The TLS Working Group met on 1 August 2000 at the 48th IETF meeting in Pittsburgh, PA. Minutes by Win Treese. The meeting was chaired by Win Treese . Mailing list: ietf-tls@lists.certicom.com These notes and presentations from the meeting are available at http://www.treese.org/ietf-tls/meetings/00-08/index.html Rendered versions of the PowerPoint slides into images and HTML will be available shortly. Agenda ------ 1. Update TLS charter 2. Getting to Draft Standard 3. Presentation and discussion on WTLS (Wireless Transport Layer Security) 4. Proposed cipher suite specifications 5. Presentation: TLS on mobile devices (Vipul Gupta) New charter ----------- The TLS charter is out of date and needs to be updated. Treese proposed the following new text and milestones: The TLS Working Group was established in 1996 to standardize a "transport layer" security protocol. The working group began with SSL version 3.0, and in 1999, RFC 2246, TLS Protocol Version 1.0 was published as a Proposed Standard. The working group has also published RFC 2712, Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) as a Proposed Standard, and two RFCs on the use of TLS with HTTP. The primary purpose of the working group is to advance the TLS Protocol to Internet Standard. In addition, the working group will publish documents defining new ciphersuites for use with TLS as needed. Milestones Nov 2000 First revised draft of TLS specification April 2001 Submit specification to IESG for consideration as Draft Standard This proposal was generally accepted in the room, with final discussion and agreement to forward to the IESG to be done on the mailing list. Getting to Draft Standard ------------------------- The main goal of the working group at this point is to get the TLS specification to Draft Standard. Tim Dierks has agreed to continue as the document editor. At this time, we don't have any planned major changes for the protocol, so we are hoping to edit the specification for clarity and to refine a few points. Any proposed changes (major or minor) should be sent to the mailing list. Presentation: Wireless Transport Layer Security (WTLS) ------------------------------------------------------ Tim Wright , chair of the WAP Security Group, gave a presentation proposing some changes to TLS to make it more suitable for use with wireless and mobile devices. This work is based on experience with the current security protocol defined by the WAP Forum, called WTLS (despite the similarity in names, the two protocols are only loosely related today). Tim agreed that he would submit an Internet Draft proposing specific changes before the next meeting. Tim's slides are available through the meeting summary page (URL given above). Proposed cipher suite specifications ------------------------------------ Misty-1: Hirosato Tsuji and Toshio Tokita of Mitsubishi Electric Corporation gave a presentation proposing a new set of cipher suites based on the Misty-1 cipher. These cipher suites would not be defined in a standards-track document. Their presentation is available through the meeting summary page (URL given above). They have an Internet Draft in preparation, but it is not yet available. Camellia et al: Shiho Moriai of NTT Laboratories proposed adding new cipher suites for the Camellia, EPOC, and PSEC algorithms. These cipher suites would not be defined in a standards-track document. Her presentation is available through the meeting summary page (URL given above). There is an Internet Draft in preparation, but it is not yet available. SEED/HAS-160: Also, Joo-won Jung and ChangHee Lee of INITECH, Inc., have submitted an Internet Draft defining a cipher suite based on the SEED and HAS-160 algorithms. An Internet Draft is available at ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-seedhas-00.txt This cipher suite is not proposed for the standards track. Unfortunately, they were not able to attend, so there was no relevant discussion at the meeting. Presentation: End-to-end Security for Small Devices (Vipul Gupta) ----------------------------------------------------------------- Vipul Gupta gave a presentation about experiences implementing TLS on a handheld device. His slides are available at http://playground.sun.com/~vgupta/KSSL