Shepherd writeup

1. Summary

This most excellent draft addresses a number of security, interoperability, and efficiency shortcomings that arise from the lack of clarity about which DH group parameters TLS servers should offer and clients should accept in their TLS handshakes.  This draft is bound standards track not only because it’s describing protocol bits but it’s also updating existing standards track RFCs.

Please note this draft applies to all version of TLS prior to 1.3.  TLS 1.3 is going to also going to adopt this work directly into its draft.

Sean Turner is the document shepherd and Stephen Farrell is our über Area Director!

2. Review and Consensus

This draft (previous names include draft-gillmor-tls-negotiated-dl-dhe and draft-ietf-tls-negotiated-dl-dhe) has been discussed on the mailing list and at numerous TLS f2f meetings (regularly scheduled IETF meets and TLS interims).  It’s been amended numerous times based on WG feedback and it accurately reflects the WG consensus.  The WGLC was also forwarded to the CFRG.

3. Intellectual Property

[Confirming this as of 2015-03-13]

The shepherd has confirmed the author's direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79.

4. Other Points

***DOWNREF ALERT *** There is a DOWNRF to  The WG will shortly be asked whether it is willing to adopt this draft.  Seems quite likely it will be adopted.

IANA Considerations: Note that this draft reuses/expands an existing registry to set aside a handful of specific codepoints for FFDHE groups, and a small "private use" range, but explicitly sets aside the entire range 0x0100 → 0x01FF exclusively for FFDHE (and indicates that no FFDHE will appear outside that range).  The WG was queried numerous times about this point and they were okay with this approach.  So, an IESG request to not reuse this existing registry is going to be meet with some pretty heavy opposition.  The IANA considerations are clearly noted in the draft.