Friday, November 8, 2024
Session II, 13:00 - 15:00
The Auditorium
Administrivia - chairs (5 min)
RichS taking notes (your name here)
No agenda updates
TLS Tussle Update - Sean
Got consensus on the problem statement. One proposal submitted.
Another draft coming.
Deadline for submissions 20 Dec, then 13 Jan call for adoption. This
has been done before, just make sure complete draft, not
skeleton/IOU draft.
Discussion about the schedule.
AD input: this is fair, consider having an interim in January if you
get other drafts.
Sean: One take-away we need to be better/earlier about fixing
specific deadlines. We will move forward this plan and take it to
the list.
Registry Updates - Rich Salz
A stunning presentation. I laughed, I cried, I was moved.
ECH Discussion - Eric Rescorla
Review of GH issues:
Will get new draft before Dec 20
FATT Updates - Joe
See slides for details of current proposal, particularly page 3.
Working on getting at least two more members into the analysis team.
Discussion. Stephen: don't think private discussion is in best
interests of TLS, IETF. Joe: it would be better. Stephen: let's
encourage, now, not to be private. Dierdre: we have parties who want
to contribute, and want space to work it out amongst themselves.
Mohammed: in favor of more openness. Sean: we can ask them about
being public. Mohammed: suggest putting point person on the DT
per-document page.
Sean: waiting to hear back from point person for Russ's draft. Then
have three other drafts likely to go to the panel.
CHAIRS ACTION ITEM
Please list the specific drafts!
DTLS Clarifications - David Benjamin
Slides enumerate 13 particular issues found while working on an
implementation.
EKR: Publish 9147 as 9147bis-00 call for adoption. Create a repo.
Sean: Can we skip call for adoption?
Paul: I'll check the process, and let you know; I have no problem
with it.
Abridged Certs Update - Dennis Jackson
Got feedback pass 2 (compress end-entity cert) was more complex than
worth. Propose to use Brotli with no dictionary (about 200 bytes
cost). Propose in-line compression dictionary for CCADB cert list.
Rich; Use CCABB timestamp/version instead of inlining the
dictionary.
Kyle: I like Zstd. Please leave window open to switch from Brotli
back to Zstd.
Alessandro: there are various proposals to elide intermediates, hope
we can settle on one method.
Sean: when do WGLC?
Dennis: I want to do some of the experiments, and if they go well,
might request move to standards track.
Sean: so maybe in fall?
Dennis: yes.
Alessandro: we can't do experiments earlier than 25Q1.
Extended Key Update - Yaorslov Rosomakho
See slides for details. Yaorslov: no open issues, ready for next
steps (analysis sniff update).
Sean: will mark as "update sslkeylogfile RFC?" Yaorslov: yes, once
it has an RFC number.
EKR: Don't need to wait for DTLS1.3bis to get a code point.
SSLKeylog ECH - Yaorslov Rosomakho
See slides for detais. Supported by latest wireshark build. Adding a
new IANA registry for SSLKEYLOGFILE labels.
CHAIRS ACTiON ITEM
We'll start WGLC before end of November.
Sean will talk with Martin about moving the IANA section to the base
doc.
draft-fossati-tls-attestation - Hannes Tschofenig
Attestion is happening in several places in IETF and related:
attested TLS, attests CSR, RFC 9261, formal verification;
implementations exist.
Use cases include confidential computing, devic onboareding; web is
not a use case.
EKR: Are you trying to attest "I am the only entity that has access
to the keys?" Hannes: yes
MikeO: Is "are you allowed on the corporate VPN?" A web use-case?
Hannes: no, but others are working on this problem not using these
techniques.
MontyW: I would like to see this useful for slow compute devices
like TPMs
Hannes: looking for adoption as an experimental doc.
Decision: Need more discussion on the list before issuing adoption
call.
draft-kwiatkowski-tls-ecdhe-mlkem - Kris Kwiatkowski
See slides for details.
Discussion about order of the component parts.