[TLS] TLS1.3 status/expectations

Sean Turner <sean@sn3rd.com> Mon, 29 February 2016 14:45 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 150111B3294 for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 06:45:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3xUOOVf0o_K for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 06:45:07 -0800 (PST)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC221B328E for <tls@ietf.org>; Mon, 29 Feb 2016 06:45:07 -0800 (PST)
Received: by mail-qk0-x233.google.com with SMTP id x1so56925247qkc.1 for <tls@ietf.org>; Mon, 29 Feb 2016 06:45:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=PRYdOAQZIOe3ocdjor4Mp80cBWG/FUFxO1qDC+WI3/s=; b=BIaT+R2MNGbqEr75fvi/yH0vLk1IarcL4GmUn5ubgReFe+vAMeXXyPIGx5M8gvOBN2 e7gEXm2N6YpzYi1CrH8AgMyTM16vzZNIfcVMzro1RBY1Frw0etvA6eufsxZQ/hltpeyo TP1qkweC6LEY0Yf+3Kc/JdXIGUAlqrLNajHvM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=PRYdOAQZIOe3ocdjor4Mp80cBWG/FUFxO1qDC+WI3/s=; b=a0naXCYPzeK3QeUvRRzSrp7Vo/v/9RkCgdk3wMHmIhGTf6BqxKDwJ09cQ+BjlGWXRq 4dIezZPAf1xN71//nTdhmvQE8ieAd0ZBxmGy7ZFgJ0PUKLk/XZajvpgs4DormPPBEJO+ 7sF4aIsi1NMaVwWAkFPyUg3rTNO4CDadu6xkDj2eA1/pBnHhd6ng3dozLbW4g8lspbp6 VmimV0r/zCxTGDbOOgCSSQm8+EI5BxOu2AbhxRKwMYifJi+o2xQLcq/gML/Vvog009+H rJNUXfn5ZHUPexMU8zrDIZUNnkniSfUkYIBU4lw5syxZOXh8+vHVFiJUSHu2wJeKtbW4 zkvA==
X-Gm-Message-State: AD7BkJIXQ4w+BNDOTL7ayZi6fR7mtLJVSFq+diYUICMwF3hqy+f84ydDKLn1u1SNhdj5oA==
X-Received: by 10.55.78.84 with SMTP id c81mr19818010qkb.85.1456757105864; Mon, 29 Feb 2016 06:45:05 -0800 (PST)
Received: from [172.16.0.112] ([96.231.217.211]) by smtp.gmail.com with ESMTPSA id j67sm11019126qgj.35.2016.02.29.06.45.05 for <tls@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 29 Feb 2016 06:45:05 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <84AEB140-D703-4AC0-91D7-02A01FD71A5A@sn3rd.com>
Date: Mon, 29 Feb 2016 09:45:04 -0500
To: "<tls@ietf.org>" <tls@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zhimNrsw_3QzsnNlipZTDeafF18>
Subject: [TLS] TLS1.3 status/expectations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 14:45:09 -0000

At the TRON workshop [0], we (Joe and Sean) were asked to provide our views about the status and timeline for TLS 1.3; we wanted to share the same information with the WG.

Before that though, we want to thank the researchers for the time they put into analyzing the protocol as well as the TRON Workshop sponsors.  The workshop was constructive and helpful.  There are a number of groups formally analyzing the protocol, some by hand and some with automated tools, they’ve already discovered issues that we’ve fixed [1].

The workshop made the following clear to us wrt TLS 1.3:

o - Basically OK overall, but there was some sentiment that we should only do 0-RTT with PSK (see recent list discussion).

o - Some researchers prefer the key schedule that is currently documented in the draft because it eases modular analysis of the protocol. Others prefer the simplified proposals in [2,3].

We are hoping to be able to do a WGLC sometime shortly after Buenos Aires (i.e., mid-April).  Of course, this timeline is entirely dependent on the WG reaching consensus on the remaining issues.

At this point we are looking at reducing change to the protocol.  We are not looking to add any more features, removal of features and slight changes that improve the protocol are still on the table. Obviously, if we find any glaring issues we will fix them regardless.

One thing that was reinforced at TRON and we think the TLS WG should be aware of is that the research community needs time to do their analysis.  With that in mind, the chairs are very strongly leaning towards an extended WGLC of 6 weeks.

J&S

[0] https://www.internetsociety.org/events/ndss-symposium-2016/tls-13-ready-or-not-tron-workshop-programme
[1] https://mailarchive.ietf.org/arch/msg/tls/TugB5ddJu3nYg7chcyeIyUqWSbA
[2] https://mailarchive.ietf.org/arch/msg/tls/uUbeVDQwJuZO_bYhOWJRvlNlNtg
[3] https://mailarchive.ietf.org/arch/msg/tls/rgiTKwRb23T7iKjlkAQAt112ipY