Minutes IETF100: tls
minutes-100-tls-00
| Meeting Minutes | Transport Layer Security (tls) WG | |
|---|---|---|
| Date and time | 2017-11-16 01:30 | |
| Title | Minutes IETF100: tls | |
| State | Active | |
| Other versions | plain text | |
| Last updated | 2018-01-02 |
minutes-100-tls-00
IETF 100 - TLS working group meeting Chairs: Joe Salowey, Sean Turner Minutes: Rich Salz Thursday November 16, 2017 0930-1200 (UTC+08) For background, see https://datatracker.ietf.org/meeting/100/session/tls Administrivia (10min) Document Status (5min) - Record size I-D to go to WGLC TLS1.3 (40min) - Ekr: Hopefully the really last time I have to stand up and talk about TLS 1.3 Discussion of changes required, and optional, to work around middlebox intolerance (which actually means anyone can force a downgrade to TL 1.2) and get the observed TLS 1.3 failure rates down to levels comparable to previous versions. Strong consensus (via hum) in the room to overall support these changes. Strong consensus (via hum) to not require “compatibility mode” as described on the slides. - David Benjamin presented measurement info from Chrome. - Half-close getting merged. SNI and resumption – waiting for PR to describe slide content, then to be merged - Discussion of next steps. Chairs want to see the Mozilla approx. confirmation of Google numbers - Expect draft-22 with changes discussed here, then WGLC then move to IETF LC and then… profit. DTLS1.3 (30min) - Ekr presenting; mainly joint work with Hannes. See slides. Connection ID (25min) - Ekr presenting. See slides. - Strong consensus via hum to adopt this. Exported Authenticators in TLS (10min) - Nick Sullivan presenting. - Have a Tamarin (formal analysis) model, preliminary results promising but there is some duplicated logic so there is a proposed change. - HTTPWG is looking at “additional certs” which does require this draft. IANA Registry Updates for TLS and DTLS (10min) - Sean presenting. - Stephen Farrell to shepherd and AD review starting. Extension for protecting (D)TLS handshakes against Denial of Service (10min) - Marco Tiloca presenting - Trust anchor (trusted by TLS server) generates handshake token for client to present when it talks to the server as a handshake extension. Crypto all around. - Owen Friel presenting. Discussion about goals and motivation.