attachment
<div dir="ltr"><br><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div>FYI<br></div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <b class="gmail_sendername" dir="auto">Christopher Wood</b> <span dir="ltr"><<a href="mailto:christopherwood07@gmail.com">christopherwood07@gmail.com</a>></span><br>Date: Wed, Mar 27, 2019 at 2:15 PM<br>Subject: [saag] TLS WG report<br>To: <<a href="mailto:saag@ietf.org">saag@ietf.org</a>><br></div><br><br>TLS met on Monday and Tuesday. Several documents are ready for<br>
submission to the IESG. The WG is prepared to address comments when<br>
they come.<br>
<br>
draft-ietf-tls-dtls13-30 is nearly complete with a few issues to<br>
address. Initial interop between Mint and NSS was completed prior to<br>
the meeting, with mbedTLS support coming soon. The document will not<br>
go through another WGLC once interop is complete and issues are<br>
resolved.<br>
<br>
draft-ietf-tls-subcerts is ready for WGLC having received formal<br>
analysis since its last update. draft-ietf-tls-oldversions-deprecate<br>
is also ready for WGLC after deprecating DTLS 1.0 in addition to TLS<br>
1.0 and 1.1.<br>
<br>
The WG discussed draft-ietf-tls-certificate-compression and the<br>
outstanding issue regarding how to include the compressed certificate<br>
in the transcript. Participants signalled disinterest in changing the<br>
current draft. Authors will write up the changes and chairs will begin<br>
the WGLC process.<br>
<br>
draft-ietf-tls-tls13-cert-with-extern-psk will likely be ready for<br>
WGLC with experimental status after more review. There are no<br>
implementations nor formal analysis for the design.<br>
<br>
The WG discussed updates to draft-ietf-tls-esni, including an initial<br>
multi-CDN solution and improved robustness. Participants raised<br>
concerns about the current solution’s operational impacts and unknown<br>
edge cases. Representative ESNI clients also expressed the desire to<br>
minimize performance regressions for any solution. Authors will work<br>
with members in the DNS community for additional feedback going<br>
forward, though not block on that feedback.<br>
<br>
draft-sy-tls-resumption-group and draft-wood-tls-external-psk-importer<br>
have rough consensus to adopt as WG items. Chairs will confirm on the<br>
list.<br>
<br>
The WG discussed draft-kinnear-tls-client-net-address and general NAT<br>
detection use cases. Concerns around client usage of address<br>
information were raised. Authors will continue engaging on the list<br>
for further discussion. Draft-tschofenig-tls-cwt was also presented<br>
with no time for comments or questions.<br>
<br>
The WG also discussed draft-sullivan-tls-opaque as a way to add OPAQUE<br>
to TLS 1.3. Concerns around PAKE usefulness and lack of formal<br>
analysis were raised. This PAKE will also be discussed in the CRFG.<br>
<br>
draft-stebila-tls-hybrid-design discussed a framework for supporting<br>
multiple key exchange algorithms in TLS 1.3. Participants signaled an<br>
interest in choosing one design general that minimizes complexity<br>
instead of surveying different design decisions. Concerns about<br>
immaturity of the field of key exchange combiners were raised.<br>
<br>
The WG also discussed draft-wang-tls-raw-public-key-with-ibc. This<br>
document will not be adopted, and the authors will request codepoint<br>
allocations from the designated experts. Draft-belyavskiy-fakesni was<br>
discussed. Participants raised concerns about the proposed approach<br>
and its efficacy when compared to the attacks listed in<br>
draft-ietf-tls-sni-encryption.<br>
<br>
_______________________________________________<br>
saag mailing list<br>
<a href="mailto:saag@ietf.org" target="_blank">saag@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/saag" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</div></div>