Diff: draft-ietf-tls-cached-info-14.txt - draft-ietf-tls-cached-info-15.txt

	< draft-ietf-tls-cached-info-14.txt	draft-ietf-tls-cached-info-15.txt >

	TLS S. Santesson	TLS S. Santesson
	Internet-Draft 3xA Security AB	Internet-Draft 3xA Security AB
	Intended status: Standards Track H. Tschofenig	Intended status: Standards Track H. Tschofenig

	Expires: September 29, 2013 Nokia Siemens Networks	Expires: April 20, 2014 Nokia Solutions and Networks
	March 28, 2013	October 17, 2013

	Transport Layer Security (TLS) Cached Information Extension	Transport Layer Security (TLS) Cached Information Extension

	draft-ietf-tls-cached-info-14.txt	draft-ietf-tls-cached-info-15.txt

	Abstract	Abstract

	Transport Layer Security (TLS) handshakes often include fairly static	Transport Layer Security (TLS) handshakes often include fairly static
	information, such as the server certificate and a list of trusted	information, such as the server certificate and a list of trusted
	Certification Authorities (CAs). This information can be of	Certification Authorities (CAs). This information can be of
	considerable size, particularly if the server certificate is bundled	considerable size, particularly if the server certificate is bundled
	with a complete certificate path (including all intermediary	with a complete certificate path (including all intermediary
	certificates up to the trust anchor public key).	certificates up to the trust anchor public key).

	This document defines an extension that omits the exchange of already	This document defines an extension that omits the exchange of already
	available information. The TLS client informs a server of cached	available information. The TLS client informs a server of cached
	information, for example from a previous TLS handshake, allowing the	information, for example from a previous TLS handshake, allowing the
	server to omit the already available information.	server to omit the already available information.


	Status of this Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on September 29, 2013.	This Internet-Draft will expire on April 20, 2014.

	Copyright Notice	Copyright Notice

	Copyright (c) 2013 IETF Trust and the persons identified as the	Copyright (c) 2013 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as	the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.	described in the Simplified BSD License.

	Table of Contents	Table of Contents


	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
	2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4	2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
	3. Cached Information Extension . . . . . . . . . . . . . . . . . 5	3. Cached Information Extension . . . . . . . . . . . . . . . . 3
	4. Exchange Specification . . . . . . . . . . . . . . . . . . . . 7	4. Exchange Specification . . . . . . . . . . . . . . . . . . . 4
	4.1. Omitting the Certificate Chain . . . . . . . . . . . . . . 7	4.1. Omitting the Certificate Chain . . . . . . . . . . . . . 5
	4.2. Omitting the Trusted CAs . . . . . . . . . . . . . . . . . 8	4.2. Omitting the Trusted CAs . . . . . . . . . . . . . . . . 6
	5. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 9	5. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
	6. Security Considerations . . . . . . . . . . . . . . . . . . . 11	6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
	7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12	7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
	7.1. New Entry to the TLS ExtensionType Registry . . . . . . . 12	7.1. New Entry to the TLS ExtensionType Registry . . . . . . . 8
	7.2. New Registry for CachedInformationType . . . . . . . . . . 12	7.2. New Registry for CachedInformationType . . . . . . . . . 8
	8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13	8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
	9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14	9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
	9.1. Normative References . . . . . . . . . . . . . . . . . . . 14	9.1. Normative References . . . . . . . . . . . . . . . . . . 9
	9.2. Informative References . . . . . . . . . . . . . . . . . . 14	9.2. Informative References . . . . . . . . . . . . . . . . . 9
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10

	1. Introduction	1. Introduction

	Transport Layer Security (TLS) handshakes often include fairly static	Transport Layer Security (TLS) handshakes often include fairly static
	information, such as the server certificate and a list of trusted	information, such as the server certificate and a list of trusted
	Certification Authorities (CAs). This information can be of	Certification Authorities (CAs). This information can be of
	considerable size, particularly if the server certificate is bundled	considerable size, particularly if the server certificate is bundled
	with a complete certificate path (including all intermediary	with a complete certificate path (including all intermediary
	certificates up to the trust anchor public key).	certificates up to the trust anchor public key).


	skipping to change at page 14, line 26 ¶	skipping to change at page 9, line 42 ¶
	(TLS) Protocol Version 1.2", RFC 5246, August 2008.	(TLS) Protocol Version 1.2", RFC 5246, August 2008.

	[RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:	[RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:
	Extension Definitions", RFC 6066, January 2011.	Extension Definitions", RFC 6066, January 2011.

	9.2. Informative References	9.2. Informative References

	[I-D.ietf-tls-oob-pubkey]	[I-D.ietf-tls-oob-pubkey]
	Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., and	Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., and
	T. Kivinen, "Out-of-Band Public Key Validation for	T. Kivinen, "Out-of-Band Public Key Validation for

	Transport Layer Security (TLS)",	Transport Layer Security (TLS)", draft-ietf-tls-oob-
	draft-ietf-tls-oob-pubkey-07 (work in progress),	pubkey-09 (work in progress), July 2013.
	February 2013.

	[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an	[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
	IANA Considerations Section in RFCs", BCP 26, RFC 5226,	IANA Considerations Section in RFCs", BCP 26, RFC 5226,
	May 2008.	May 2008.

	[RFC6574] Tschofenig, H. and J. Arkko, "Report from the Smart Object	[RFC6574] Tschofenig, H. and J. Arkko, "Report from the Smart Object
	Workshop", RFC 6574, April 2012.	Workshop", RFC 6574, April 2012.

	Authors' Addresses	Authors' Addresses

	Stefan Santesson	Stefan Santesson
	3xA Security AB	3xA Security AB
	Scheelev. 17	Scheelev. 17
	Lund 223 70	Lund 223 70
	Sweden	Sweden

	Email: sts@aaa-sec.com	Email: sts@aaa-sec.com

	Hannes Tschofenig	Hannes Tschofenig

	Nokia Siemens Networks	Nokia Solutions and Networks
	Linnoitustie 6	Linnoitustie 6
	Espoo 02600	Espoo 02600
	Finland	Finland

	Phone: +358 (50) 4871445	Phone: +358 (50) 4871445
	Email: Hannes.Tschofenig@gmx.net	Email: Hannes.Tschofenig@gmx.net
	URI: http://www.tschofenig.priv.at	URI: http://www.tschofenig.priv.at

End of changes. 7 change blocks.
	25 lines changed or deleted	24 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/