Transport Layer Security (TLS) WG Minutes
Meeting : IETF-74, Thursday 2009-03-26
Location: San Francisco
Chairs  : Eric Rescorla and Joe Salowey
Minutes : Paul Hoffman
Version : 0
=====================================================================

Note that material from the slides is not copied here

A. Document status

- Lots of RFCs since last meeting
- Three docs in process
- DTLS 1.2 is the only really active document

B. DTLS 1.2 (draft-ietf-tls-rfc4347-bis-02.txt)
	
- Presented by Eric Rescorla (Ekr)
	
- This is a delta to make DTLS align with TLS 1.2
- Rehandshakes are more complicated in DTLS, so there is more 
  clarifications 
- OpenSSL was losing packets
  Wants a new requirement that you not purposely lose them
- Text was unclear about transition between epochs
  Was just bad writing: treat epochs as separate
- PMTU text was wrong; it's not infinite
- Order of data and handshake made a downgrade attack apparent
- An invalid cookie could be a race condition for rekeying
  Text added to say "good luck"

Paul Hoffman: have you checked with protocol developers believe that
  these are just clarifications
Michael Tuexen: they had tested OpenSSL with Certicom and they 
  agreed
Michael: said they have a test server and want people to use it

C. TLS Cert Cache (draft-santesson-tls-certcache-00.txt)

- Presented by Stefan Santesson
	
- Basic idea, get rid of server certificate if the client already 
  knows it
- Useful if on error-prone connection and EAP TLS
- Maybe add a hash algorithm identifier to add agility
	
Pasi: Maybe need to deal with keys, not full certs
Ekr: Likes generality, hates specificity
  Wants another level of indirection
  Maybe wants the CAlist also cached
Sean Leonard: If there are multiple certs for the same key, 
  they may have different validation properties
Ekr: would send both hashes for each argument
Charlie Kaufman: can include the actual cert instead of the hash for the 
  finish message
Ekr and Stefan thought this might be too complicated
Harry Mills-Minor: Hash agility is good so someone can drop SHA-1 
  later
Stefan: it helps for optimization
Ekr: Worth doing this document
  Wants the agility

D. DTLS Mobi-D (draft-barrett-mobile-dtls-00)

- Presented by Michael G. Williams
	
- Host-based mobility
- Purpose: avoid overhead when a mobility event occurs
  When mobility is not available in the transport
  Best for where UDP works well
- Requires some extensions to DTLS
- When client changes IP address, client can nudge the 
  server to send to its new address
	
Ekr: OP packet does not have any semantics
  Can be extended later to mean something
Michael Tuexun: A heartbeat feature could be added to DTLS
  Heartbeat would need to be acked
  If so, this OP is not needed

- Useful for wide-area-only radio devices (can't rely on network 
  to help you)
- Works when you move from two non-cooperating networks (indoor 
  to outdoor, for example)
  
+ Ekr asked for support
+ Some folks who could not be here support
+ Five folks said they would help review documents
+ No one against
+ This needs to be discussed with Transport folks as well

E. Finished Early