--- 1/draft-ietf-taps-transport-security-07.txt 2019-08-07 09:13:20.644932979 -0700 +++ 2/draft-ietf-taps-transport-security-08.txt 2019-08-07 09:13:20.716934798 -0700 @@ -1,53 +1,55 @@ Network Working Group C. Wood, Ed. Internet-Draft Apple Inc. Intended status: Informational T. Enghardt -Expires: January 25, 2020 TU Berlin +Expires: February 8, 2020 TU Berlin T. Pauly Apple Inc. C. Perkins University of Glasgow K. Rose Akamai Technologies, Inc. - July 24, 2019 + August 07, 2019 A Survey of Transport Security Protocols - draft-ietf-taps-transport-security-07 + draft-ietf-taps-transport-security-08 Abstract This document provides a survey of commonly used or notable network security protocols, with a focus on how they interact and integrate with applications and transport protocols. Its goal is to supplement efforts to define and catalog transport services by describing the interfaces required to add security protocols. This survey is not limited to protocols developed within the scope or context of the IETF, and those included represent a superset of features a Transport - Services system may need to support. + Services system may need to support. Moreover, this document defines + a minimal set of security features that a secure transport system + should provide. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 25, 2020. + This Internet-Draft will expire on February 8, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -130,23 +132,27 @@ surveying commonly used and notable network security protocols, and identifying the services and features a Transport Services system (a system that provides a transport API) needs to provide in order to add transport security. It examines Transport Layer Security (TLS), Datagram Transport Layer Security (DTLS), QUIC + TLS, tcpcrypt, Internet Key Exchange with Encapsulating Security Protocol (IKEv2 + ESP), SRTP (with DTLS), WireGuard, CurveCP, and MinimalT. For each protocol, this document provides a brief description, the security features it provides, and the dependencies it has on the underlying transport. This is followed by defining the set of transport - security features shared by these protocols. Finally, the document - distills the application and transport interfaces provided by the - transport security protocols. + security features shared by these protocols. The document groups + these security features into a minimal set of features, which every + secure transport system should provide in addition to the transport + features described in [I-D.ietf-taps-minset], and additional optional + features, which may not be available in every secure transport + system. Finally, the document distills the application and transport + interfaces provided by the transport security protocols. Selected protocols represent a superset of functionality and features a Transport Services system may need to support, both internally and externally (via an API) for applications [I-D.ietf-taps-arch]. Ubiquitous IETF protocols such as (D)TLS, as well as non-standard protocols such as Google QUIC, are both included despite overlapping features. As such, this survey is not limited to protocols developed within the scope or context of the IETF. Outside of this candidate set, protocols that do not offer new features are omitted. For example, newer protocols such as WireGuard make unique design choices @@ -1463,20 +1469,25 @@ Transport Services", draft-ietf-taps-arch-04 (work in progress), July 2019. [I-D.ietf-taps-interface] Trammell, B., Welzl, M., Enghardt, T., Fairhurst, G., Kuehlewind, M., Perkins, C., Tiesel, P., Wood, C., and T. Pauly, "An Abstract Application Layer Interface to Transport Services", draft-ietf-taps-interface-04 (work in progress), July 2019. + [I-D.ietf-taps-minset] + Welzl, M. and S. Gjessing, "A Minimal Set of Transport + Services for End Systems", draft-ietf-taps-minset-11 (work + in progress), September 2018. + [I-D.ietf-tls-dtls-connection-id] Rescorla, E., Tschofenig, H., and T. Fossati, "Connection Identifiers for DTLS 1.2", draft-ietf-tls-dtls-connection- id-06 (work in progress), July 2019. [MinimalT] "MinimaLT -- Minimal-latency Networking Through Better Security", n.d.. [Noise] "The Noise Protocol Framework", n.d..