[TLS] Draft minutes for Tuesday

Tue, 23 Jul 2019 15:14:28 -0700 

Are on etherpad at https://etherpad.ietf.org/p/notes-ietf-105-tls

Cut/pasted here (but more readable there):
TLS at IETF 105

Tuesday

Status update (drafts, code points, etc) -- see the slides

CFRG working on PAKE selection;  integration with TLS is obviously important, 
come to CFRG meeting.

Delegated credentials

  *   Server side patch in boringSSL; NSS client side soon to be in FF nightly; 
FB work in progress

  *   Plan to drop LURK mention, remove PKCS#1 v1.5 (RSA PSS only) [Martin says 
needs more text for clarity]

  *   Plan was to not go forward without proof that this doesn't weaken PKI 
security; a by-hand one is in progress

  *   Refine "Delegated credentials" term to "Delegated authentication keys"

  *   Plan is to start WGLC, but make sure it isn't finished until the analysis 
is done and reviewed by the WG

  *
Deprecate MD5 and SHA1 in TLS 1.2

  *   Make signature_algorithms mandatory in handshake; forbig MD5 and SHA1 
algs in that extension

  *   Andrei says MSFT can't enforce now but willing to do so in the future

  *   Consensus in room is to adopt as a WG item; to be confirmed on the list

  *
TLS Flags Extension

  *   TLS 1.2 has 46 extensions; TLS 1.3 has 28; more coming

  *   Many extensions have no data, just 1 bit of data (their presence) -- call 
them "flag extensions"

  *   Various methods (fixed-size bitmask, varying-size bitmask, array of 
bytes, etc)

  *   Can't re-do existing extensions (at least in clientHello), but server 
response and other messages could do so

  *   Consensus in room is to adopt as a WG item; to be confirmed on the list

  *
Suppress Intermediates

  *   A new flag in clientHello says "don't send intermediates"

  *   Not clear what to do if intermediate ends up not being available; options 
are then ugly

  *   Server would ignore extension if it "knows" its chain is "unusual" 
("weird" etc)

  *   There is interest, but not ready to ask for adoption yet

  *
TLS 1.3 Impact on Network Based Security Solutions

  *   Network solutions sometimes insert a middlebox proxy between the client 
and the server, observers TLS metadata to do policy and access control. TLS 1.3 
handshake changes affect these solutions.

  *   Incorporated feedback, has been stable since IETF 104. New commentary 
started today.

  *   Original plan was to ask for publication as informational even though 
it's not in charter.

  *   More people read this draft than any other draft; interesting and 
surprising factoid.

  *   Adjourn without action.

  *


_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to