FYI
---------- Forwarded message ---------
From: Christopher Wood <christopherwood07 at gmail.com>
Date: Wed, Mar 27, 2019 at 2:15 PM
Subject: [saag] TLS WG report
To: <saag at ietf.org>
TLS met on Monday and Tuesday. Several documents are ready for
submission to the IESG. The WG is prepared to address comments when
they come.
draft-ietf-tls-dtls13-30 is nearly complete with a few issues to
address. Initial interop between Mint and NSS was completed prior to
the meeting, with mbedTLS support coming soon. The document will not
go through another WGLC once interop is complete and issues are
resolved.
draft-ietf-tls-subcerts is ready for WGLC having received formal
analysis since its last update. draft-ietf-tls-oldversions-deprecate
is also ready for WGLC after deprecating DTLS 1.0 in addition to TLS
1.0 and 1.1.
The WG discussed draft-ietf-tls-certificate-compression and the
outstanding issue regarding how to include the compressed certificate
in the transcript. Participants signalled disinterest in changing the
current draft. Authors will write up the changes and chairs will begin
the WGLC process.
draft-ietf-tls-tls13-cert-with-extern-psk will likely be ready for
WGLC with experimental status after more review. There are no
implementations nor formal analysis for the design.
The WG discussed updates to draft-ietf-tls-esni, including an initial
multi-CDN solution and improved robustness. Participants raised
concerns about the current solution’s operational impacts and unknown
edge cases. Representative ESNI clients also expressed the desire to
minimize performance regressions for any solution. Authors will work
with members in the DNS community for additional feedback going
forward, though not block on that feedback.
draft-sy-tls-resumption-group and draft-wood-tls-external-psk-importer
have rough consensus to adopt as WG items. Chairs will confirm on the
list.
The WG discussed draft-kinnear-tls-client-net-address and general NAT
detection use cases. Concerns around client usage of address
information were raised. Authors will continue engaging on the list
for further discussion. Draft-tschofenig-tls-cwt was also presented
with no time for comments or questions.
The WG also discussed draft-sullivan-tls-opaque as a way to add OPAQUE
to TLS 1.3. Concerns around PAKE usefulness and lack of formal
analysis were raised. This PAKE will also be discussed in the CRFG.
draft-stebila-tls-hybrid-design discussed a framework for supporting
multiple key exchange algorithms in TLS 1.3. Participants signaled an
interest in choosing one design general that minimizes complexity
instead of surveying different design decisions. Concerns about
immaturity of the field of key exchange combiners were raised.
The WG also discussed draft-wang-tls-raw-public-key-with-ibc. This
document will not be adopted, and the authors will request codepoint
allocations from the designated experts. Draft-belyavskiy-fakesni was
discussed. Participants raised concerns about the proposed approach
and its efficacy when compared to the attacks listed in
draft-ietf-tls-sni-encryption.
_______________________________________________
saag mailing list
saag at ietf.orghttps://www.ietf.org/mailman/listinfo/saag
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20190327/6b59bbe1/attachment.html>