LGTM, I agree with using “resource" instead of “size”… My understanding is that “security” is broad enough to cover new authentication mechanisms and that “privacy" will be broad enough to cover “metadata protection” if needed, correct? B.
> On Jan 17, 2020, at 4:31 AM, Christopher Wood <c...@heapingbits.net> wrote: > > Hi folks, > > As discussed in Singapore, it's time to re-charter the working group to > reflect ongoing (e.g., Exported Authenticators and Encrypted SNI/CH) and > future work (e.g., cTLS). For reference, the current charter is available > here: > > https://datatracker.ietf.org/doc/charter-ietf-tls/ > > A draft of the new charter is below, and also available on GitHub [1]. Please > have a look and and send comments, either here on the mailing list or in the > GitHub repo, by 2359 UTC on 30 January 2020. Any and all feedback is welcome! > We would like to complete this in advance of IETF 107 so we can move forward > with items such as cTLS. > > ~~~ > The TLS (Transport Layer Security) working group was established in 1996 to > standardize a 'transport layer' security protocol. The basis for the work was > SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed > a series of specifications that describe the TLS protocol v1.0 [RFC2246], > v1.1 [RFC4346], v1.2 [RFC5346], and v1.3 [RFC8446], and DTLS (Datagram TLS) > v1.0 [RFC4347], v1.2 [RFC6347], and v1.3 [draft-ietf-tls-dtls13], as well as > extensions to the protocols and ciphersuites. > > The working group aims to achieve three goals. First, improve the > applicability and suitability of the TLS family of protocols for use in > emerging protocols and use cases. This includes extensions or changes that > help protocols better use TLS as an authenticated key exchange protocol, or > extensions that help protocols better leverage TLS security properties, such > as Exported Authenticators. Extensions that focus specifically on protocol > extensibility are also in scope. This goal also includes protocol changes > that reduce the size of TLS without affecting security. Extensions that help > reduce TLS handshake size meet this criteria. > > The second working group goal is to improve security, privacy, and > deployability. This includes, for example, Delegated Credentials, Encrypted > SNI, and GREASE. Security and privacy goals will place emphasis on the > following: > > - Encrypt the ClientHello SNI (Server Name Indication) and other > application-sensitive extensions, such as ALPN (Application-Layer Protocol > Negotiation). > - Identify and mitigate other (long-term) user tracking or fingerprinting > vectors enabled by TLS deployments and implementations. > > The third goal is to maintain current and previous version of the (D)TLS > protocol as well as to specify general best practices for use of (D)TLS, > extensions to (D)TLS, and cipher suites. This includes recommendations as to > when a particular version should be deprecated. Changes or additions to older > versions of (D)TLS whether via extensions or ciphersuites are discouraged and > require significant justification to be taken on as work items. > > With these goals in mind, the working group will also place a priority in > minimizing gratuitous changes to (D)TLS. > ~~~ > > Best, > Chris, on behalf of the chairs > > [1] https://github.com/tlswg/wg-materials/blob/master/charter/charter.md > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
