Minutes of the TLS working group meeting, 20 November 2002 The TLS working group met in a one-hour session at the 49th IETF in San Diego, CA. The meeting was chaired by (and minutes written by) Win Treese (treese@acm.org). A log of the simultaneous Jabber session is at [1]http://www.ietf.org/proceedings/02nov/jabbers/tls.html Agenda 1. Introduction and agenda modification (Win Treese) 2. The TLS Protocol Version 1.1 -- [2]draft-ietf-tls-rfc2246-bis-02.txt (Eric Rescorla) 3. SRP for TLS -- [3]draft-ietf-tls-srp-03.txt (Tom Wu) 4. Ciphersuite registration (Win Treese) 5. Recent developments with the RSA algorithm (Russ Housley) 6. Using Sigcomp compression in TLS (Carsten Bormann) Eric Rescorla described the changes to the TLS version 1.1 draft, particularly in the way initialization vectors are handled for CBC-mode ciphersuites. He expects to have an updated version by early January, which should be ready for submission to the IESG shortly thereafter. Because of the changes to the protocol, it will be submitted for publication as a Proposed Standard. Tom Wu gave a short update on the proposed ciphersuite for SRP with TLS, including a version using SRP-6. Tom was asked how much scrutiny SRP-6 has received, and he said it is still new. There was some discussion of the patent status with respect to SRP, and some reluctance to push it forward for publication without some clarity. The question will be taken to the mailing list for further discussion. [Slides in [4]PostScript or [5]PDF]. Handling the registration of ciphersuites continues to be a problem. The TLS 1.1 document will have a new ``IANA Considerations'' section to help solve the problem. Treese proposed the following criteria for spending WG time on ciphersuites: * Standards track + WG consensus for standards track + No intellectual property limitations + Sufficient description of algorithsm + Sufficient analysis of security properties * Informational + Reasonable documentation of both ciphers and ciphersuite + Credible cipher + No ``obvious'' security problems + No endorsement from WG about security properties The guidelines were generally accepted as reasonable. Russ Housley presented some recent work at ANSI X9.44 related to TLS, including some suggestions for future improvements. Details are in his slides: [6]PowerPoint or [7]PDF. Carsten Bormann presented some early thoughts on using the SIGCOMP work on compression algorithms with TLS. Details are in his slides: [8]PowerPoint or [9]PDF. Status of other documents Other documents in front of the working group include: * ECC Cipher Suites For TLS ([10]draft-ietf-tls-ecc-02.txt): Under discussion. * Addition of Camellia Ciphersuites to Transport Layer Security (TLS) ([11]draft-ietf-tls-camellia-02.txt): submitted for publication as Informational RFC. * Using OpenPGP keys for TLS authentication ([12]draft-ietf-tls-openpgp-keys-02.txt): Under discussion. * Transport Layer Security Protocol Compression Methods ([13]draft-ietf-tls-compression-03.txt): Under discussion. * Upgrading to TLS Within HTTP/1.1 ([14]RFC 2817): Should it advance to Draft Standard? _________________________________________________________________ References 1. http://www.ietf.org/proceedings/02nov/jabbers/tls.html 2. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-02.txt 3. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-srp-03.txt 4. http://www.treese.org/ietf-tls/meetings/2002-11/wu-srp.ps 5. http://www.treese.org/ietf-tls/meetings/2002-11/wu-srp.pdf 6. http://www.treese.org/ietf-tls/meetings/2002-11/housley-x9-44.ppt 7. http://www.treese.org/ietf-tls/meetings/2002-11/housley-x9-44.pdf 8. http://www.treese.org/ietf-tls/meetings/2002-11/bormann-sigcomp.ppt 9. http://www.treese.org/ietf-tls/meetings/2002-11/bormann-sigcomp.pdf 10. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt 11. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-camellia-02.txt 12. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-02.txt 13. ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-compression-03.txt 14. http://www.ietf.org/rfc/rfc2817.txt