Hi!
I would like to strongly support two clauses in the proposed update to the TLS
Charter:
"applicability and suitability of the TLS family of protocols for use in emerging protocols and use
cases."
and
"This goal also includes protocol changes that reduce TLS resource consumption without affecting
security."
In the way of introduction, my name is Wally Pratt and I have lead development and evolution of the
HART Field Communications Protocol "HART" since 1994. As of 2019 the installed base of HART is in
excess of 45 million devices with millions more shipped every year. Not so many compared to IT
infrastructure but certainly the overwhelming majority of process instruments.
Today HART supports communications in the Process Automation space in three variations: Over the
4-20mA current loop, wirelessly via IEEE 802.15.4 and via IP. HART enabled process instruments are
all about low power. HART 4-20mA devices have a power budget of 30-50mW and WirelessHART devices
operate 3+ years on a single 'D' cell battery. HART-IP process automation instruments must limit
power consumption such that a spark cannot be generated that ignites Hydrogen.
Technology improvements in (A) low power (wired) physical layers and (B) security are underway for
HART-IP. These improvements will enable wider application of HART-IP (e.g., in intrinsically-safe
and explosive environments).
From a security perspective, we strongly support and encourage the notion of using TLS in isolated,
power and resource constrained devices.
In particular, I have been observing the CFRG evaluation of PAKE-based ciphersuites. I hope these
will make there way into TLS. They appear well suited for air-gapped process automation
instrumentation. We intend to support your selection once incorporated into a released TLS RFC.
Thank you very much for your consideration and
Best regards,
Wally Pratt Jr
Director, HART Technology | FieldComm Group
+1 512-792-2300 | [email protected] | http://www.fieldcommgroup.org
On 3/6/20 2:00 PM, [email protected] wrote:
------------------------------
Message: 4
Date: Fri, 06 Mar 2020 10:03:51 -0800
From: The IESG<[email protected]>
To: "IETF-Announce"<[email protected]>
Cc:[email protected]
Subject: [TLS] WG Review: Transport Layer Security (tls)
Message-ID:<[email protected]>
Content-Type: text/plain; charset="utf-8"
The Transport Layer Security (tls) WG in the Security Area of the IETF is
undergoing rechartering. The IESG has not made any determination yet. The
following draft charter was submitted, and is provided for informational
purposes only. Please send your comments to the IESG mailing list
([email protected]) by 2020-03-16.
Transport Layer Security (tls)
-----------------------------------------------------------------------
Current status: Active WG
Chairs:
Christopher Wood<[email protected]>
Joseph Salowey<[email protected]>
Sean Turner<[email protected]>
Assigned Area Director:
Benjamin Kaduk<[email protected]>
Security Area Directors:
Benjamin Kaduk<[email protected]>
Roman Danyliw<[email protected]>
Mailing list:
Address:[email protected]
To subscribe:https://www.ietf.org/mailman/listinfo/tls
Archive:https://mailarchive.ietf.org/arch/browse/tls/
Group page:https://datatracker.ietf.org/group/tls/
Charter:https://datatracker.ietf.org/doc/charter-ietf-tls/
The TLS (Transport Layer Security) working group was established in 1996 to
standardize a 'transport layer' security protocol. The basis for the work was
SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed
a series of specifications that describe the TLS protocol v1.0 [RFC2246],
v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS)
v1.0 [RFC4347], v1.2 [RFC6347], and v1.3 [draft-ietf-tls-dtls13], as well as
extensions to the protocols and ciphersuites.
The working group aims to achieve three goals. First, improve the
applicability and suitability of the TLS family of protocols for use in
emerging protocols and use cases. This includes extensions or changes that
help protocols better use TLS as an authenticated key exchange protocol, or
extensions that help protocols better leverage TLS security properties, such
as Exported Authenticators. Extensions that focus specifically on protocol
extensibility are also in scope. This goal also includes protocol changes
that reduce TLS resource consumption without affecting security. Extensions
that help reduce TLS handshake size meet this criterion.
The second working group goal is to improve security, privacy, and
deployability. This includes, for example, Delegated Credentials, Encrypted
SNI, and GREASE (RFC 8701). Security and privacy goals will place emphasis on
the following:
- Encrypt the ClientHello SNI (Server Name Indication) and other
application-sensitive extensions, such as ALPN (Application-Layer Protocol
Negotiation).
- Identify and mitigate other (long-term) user tracking or fingerprinting
vectors enabled by TLS deployments and implementations.
The third goal is to maintain current and previous version of the (D)TLS
protocol as well as to specify general best practices for use of (D)TLS,
extensions to (D)TLS, and cipher suites. This includes recommendations as to
when a particular version should be deprecated. Changes or additions to older
versions of (D)TLS whether via extensions or ciphersuites are discouraged and
require significant justification to be taken on as work items.
The working group will also place a priority in minimizing gratuitous changes
to (D)TLS.
Milestones:
TBD
..
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
