idnits 2.17.1 draft-ietf-tls-cached-info-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 2009) is 5426 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 4366 (Obsoleted by RFC 5246, RFC 6066) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT S. Santesson (3xA Security) 3 Intended Status: Proposed Standard Q. Dang (NIST) 4 Expires December 2009 June 2009 6 Transport Layer Security (TLS) Cached Information Extension 7 9 Status of this Memo 11 This Internet-Draft is submitted to IETF in full conformance with the 12 provisions of BCP 78 and BCP 79. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as Internet- 17 Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/1id-abstracts.html 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html 30 Abstract 32 This document defines a Transport Layer Security (TLS) extension for 33 cached information. This extension allows the TLS client to inform a 34 server of cached information from previous TLS sessions, allowing the 35 server to omit sending cached static information to the client during 36 the TLS handshake protocol exchange. 38 1 Introduction 40 TLS handshakes often include fairly static information such as server 41 certificate and a list of trusted Certification Authorities (CAs). 42 Static information such as a server certificate can be of 43 considerable size. This is the case in particular if the server 44 certificate is bundled with a complete certificate path, including 45 all intermediary certificates up to the trust anchor public key. 47 Significant benefits can be achieved in low bandwidth and high 48 latency networks, in particular if the communication channel also has 49 a relatively high rate of transmission errors, if a known and 50 previously cached server certificate path can be omitted from the TLS 51 handshake. 53 This specification defines the Cached Information TLS extension, 54 which may be used by a client and a server to exclude transmission of 55 known cached parameters from the TLS handshake. 57 1.1 Terminology 59 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 60 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 61 document are to be interpreted as described in RFC 2119 [RFC2119]. 63 2 Cached Information Extension 65 A new extension type (cached_information(TBD)) is defined and used in 66 both the client hello and server hello messages. The extension type 67 is specified as follows. 69 enum { 70 cached_information(TBD), (65535) 71 } ExtensionType; 73 The "extension_data" field of this extension, when included in the 74 client hello, SHALL contain "CachedInformation" according to the 75 following structure: 77 enum { 78 certificate_chain(1), trusted_cas(2), (255) 79 } CachedInformationType; 81 struct { 82 HashAlgorithm hash; 83 opaque hash_value<1..255>; 84 } CachedInformationHash; 86 struct { 87 CachedInformationType type; 88 CachedInformationHash hashes<1..2^16-1>; 89 } CachedObject; 90 struct { 91 CachedObject cached_info<1..2^24-1>;; 92 } CachedInformation; 94 Hash algorithm identifiers are provided by the RFC 5246 [RFC5246] 95 HashAlgorithm registry. Compliant implementations MUST support 96 sha1(2) as HashAlgorithm. 98 When CachedInformationType identifies certificate_chain, then 99 hash_value MUST include at least one hash value calculated over the 100 certificate_list element of a server side Certificate message. 102 When CachedInformationType identifies trusted_cas, then hash_value 103 MUST include at least one hash value calculated over the 104 certificate_authorities element of a server side CertificateRequest 105 message. 107 The client MUST NOT include hashes for multiple objects in the same 108 CachedObject structure. If more than one hash is present in the 109 CachedObject structure, they MUST be hashes over the same information 110 object using different hash algorithms. 112 Other specifications MAY define more CachedInformationType types. 114 4 Message flow 116 Clients MAY include an extension of type "cached_information" in the 117 (extended) client hello, which SHALL contain at least one 118 CachedObject as specified in section 2. Clients MAY need the ability 119 to cache different values depending on other information in the 120 Client Hello that modify what values the server uses, in particular 121 the Server Name Indication [RFC4366] value. 123 Servers that receive an extended client hello containing a 124 "cached_information" extension, MAY indicate that they support 125 caching of information objects by including an extension of type 126 "cached_information" with an empty extension_data field in their 127 (extended) server hello. 129 Following a successful exchange of "cached_information" extensions, 130 the server may replace data objects identified through the client 131 extension with any of the CachedInformationHash values received from 132 the client, which matches the replaced object. 134 The handshake protocol will proceed using the cached data as if it 135 was provided in the handshake protocol. The finished message will 136 however be calculated over the actual data exchanged in the handshake 137 protocol. That is, the finished message will be calculated over the 138 hash values of cached information objects and not over the cached 139 objects that were omitted from transmission. 141 5 Security Considerations 143 Hash algorithms used in this specification are required to have 144 reasonable random properties in order to provide reasonably unique 145 identifiers. Failure of a provided hash to correctly and uniquely 146 identify the correct set of hashed parameters may at most lead to a 147 failed TLS handshake followed by a new attempt without the cached 148 information extension. No serious security threat requires selected 149 hash algorithms to have strong collision resistance. 151 6 IANA Considerations 153 1) Create an entry, cached_information(TBD), in the existing registry 154 for ExtensionType (defined in RFC 5246 [RFC5246]). 156 2) Establish a registry for TLS CachedInformationType values. The 157 first entries in the registry are certificate_chain(1) and 158 trusted_cas(2). TLS CachedInformationType values in the inclusive 159 range 0-63 (decimal) are assigned via RFC 5226 [RFC5226] Standards 160 Action. Values from the inclusive range 64-223 (decimal) are 161 assigned via RFC 5226 Specification Required. Values from the 162 inclusive range 224-255 (decimal) are reserved for RFC 5226 163 Private Use. 165 7 Normative References 167 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 168 Requirement Levels", BCP 14, RFC 2119, March 1997 170 [RFC5226] T. Narten, H. Alvestrand, "Guidelines for Writing an 171 IANA Considerations Section in RFCs", RFC 5226, 172 May 2008 174 [RFC5246] T. Dierks, E. Rescorla, "The Transport Layer Security 175 (TLS) Protocol Version 1.2", RFC 5246, August 2008 177 [RFC4366] S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, 178 T. Wright, "Transport Layer Security (TLS) Extensions", 179 RFC 4366, April 2006 181 Authors' Addresses 183 Stefan Santesson 185 3xA Security AB 186 Bjornstorp 744 187 247 98 Genarp 188 Sweden 190 EMail: sts@aaa-sec.com 192 Quynh Dang 194 NIST 195 100 Bureau Drive, Stop 8930 196 Gaithersburg, MD 20899-8930 197 USA 199 Email: quynh.dang@nist.gov 201 Full Copyright Statement 203 Copyright (c) 2009 IETF Trust and the persons identified as the 204 document authors. All rights reserved. 206 This document is subject to BCP 78 and the IETF Trust's Legal 207 Provisions Relating to IETF Documents in effect on the date of 208 publication of this document (http://trustee.ietf.org/licenseinfo). 209 Please review these documents carefully, as they describe your rights 210 and restrictions with respect to this document. 212 All IETF Documents and the information contained therein are provided 213 on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 214 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 215 IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL 216 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 217 WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE 218 ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS 219 FOR A PARTICULAR PURPOSE. 221 Expires December 2009