[TLS] Minutes from Tuesday

"Salz, Rich" <rsalz@akamai.com> Tue, 21 October 2014 14:44 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D44A11A6F45 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 07:44:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 279ioI2GTqh7 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 07:44:28 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com []) by ietfa.amsl.com (Postfix) with ESMTP id 300F71A6F0B for <tls@ietf.org>; Tue, 21 Oct 2014 07:44:28 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost []) by postfix.imss70 (Postfix) with ESMTP id 83E65284EF for <tls@ietf.org>; Tue, 21 Oct 2014 14:44:27 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com []) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 70FCB284EE for <tls@ietf.org>; Tue, 21 Oct 2014 14:44:27 +0000 (GMT)
Received: from email.msg.corp.akamai.com (usma1ex-cas2.msg.corp.akamai.com []) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 6C339202A for <tls@ietf.org>; Tue, 21 Oct 2014 14:44:27 +0000 (GMT)
Received: from usma1ex-cashub7.kendall.corp.akamai.com ( by usma1ex-dag1mb4.msg.corp.akamai.com ( with Microsoft SMTP Server (TLS) id 15.0.913.22; Tue, 21 Oct 2014 10:44:27 -0400
Received: from USMBX1.msg.corp.akamai.com ([]) by usma1ex-cashub7.kendall.corp.akamai.com ([]) with mapi; Tue, 21 Oct 2014 10:44:26 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Date: Tue, 21 Oct 2014 10:44:24 -0400
Thread-Topic: Minutes from Tuesday
Thread-Index: Ac/s/80MFVvbkl4TRbKNfELmt8XWcw==
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C4AA6@USMBX1.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C4AA6USMBX1msgcorp_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/vQ7yLwUd5OZanqC7lXjf4OvStcg
Subject: [TLS] Minutes from Tuesday
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 14:44:34 -0000

Here's the draft minutes for today's interim.  Please post corrections to the list.

Should we remove SSLv3 from the session hash draft?  Various points about why SSLv3 is either not being used, or in devices that aren't being updated. One more update to remove SSLv3, some other cleanups, and then go to WG LC. Sean will try to force out any issues for discussion in Hawaii.

Bodo slides are at https://github.com/tlswg/wg-materials/blob/master/20141021_interim/TLS_FALLBACK_SCSV_IETF_TLS_Interim_Oct_2014.pdf   Based on list feedback, going to add some clarifications (no changes to the mechanism).  False start I-D needs to be updated since attacker can force a version; Bodo to do that. Discussion of distinguishing between TCP reset (in FF) and version intolerance. Discussion of when to 'guess' failure is transient or version intolerance. Need to add some guidance to the I-D: mixing SCSV and version-intolerant servers will cause a pain. Sean went through issues raised on mailing list.

What is status of false-start? Was held back by Google for interop concerns. MSFT always tries based on cipher-suite (says MT); others do it conditional on NPN or ALPN and a modern cipher like a DH. It's in wide use. Bodo will update the draft and ask the WG to adopt

Dkg on named groups. No longer an extension; allocating points within the namedcurve list, they are finite-field groups. Interacts with cipher-suite list.  Discussion about adding ordering semantics between the two lists. Change: clients that wish to express an ordering may order the curves/groups in their order of preference.

Discussion of RC4 draft.  Andrei via phone. Room strongly supports prohibiting RC4. Discussion about being able to address concerns raised by a few. Chair will close discussion and move it forward. Sean to include text about "just upgrade to TLS 1.2" as we considered alternatives and rejected them in his shepard notes or equivalent. Mention that youtube encodes video streams using RC4 only.

Return to DH named groups.  Dkg prefers not-using IKEv2 primes, so that national-scale adversaries workload doubles. We'll ask CFRG "do you have a problem with these groups?" Decided that SRP re-use of IKEv2 groups is not an issue. Discussion of sizes.  Sean going to straw poll the list for 2048 or 2432, will work with dkg to draft the message. Proposed sizes 20xx 3032 4096 8192. Discussion of having server return the full key.  Dkg to come back to the mailing list. Discussion of how to do PSK with PFS; neat hack/thought, treat it like a resumption.

Compressed points. Certicom says no IPR coverage any more. Likely to drop uncompressed points (and their negotiation) from TLS 1.3  ekr to do a straw poll on the mailing list.

Principal Security Engineer, Akamai Technologies
IM: rsalz@jabber.me<mailto:rsalz@jabber.me> Twitter: RichSalz