Re: [TLS] TLS Charter Revision

Mohamad Badra <mbadra@gmail.com> Thu, 05 December 2013 14:26 UTC

Return-Path: <mbadra@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCD9A1ADFD0 for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 06:26:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vddxxaDF9Y4 for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 06:26:37 -0800 (PST)
Received: from mail-ve0-x229.google.com (mail-ve0-x229.google.com [IPv6:2607:f8b0:400c:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id DDAEB1ADF94 for <tls@ietf.org>; Thu, 5 Dec 2013 06:26:36 -0800 (PST)
Received: by mail-ve0-f169.google.com with SMTP id c14so14102691vea.0 for <tls@ietf.org>; Thu, 05 Dec 2013 06:26:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zYpoVK4ybKcN7vlgdzv4UYtWh/lSwYgE8sZHkNCM1u0=; b=ubydr2D7Ye5sUu/2JLRgmV/Y1JDt5lnI+dTfnJhcwmQeUg/13o4uFd47nw0Y147XcV R/vjy04M2fCl+B2E7Q6U6ktiKTgRpElzdpx5IAl14HooXCMR/dlkQ+0t7SEnHi1efBsc LScyiXSigk7IV6J6cL89lhEn4i08GA6J4QqJOdlgapMqe0+j1i8Rdb7EnTROOLrxt6BS PchaNhE7cjQnqAXXoINQ6njtC9ZzTZc1G5VQKT7DoQ1cO5i3GWXic5L1GgTEgJkRpmwb 6cNBoiRPe7G+kmpE8Grd8MML72P+GTIHvJIqcCO051CXcyTHFAntzmkQEIcR2XUm52HR YUyw==
MIME-Version: 1.0
X-Received: by 10.220.64.200 with SMTP id f8mr840143vci.54.1386253593343; Thu, 05 Dec 2013 06:26:33 -0800 (PST)
Received: by 10.221.43.138 with HTTP; Thu, 5 Dec 2013 06:26:33 -0800 (PST)
In-Reply-To: <2F2286E3-7717-4E8F-B1EA-B2E4155F7C17@cisco.com>
References: <2F2286E3-7717-4E8F-B1EA-B2E4155F7C17@cisco.com>
Date: Thu, 5 Dec 2013 18:26:33 +0400
Message-ID: <CAOhHAXzf+q32ed7O+bG90yMsPNZDJ2HZcwr5pcncbEXQ9pyMKw@mail.gmail.com>
From: Mohamad Badra <mbadra@gmail.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Content-Type: multipart/alternative; boundary=001a11c1eb4400280204ecca51dd
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS Charter Revision
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 14:26:39 -0000

On Mon, Dec 2, 2013 at 11:23 PM, Joseph Salowey (jsalowey) <
jsalowey@cisco.com> wrote:

> Hi Folks,
>
> Sean, Eric and I have been put together a revised TLS working group
> charter to cover the TLS 1.3 work.   Please review the following charter
> and send any comments to the TLS list by December 16, 2013.
>
> Thanks,
>
> Joe
> [For the Chairs]
>
>
> The TLS (Transport Layer Security) working group was
> established in 1996 to standardize a 'transport layer'
> security protocol.  The basis for the work was SSL
> (Secure Socket Layer) v3.0.  The TLS working group has
> completed a series of specifications that describe the
> TLS protocol v1.0, v1.1, and v1.2 and DTLS
> (Datagram TLS) v1.2 as well as extensions to the
> protocols and ciphersuites.
>
> The primary purpose of the working group is to develop
> (D)TLS v1.3.  Some of the main design goals are as follows,
> in no particular order:
>
> o Develop a mode that encrypts as much of the handshake as
> is possible to reduce the amount of observable data to
> both passive and active attackers.
>
​​

Actually, I am surprised that the co-chair Eric​ ​is​ ​really​ ​supporting
the above text!

1-  As ​you are fun of​ ​doing a DHE exchange before establishing an
ordinary handshake​ to avoid passive/active attacks, why aren't you
supporting its integration to TLS1.3? (I am repeating the same argument
​the WG co-chairs ​used against adopting
draft-hajjeh-tls-identity-protection as a WG item​).​ Do you really need
this major changes to the TLS state machine? ;)

​2- ​Will your statement [1] apply when encrypting the certificate during
the "initial" TLS1.3 handshake?

​Best regards,
Badra​
​[1] https://datatracker.ietf.org/ipr/1036/​