[TLS] Draft minutes for TLS, Monday session

Mon, 05 Nov 2018 01:16:18 -0800 

Draft minutes attached; please post corrections to the list.



Minutes  for TLS at IETF 103, Monday

Did administrivia (scribes, agenda, bluesheets)

Reviewed document status

DTLS 1.3 update, ekr
    - New unified packet header that is flexible and more tightly packed
    - Sequence (record) number is now encrypted
    - DTLS 1.3 MUST NOT use compatibility mode 
    - Removing end of early data marker
    - Changes to allow ConnectionID flexibility
    - Next version would go into WGLC
    
Deprecating TLS 1.0 and 1.1, Stephen Farrell
    - Details about which RFC's, BCP's are affected
    - Will remove the 'measurements' part
    - Remove SHA-1 deprecation from this document
    - Discussion of timeline; will do new draft and WGLC soon
    
Encrypted SNI, Nick Sullivan
    - Early drafts deployed by CloudFlare and FF Nightly, for experimentation
    - Changes from initial draft: two key shares, none, AEAD, replay 
protection, version
    - Major pending change: new DNS RRType instead of TXT
    - Proposal from floor: have list of ESNI records, for middleboxes (and 
others); DNSSEC
      implications and other discussion
    - Operational issues: DNS/server out of sync, multi-CDN usecase
    
Discussion of re-Chartering, chairs
    - Detailed text was sent to the mailing list
    - Discuss DTLS items in the charter (e.g., are they already done?)
    - Discuss timing of this; maybe wait for DTLS 1.3 to be done
    
External PSK, Russ Housley
    - Determine way forward via series of hum's
    - Decided to adopt the draft, which has only "external PSKs with 
certificates"
    
TLS Authentication using ITS ETSI and IEEE Certificates, Mounira Msahli
    - These are apparently smaller certificates than X509; used in vehicles
    - Description of new certificate types; will ask for IANA registration

External PSK Importers, Christopher A. Wood
    - Motivation was TLS 1.2 and 1.3 hashed differently
    - An importer takes an existing PSK, adds hash and optional label as base 
key,
      then generate key per hash supported
    - Comparison of this and "universal hash" document by David Benjamin
    
TLS Ticket Request, Christopher A. Wood
    - Clients want more/less tickets than servers send by default
    - Add ClientHello extension that hints number of tickets desired
    - Consensus to adopt as a WG document, to be confirmed on the list





_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to