Markdown Version | Session Recording

Session Date/Time: 22 Mar 2024 05:00

uta

Summary

The Utah working group meeting covered two main presentations: one advocating for stronger adoption of TLS 1.3 for new protocols, and another discussing post-quantum cryptography (PQC) recommendations for internet applications using TLS. The discussions focused on the maturity of the drafts, the right venue for the PQC discussion, and specific technical details related to TLS versions and key exchange mechanisms.

Key Discussion Points

• TLS 1.3 Adoption: Rich Salz presented an update advocating for new protocols to require TLS 1.3 instead of recommend as per RFC 9325. Concerns were raised about potentially breaking existing deployments and needing explicit working group consensus on changing "should" to "must". Clarification was needed on what "new protocols" encompassed and the meaning of "defaulting" to TLS 1.3. Suggestions included focusing on setting the minimum TLS version to 1.3 and up for new protocols.
• PQC Recommendations for Internet Applications: Tiro presented a draft on PQC recommendations, focusing on data confidentiality and authentication. Discussions included the applicability of the draft to the Utah working group, given its overlap with work in TLS, LAMPS, and PQuIP. Concerns were raised that the draft might be premature, as core technologies in TLS and LAMPS aren't settled yet. Various approaches to hybrid key exchange, their deployment challenges (e.g., MTU issues, middlebox compatibility), and the exploration of using DNS SCCB records for key share preferences were discussed. The importance of hybrid schemes for regulatory compliance and a transition path were highlighted.
• RELEX Draft Review: The need for reviews of the draft focusing on using TLS in the RADIUS protocol was raised, with a request for TLS-aware experts to review it.

Decisions and Action Items

• TLS 1.3 Adoption: Issue an adoption call for Rich Salz's draft.
  • Rich Salz: Revise the draft to clarify the scope (new protocols) and the meaning of "defaulting" to TLS 1.3, potentially focusing on setting the minimum TLS version. Consider editorial suggestions for phrasing and wording.
• PQC Recommendations for Internet Applications: Discuss the maturity and scope of Tiro's draft on the mailing list to determine the next steps (adoption call or further individual development).
  • Tiro: Address the comments from the working group and decide whether to ask for adoption again.
  • John: Read the PQC draft and investigate potential collaboration with the PQuIP working group.
• RELEX Draft: Postpone the review for a week to allow for changes.
  • Yandrat: Send a new version of the draft to the mailing list with specific questions for TLS application experts and will send out after the new changes have been completed.
  • Paul Otis: Provide the list of three volunteers from the Zurich SAG meeting to Yandrat.

Next Steps

• Continue discussions on the mailing list regarding the TLS 1.3 adoption and PQC recommendation drafts.
• Issue adoption calls for drafts as appropriate based on mailing list discussions.
• Review the updated RELEX draft after the new version is released.