IETF-92 Proceedings
Introduction | Area, Working Goup & BoF Reports | Plenaries | Training | Internet Research Task Force
Transport Layer Security (tls) (WG)
Additional information is available at tools.ietf.org/wg/tls
Chair(s):
Security Area Area Director(s):
Assigned Area Director
Technical Advisor(s)
|
Recordings:
Meeting Slides:
Blue Sheets:
Internet-Drafts:
Request for Comments:
- The TLS Protocol Version 1.0 (RFC 2246) (170401 bytes)
obsoleted by RFC 4346
updated by RFC 3546,RFC 5746,RFC 6176,RFC 7465,RFC 7507
- Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) (RFC 2712) (13763 bytes)
- HTTP Over TLS (RFC 2818) (15170 bytes)
updated by RFC 5785,RFC 7230
- Upgrading to TLS Within HTTP/1.1 (RFC 2817) (27598 bytes)
updates RFC2616updated by RFC 7231,RFC 7230
- Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) (RFC 3268) (13530 bytes)
obsoleted by RFC 5246
- Transport Layer Security (TLS) Extensions (RFC 3546) (63437 bytes)
obsoleted by RFC 4366
updates RFC2246
- Transport Layer Security Protocol Compression Methods (RFC 3749) (16411 bytes)
- Addition of Camellia Cipher Suites to Transport Layer Security (TLS) (RFC 4132) (13590 bytes)
obsoleted by RFC 5932
- Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (RFC 4279) (32160 bytes)
- The Transport Layer Security (TLS) Protocol Version 1.1 (RFC 4346) (187041 bytes)
obsoleted by RFC 5246
obsoletes rfc2246 updated by RFC 4366,RFC 4680,RFC 4681,RFC 5746,RFC 6176,RFC 7465,RFC 7507
- Transport Layer Security (TLS) Extensions (RFC 4366) (66040 bytes)
obsoleted by RFC 5246 obsoleted by RFC 6066
obsoletes rfc3546 updates RFC4346updated by RFC 5746
- Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) (RFC 4492) (72231 bytes)
updated by RFC 5246,RFC 7027
- Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS) (RFC 4785) (9550 bytes)
- Using OpenPGP Keys for Transport Layer Security (TLS) Authentication (RFC 5081) (15300 bytes)
obsoleted by RFC 6091
- The Transport Layer Security (TLS) Protocol Version 1.2 (RFC 5246) (222395 bytes)
obsoletes rfc3268 obsoletes rfc4346 obsoletes rfc4366 updates RFC4492updated by RFC 5746,RFC 5878,RFC 6176,RFC 7465,RFC 7507
- AES Galois Counter Mode (GCM) Cipher Suites for TLS (RFC 5288) (16468 bytes)
- TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) (RFC 5289) (12195 bytes)
- DES and IDEA Cipher Suites for Transport Layer Security (TLS) (RFC 5469) (8558 bytes)
- Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode (RFC 5487) (15537 bytes)
- ECDHE_PSK Cipher Suites for Transport Layer Security (TLS) (RFC 5489) (14194 bytes)
- Keying Material Exporters for Transport Layer Security (TLS) (RFC 5705) (16346 bytes)
- Transport Layer Security (TLS) Renegotiation Indication Extension (RFC 5746) (33790 bytes)
updates RFC2246,RFC4346,RFC4347,RFC4366,RFC5246
- Transport Layer Security (TLS) Extensions: Extension Definitions (RFC 6066) (55079 bytes)
obsoletes rfc4366
- Prohibiting Secure Sockets Layer (SSL) Version 2.0 (RFC 6176) (7642 bytes)
updates RFC2246,RFC4346,RFC5246
- Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension (RFC 6520) (16858 bytes)
- Using the Secure Remote Password (SRP) Protocol for TLS Authentication (RFC 5054) (44445 bytes)
- The Transport Layer Security (TLS) Multiple Certificate Status Request Extension (RFC 6961) (21473 bytes)
- Datagram Transport Layer Security Version 1.2 (RFC 6347) (73546 bytes)
obsoletes rfc4347 updated by RFC 7507
- Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) (RFC 7250) (38040 bytes)
- Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension (RFC 7301) (17439 bytes)
- Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) (RFC 7366) (15775 bytes)
- Prohibiting RC4 Cipher Suites (RFC 7465) (8397 bytes)
updates RFC5246,RFC4346,RFC2246
- TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks (RFC 7507) (17165 bytes)
updates RFC2246,RFC4346,RFC4347,RFC5246,RFC6347
Charter (as of 2014-02-07):
The TLS (Transport Layer Security) working group was
established in 1996 to standardize a 'transport layer'
security protocol. The basis for the work was SSL
(Secure Socket Layer) v3.0 [RFC6101]. The TLS
working group has completed a series of specifications
that describe the TLS protocol v1.0 [RFC2246],
v1.1 [RFC4346], and v1.2 [RFC5346] and DTLS
(Datagram TLS) v1.0 [RFC4347], v1.2 [RFC6347]
as well as extensions to the protocols and ciphersuites.
The primary purpose of the working group is to develop
(D)TLS v1.3. Some of the main design goals are as follows,
in no particular order:
o Develop a mode that encrypts as much of the handshake as
is possible to reduce the amount of observable data to
both passive and active attackers.
o Develop modes to reduce handshake latency, which primarily
support HTTP-based applications, aiming for one roundtrip
for a full handshake and one or zero roundtrip for repeated
handshakes. The aim is also to maintain current security
features.
o Update record payload protection cryptographic
mechanisms and algorithms to address known weaknesses
in the CBC block cipher modes and to replace RC4.
o Reevaluate handshake contents, e.g.,: Is time needed in
client hello? Should signature in server key exchange
cover entire handshake? Are bigger randoms required?
Should there be distinct cipher list for each version? Are
additional mechanisms needed to prevent version rollback
needed?
o The WG will consider the privacy implications of
TLS1.3 and where possible (balancing with other requirements)
will aim to make TLS1.3 more privacy-friendly, e.g. via more
consistent application traffic padding, more considered use
of long term identifying values, etc.
A secondary purpose is to maintain previous version of
the (D)TLS protocols as well as to specify the use of
(D)TLS, recommendations for use of (D)TLS, extensions to
(D)TLS, and cipher suites. However, changes or additions
to older versions of (D)TLS whether via extensions or
ciphersuites are discouraged and require significant
justification to be taken on as work items.
With these objectives in mind, the TLS WG will also place a priority
in minimizing gratuitous changes to TLS.