W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: [TLS] Revised TLS Charter

From: Brian Smith <bsmith@mozilla.com>
Date: Mon, 23 May 2011 22:43:19 +0000
To: ietf-http-wg-request <ietf-http-wg-request@w3.org>
Cc: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Eric Rescorla <ekr@rtfm.com>
Message-ID: <1126122413.5534.1306190570278.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>
Eric Rescorla wrote:
> Can you advise on which drafts you have in mind?

1. draft-pettersen-tls-ext-multiple-ocsp

2. http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00 (NPN)

3. An extension to move the client certificate message to be between its ChangeCipherSuite and Finished messages (next to the NPN message), to protect it. Hopefully we can resurrect one of the previous drafts that proposed to do this.

4. An explicit one-roundtrip False-Start(-like) full handshake. (Needs a new I-D.)

We are planning to implement all of these extensions in Firefox. I believe that there are other major implementers that are planning to implement at least the first three.

We may also implement the current TLS False Start mechanism, but I think it would be better to have an opt-in one-round-trip handshake mechanism. Such a mechanism would probably involve the client optimistically putting a ClientKeyExchange (probably formatted like a ServerKeyExchange) message in a ClientHello extension, so that the server can send its ChangeCipherSuite and Finished messages immediately after its ServerHelloDone message.


> Thanks,
> -Ekr
> On Fri, May 20, 2011 at 10:42 AM, Brian Smith <bsmith@mozilla.com>
> wrote:
> > Joe Salowey wrote:
> >> [Joe] Our security AD has requested that we tighten up the charter
> >> such that significant changes to the protocol require a charter
> >> update. We can certainly discuss the topics you raise without a
> >> charter update. It may be possible to publish documents for some of
> >> the things you want without a charter update. For other things, in
> >> particular things that require significant change to the TLS state
> >> machine or other aspects of the protocol we are going to have to go
> >> through the process of updating the charter. This does not have to
> >> be
> >> a heavyweight process, but it does require more review than just
> >> adding a working group milestone. Since TLS is in widespread use in
> >> all areas of the IETF this ensures there is some cross area review
> >> before we initiate the work for a major change
> >
> > In the next couple of weeks, I could work on getting some drafts of
> > extensions (and/or resurrect some old ones) that I would like to be
> > considered on the standards track, which we (Mozilla and others) are
> > likely to implement and deploy soon. At least two of these
> > extensions do affect the state machine and most of the changes have
> > already been discussed at length in the working group. I think this
> > would be useful input for the decision of what to include in the
> > initial revision of the charter, and would probably prevent some
> > unnecessary future debates about it.
> >
> > Cheers,
> > Brian
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
Received on Tuesday, 24 May 2011 06:29:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:52 UTC