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 0201e101-7c66-4e51-9364-08d7c9b47b85
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2020 14:15:30.2061 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 939a6f38-e5cb-4de2-b22f-a0d3a8213a2b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: =?utf-8?q?0Kf4n7YlhA0JhI7CwL5/P?= =?utf-8?q?67B05v27HuXNd0DtnESQCnJ/HRDEbLm4r1DZwj38hD1e/MrKXnN3dbSPx7m+fRo5n?= =?utf-8?q?tLIdJq2uKpRqn/ee2S52M=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3504
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/u_KrwdoixmH_EUObF4eqblGju6A>
Subject: Re: [TLS] WG Review: Transport Layer Security (tls)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 14:15:36 -0000

Hi!

I would like to strongly support two clauses in the proposed update to the TLS Charter:

"applicability and suitability of the TLS family of protocols for use in emerging protocols and use 
cases."

and

"This goal also includes protocol changes that reduce TLS resource consumption without affecting 
security."

In the way of introduction, my name is Wally Pratt and I have lead development and evolution of the 
HART Field Communications Protocol "HART" since 1994. As of 2019 the installed base of HART is in 
excess of 45 million devices with millions more shipped every year. Not so many compared to IT 
infrastructure but certainly the overwhelming majority of process instruments.

Today HART supports communications in the Process Automation space in three variations: Over the 
4-20mA current loop, wirelessly via IEEE 802.15.4 and via IP.  HART enabled process instruments are 
all about low power.  HART 4-20mA devices have a power budget of 30-50mW and WirelessHART devices 
operate 3+ years on a single 'D' cell battery.  HART-IP process automation instruments must limit 
power consumption such that a spark cannot be generated that ignites Hydrogen.

Technology improvements in (A) low power (wired) physical layers and (B) security are underway for 
HART-IP. These improvements will enable wider application of HART-IP (e.g., in intrinsically-safe 
and explosive environments).

 From a security perspective, we strongly support and encourage the notion of using TLS in isolated, 
power and resource constrained devices.

In particular, I have been observing the CFRG evaluation of PAKE-based ciphersuites.  I hope these 
will make there way into TLS.  They appear well suited for air-gapped process automation 
instrumentation.  We intend to support your selection once incorporated into a released TLS RFC.

Thank you very much for your consideration and

Best regards,

Wally Pratt Jr
Director, HART Technology | FieldComm Group
+1 512-792-2300  | wpratt@fieldcommgroup.org | http://www.fieldcommgroup.org




On 3/6/20 2:00 PM, tls-request@ietf.org wrote:
> ------------------------------
> 
> Message: 4
> Date: Fri, 06 Mar 2020 10:03:51 -0800
> From: The IESG<iesg-secretary@ietf.org>
> To: "IETF-Announce"<ietf-announce@ietf.org>
> Cc:tls@ietf.org  
> Subject: [TLS] WG Review: Transport Layer Security (tls)
> Message-ID:<158351783182.2240.10243717805925476558@ietfa.amsl.com>
> Content-Type: text/plain; charset="utf-8"
> 
> The Transport Layer Security (tls) WG in the Security Area of the IETF is
> undergoing rechartering. The IESG has not made any determination yet. The
> following draft charter was submitted, and is provided for informational
> purposes only. Please send your comments to the IESG mailing list
> (iesg@ietf.org) by 2020-03-16.
> 
> Transport Layer Security (tls)
> -----------------------------------------------------------------------
> Current status: Active WG
> 
> Chairs:
>    Christopher Wood<caw@heapingbits.net>
>    Joseph Salowey<joe@salowey.net>
>    Sean Turner<sean+ietf@sn3rd.com>
> 
> Assigned Area Director:
>    Benjamin Kaduk<kaduk@mit.edu>
> 
> Security Area Directors:
>    Benjamin Kaduk<kaduk@mit.edu>
>    Roman Danyliw<rdd@cert.org>
> 
> Mailing list:
>    Address:tls@ietf.org
>    To subscribe:https://www.ietf.org/mailman/listinfo/tls
>    Archive:https://mailarchive.ietf.org/arch/browse/tls/
> 
> Group page:https://datatracker.ietf.org/group/tls/
> 
> Charter:https://datatracker.ietf.org/doc/charter-ietf-tls/
> 
> The TLS (Transport Layer Security) working group was established in 1996 to
> standardize a 'transport layer' security protocol. The basis for the work was
> SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed
> a series of specifications that describe the TLS protocol v1.0 [RFC2246],
> v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS)
> v1.0 [RFC4347], v1.2 [RFC6347], and v1.3 [draft-ietf-tls-dtls13], as well as
> extensions to the protocols and ciphersuites.
> 
> The working group aims to achieve three goals. First, improve the
> applicability and suitability of the TLS family of protocols for use in
> emerging protocols and use cases. This includes extensions or changes that
> help protocols better use TLS as an authenticated key exchange protocol, or
> extensions that help protocols better leverage TLS security properties, such
> as Exported Authenticators. Extensions that focus specifically on protocol
> extensibility are also in scope. This goal also includes protocol changes
> that reduce TLS resource consumption without affecting security. Extensions
> that help reduce TLS handshake size meet this criterion.
> 
> The second working group goal is to improve security, privacy, and
> deployability. This includes, for example, Delegated Credentials, Encrypted
> SNI, and GREASE (RFC 8701). Security and privacy goals will place emphasis on
> the following:
> 
> - Encrypt the ClientHello SNI (Server Name Indication) and other
> application-sensitive extensions, such as ALPN (Application-Layer Protocol
> Negotiation).
> 
> - Identify and mitigate other (long-term) user tracking or fingerprinting
> vectors enabled by TLS deployments and implementations.
> 
> The third goal is to maintain current and previous version of the (D)TLS
> protocol as well as to specify general best practices for use of (D)TLS,
> extensions to (D)TLS, and cipher suites. This includes recommendations as to
> when a particular version should be deprecated. Changes or additions to older
> versions of (D)TLS whether via extensions or ciphersuites are discouraged and
> require significant justification to be taken on as work items.
> 
> The working group will also place a priority in minimizing gratuitous changes
> to (D)TLS.
> 
> Milestones:
> 
> TBD
.