Using TLS in Applications (UTA) WG

IETF 112, Friday, November 12, 2021, Session III, 16:00-17:00 UTC
https://meetings.conf.meetecho.com/ietf112/?group=uta&short=&item=1

Meeting materials: https://datatracker.ietf.org/meeting/112/session/uta

Chairs: Leif Johansson, Valery Smyslov
Responsible AD: Francesca Palombini

Note takers: Hannes Tschofenig, Rich Salz, Peter Saint-Andre

Agenda

recent changes

TLS supported versions

TLS 1.2 downgrade protection

RSA-PSS

obsoleting key exchanges

“consumer” documents

Peter Saint-Andre: the concern now would be about documents outside the IETF; we’ve done our due diligence; we should handle that in WGLC

Leif: there was discussion in SAAG - is there any syncronization we should be doing?

Yaron Sheffer: That is more a question for the ADs.

Leif: should we be talking with TLS WG etc.?

Francesca: I’ll check with Ben and review the notes/recordings

Leif: TLS is essentially doing work on recommending crypto; Hannes made comment about TLS is mostly focused on web applications of TLS

Ben Kaduk [Sec AD]: Nothing terrible to say now; ADs taking an action item to coordinate.

Peter Saint-Andre: we did cross post last time around so that coordination happened.

Valery Smyslov: t it sounds like the customer review is the big topic

Yaron: actually we completed that work but need to tie up a few details and report back

Valery: what about the dependency on the kex document?

Peter: people are always deprecating things, so we can publish but something else could be deprecated right after we publish; need to do occasional updates.

Jonathan Lennox: we might want to point people at, say, the IANA registry and TLS WG, where future deprecations could happen

Joe Salowey [TLS WG chair]: I think the intention is adopt the kex document. As to the broader coordination question, we should definitely have a chat among the chairs and ADs. We’re working toward the same goals.

Valery: We’ll do that.

Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) (Rich Salz)

recent changes

items for discussion

CCM_8 troubles

relaxing initial timer values

long connections without renegotiation

examples of client EE cert IDs

Open Mic