28ac62b | EKR | 24 October 2022, 19:55:46 UTC | Add Changelog. Fix build | 24 October 2022, 19:55:50 UTC |
420f558 | ekr | 24 October 2022, 19:48:34 UTC | Merge pull request #1271 from ekr/issue1227_which_hash Clarify how message reinjection is done. Fixes #1227 | 24 October 2022, 19:48:34 UTC |
6cc0d4b | ekr | 24 October 2022, 19:47:14 UTC | Merge pull request #1276 from ekr/issue1225_cache_issues Clarify 0-RTT cache further. Fixes #1225 | 24 October 2022, 19:47:14 UTC |
ca7140c | ekr | 24 October 2022, 19:44:09 UTC | Merge pull request #1277 from ekr/issue1241_update_extensions Update extension table. Fixes #1241 | 24 October 2022, 19:44:09 UTC |
db326cb | ekr | 24 October 2022, 19:43:32 UTC | Merge pull request #1273 from ekr/issue1208_close_notify Attempt to clarify user_canceled. Fixes #1208 | 24 October 2022, 19:43:32 UTC |
873a36f | EKR | 21 October 2022, 21:26:52 UTC | Update extension table. Fixes #1241 | 21 October 2022, 21:26:52 UTC |
a6a6548 | EKR | 21 October 2022, 21:09:44 UTC | Clarify 0-RTT cache further. Fixes #1225 | 21 October 2022, 21:09:44 UTC |
0c86bc6 | EKR | 21 October 2022, 20:52:57 UTC | Attempt to clarify user_canceled. Fixes #1208 | 21 October 2022, 20:52:57 UTC |
05f97de | ekr | 21 October 2022, 20:40:50 UTC | Merge pull request #1272 from bemasc/bemasc-1225 Reduce emphasis on timing in the 0-RTT cache attack | 21 October 2022, 20:40:50 UTC |
839a299 | EKR | 21 October 2022, 20:32:26 UTC | Remove trailing whitespace | 21 October 2022, 20:32:26 UTC |
0b7910f | EKR | 21 October 2022, 20:29:57 UTC | Clarify how message reinjection is done. Fixes #1227 | 21 October 2022, 20:29:57 UTC |
9235abd | Ben Schwartz | 21 October 2022, 20:27:55 UTC | Reduce emphasis on timing in the 0-RTT cache attack This attack is often possible even without a timing channel due to application-layer behaviors that allow cache probing (e.g. in HTTP and DNS). This change addresses the original concern in #1225. A more thorough revamp of the anti-replay and side channel recommendations might be needed to address all the questions raised there. | 21 October 2022, 20:27:55 UTC |
6190229 | ekr | 11 July 2022, 23:06:54 UTC | Merge pull request #1267 from ekr/issue1212_general_alert General error. Fixes #1212 | 11 July 2022, 23:06:54 UTC |
18a4978 | EKR | 11 July 2022, 23:05:07 UTC | General error. Fixes #1212 | 11 July 2022, 23:06:25 UTC |
41ff95e | EKR | 07 March 2022, 22:04:49 UTC | Fix build | 07 March 2022, 22:04:49 UTC |
c889a59 | ekr | 07 March 2022, 22:00:21 UTC | Merge pull request #1255 from ekr/issue1248_traffic_key_use Issue1248 traffic key use | 07 March 2022, 22:00:21 UTC |
ca6a51b | ekr | 07 March 2022, 22:00:01 UTC | Merge pull request #1254 from ekr/issue1249_aead_limits No rekey in early data. Fixes #1249 | 07 March 2022, 22:00:01 UTC |
d26f675 | ekr | 07 March 2022, 21:59:47 UTC | Merge pull request #1252 from ekr/deprecating_tls_1_1 This attempts to split the difference on the 1.1 and 1.0 deprecation. | 07 March 2022, 21:59:47 UTC |
c781fdb | EKR | 07 March 2022, 19:00:15 UTC | Update | 07 March 2022, 19:00:15 UTC |
9cdc101 | EKR | 07 March 2022, 18:59:21 UTC | Clarify traffic keys. Fixes #1248 | 07 March 2022, 18:59:21 UTC |
e4b1ce4 | EKR | 07 March 2022, 18:50:51 UTC | No rekey in early data. Fixes #1249 | 07 March 2022, 18:50:51 UTC |
d80dbff | EKR | 07 March 2022, 18:16:22 UTC | Remove recommendation; reflow | 07 March 2022, 18:17:10 UTC |
ecdb448 | John Mattsson | 19 November 2021, 12:38:05 UTC | Some more detailed clarifications. - More details of what protection EC(DHE) gives for different key types, full handshake or resumption and passive and active attackers. - Example of how the forward secrecy of KeyUpdate still allows static key exfiltration. | 07 March 2022, 18:17:10 UTC |
768687f | John Mattsson | 14 November 2021, 07:59:15 UTC | Forward secrecy, long connections, and key exfiltration #1245 | 07 March 2022, 18:17:10 UTC |
cc575a1 | ekr | 07 March 2022, 18:15:13 UTC | Merge pull request #1229 from emanjon/patch-8 Updates and obsolete in abstract | 07 March 2022, 18:15:13 UTC |
15940de | EKR | 07 March 2022, 18:11:29 UTC | This attempts to split the difference on the 1.1 and 1.0 deprecation. | 07 March 2022, 18:11:29 UTC |
e48cf0f | ekr | 14 November 2021, 20:34:30 UTC | Merge pull request #1244 from emanjon/patch-13 Resumption is allowed before the initial connection is closed | 14 November 2021, 20:34:30 UTC |
6308950 | John Mattsson | 14 November 2021, 11:55:34 UTC | Update draft-ietf-tls-rfc8446bis.md | 14 November 2021, 11:55:34 UTC |
1f8e271 | John Mattsson | 14 November 2021, 05:32:47 UTC | Resumption is allowed before the initial connection is closed #1243 | 14 November 2021, 05:32:47 UTC |
5fdb370 | ekr | 08 November 2021, 19:47:35 UTC | Merge pull request #1242 from nimia/patch-1 Adding Nimrod Aviram as a contributor. | 08 November 2021, 19:47:35 UTC |
b12b44a | Nimrod Aviram | 30 October 2021, 10:33:47 UTC | Adding Nimrod Aviram as a contributor. Thanks ekr :-) | 30 October 2021, 10:33:47 UTC |
68f8847 | ekr | 25 October 2021, 22:29:42 UTC | Merge pull request #1239 from ekr/issue1232_cert_compression Add reference to RFC 8879. Fixes #1232 | 25 October 2021, 22:29:42 UTC |
5fd3e2c | Christopher Wood | 25 October 2021, 22:29:09 UTC | Merge pull request #1240 from ekr/issue1237_cached_info Add cached info to extension table. Fixes #1237 | 25 October 2021, 22:29:09 UTC |
05af7e2 | EKR | 25 October 2021, 22:19:59 UTC | Add cached info to extension table. Fixes #1237 | 25 October 2021, 22:20:58 UTC |
9a4a885 | EKR | 25 October 2021, 22:15:58 UTC | Add reference to RFC 8879. Fixes #1232 | 25 October 2021, 22:15:58 UTC |
d4a8afa | ekr | 25 October 2021, 21:23:00 UTC | Merge pull request #1238 from ekr/emanjon-prng Emanjon prng | 25 October 2021, 21:23:00 UTC |
8b6e1ac | EKR | 25 October 2021, 21:10:03 UTC | 'resistrictions' should totally be a word | 25 October 2021, 21:10:36 UTC |
7b3c693 | David Benjamin | 20 July 2021, 17:28:15 UTC | Reword server cert selection text. | 25 October 2021, 21:10:36 UTC |
6766322 | David Benjamin | 20 July 2021, 16:26:58 UTC | Fix a couple references to sig_algs/sig_algs_cert. The discussion about root certificates should mention signature_algorithms_cert. The discussion about what algorithms the key must support signing with should not, as that's the TLS signature. | 25 October 2021, 21:10:36 UTC |
2cb5b55 | ekr | 25 October 2021, 20:59:37 UTC | Merge pull request #1220 from davidben/clarify Clarify that trailing data in extensions is forbidden. | 25 October 2021, 20:59:37 UTC |
5f77d54 | EKR | 25 October 2021, 20:54:27 UTC | - Remove the RECOMMENDED as davidben suggests - Add reference to the debian bug. | 25 October 2021, 20:56:00 UTC |
20ad549 | John Mattsson | 21 February 2021, 15:21:23 UTC | Random Number Generation and Seeding Does not "require" a PRNG, a TRNG works as well. Since TLS 1.3 was published, CFRG has published RFC 8937. I think RFC 8937 is a great idea. I think it would be good if TLS 1.3 pointed implementors to that. Given the history of Dual EC, tls extended random, and that several different signal intelligence agencies have been controlling hardware security companies like Crypto AG in secret I think it is essential to not trust a single of randomness. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjN39aenfvuAhWvtIsKHQ-wArgQFjABegQIAxAD&url=https%3A%2F%2Fwww.washingtonpost.com%2Fgraphics%2F2020%2Fworld%2Fnational-security%2Fcia-crypto-encryption-machines-espionage%2F&usg=AOvVaw0gGtw_W1_z-DVSlMSqi9Zr | 25 October 2021, 20:56:00 UTC |
99835ef | ekr | 25 October 2021, 14:37:12 UTC | Merge pull request #1228 from emanjon/patch-7 Outdated references to ITU-T/ISO/IEC specifications | 25 October 2021, 14:37:12 UTC |
e3e018a | ekr | 25 October 2021, 14:35:58 UTC | Merge pull request #1236 from nimia/nimia-0-rtt Clarifying the security properties of 0-RTT data. | 25 October 2021, 14:35:58 UTC |
c60900d | ekr | 25 October 2021, 14:22:56 UTC | Merge pull request #1233 from mattcaswell/sessionticklen Correct NST extensions length | 25 October 2021, 14:22:56 UTC |
0fb3084 | Nimrod Aviram | 24 August 2021, 09:57:52 UTC | Improved wording in Section 2.3. | 24 August 2021, 09:57:52 UTC |
22543b2 | Nimrod Aviram | 16 August 2021, 16:32:52 UTC | Incorporating Ben Kaduk's feedback in Section 2.3, with minor edits. | 16 August 2021, 16:32:52 UTC |
1704cac | Nimrod Aviram | 16 August 2021, 16:27:59 UTC | Accept Ben Kaduk's suggestion in Section 8.1. Co-authored-by: kaduk <kaduk-github@mit.edu> | 16 August 2021, 16:27:59 UTC |
ed20cf6 | Nimrod Aviram | 08 August 2021, 10:45:02 UTC | Clarifying the security properties of 0-RTT data. This is following issue #1235. 0-RTT data may sometimes be forward-secret, and sometimes not. This commit attempts to clarify that in Sections 2.3 and 8.1. | 08 August 2021, 10:45:02 UTC |
2206939 | Matt Caswell | 17 June 2021, 14:29:18 UTC | Correct NST extensions length All other extensions blocks have a max length of 2^16-1 except this one which was 2^16-2. | 17 June 2021, 14:29:18 UTC |
c0251ca | John Mattsson | 05 June 2021, 08:09:09 UTC | Updates and obsolete in abstract The paragraph "This document supersedes and obsoletes previous" in the introduction also needs to be updated... | 05 June 2021, 08:09:09 UTC |
73b3be6 | John Mattsson | 05 June 2021, 08:01:53 UTC | Outdated references to ITU-T/ISO/IEC specifications - The references to X501 and X690 are to very old version. Ignore this part if that is intentional. https://www.itu.int/rec/T-REC-X.690-202102-I/en https://www.itu.int/rec/T-REC-X.501-201910-I/en https://webstore.iec.ch/publication/68163 - The references to X501 and X690 have differenct format where X609 refer to both ITU-T and ISO/IEC while X501 only refer to ITU-T. Ignore this part if that is intentional. - The X690 reference seems incorrect. Seems like it refers to the 2015 version of ITU-T and the 2002 version of ISO "ISO/IEC 8825-1:2002, November 2015." | 05 June 2021, 08:01:53 UTC |
bee4654 | ekr | 08 March 2021, 14:45:11 UTC | Merge pull request #1222 from ekr/issue1221_extension_indications Clarify that indications are just requests with no response. Fixes #1221 | 08 March 2021, 14:45:11 UTC |
ec6412a | EKR | 08 March 2021, 00:04:45 UTC | Clarify that indications are just requests with no response. Fixes #1221 | 08 March 2021, 00:05:02 UTC |
9219c0a | ekr | 06 March 2021, 23:11:35 UTC | Merge pull request #1218 from emanjon/patch-6 Recommending deterministic ECDSA for IoT devices without any security… | 06 March 2021, 23:11:35 UTC |
eb93730 | David Benjamin | 26 February 2021, 21:18:16 UTC | Clarify when extensions are parsed | 26 February 2021, 21:18:28 UTC |
bf72f13 | David Benjamin | 24 February 2021, 19:17:11 UTC | Clarify that trailing data in extensions is forbidden. This was already a compliance requirement, but spell it out more explicitly. Closes #1219. | 24 February 2021, 19:17:42 UTC |
55a175c | John Mattsson | 21 February 2021, 15:33:43 UTC | Recommending deterministic ECDSA for IoT devices without any security considerations is not good. Deterministic ECDSA is good in many cases but may not be the best case in accesable IoT devices. In the last 5 years, there has been a large amount of academic papers showing that purely deterministic ECC algorithms in accesable IoT devices suffers from side-channel and fault injection attacks. For a list of papers see e.g. Section 1 of https://tools.ietf.org/html/draft-mattsson-cfrg-det-sigs-with-noise-02 Recommending deterministic ECDSA for IoT devices without any security considerations is not good... Would be good with some further guidance. Section 1 of https://tools.ietf.org/html/draft-mattsson-cfrg-det-sigs-with-noise-02 is probably the best overview but it is a draft. Any of the paper references there would do. No standardized solutions yet. | 21 February 2021, 15:33:43 UTC |
0cdd460 | EKR | 19 February 2021, 21:18:06 UTC | Typo | 19 February 2021, 21:18:06 UTC |
97abde0 | Christopher Wood | 19 February 2021, 18:39:37 UTC | Merge pull request #1213 from ekr/changelog-01 Changelog for -01 | 19 February 2021, 18:39:37 UTC |
1239cca | Christopher Wood | 19 February 2021, 18:39:34 UTC | Update draft-ietf-tls-rfc8446bis.md | 19 February 2021, 18:39:34 UTC |
4f6e9cf | Christopher Wood | 19 February 2021, 18:39:30 UTC | Update draft-ietf-tls-rfc8446bis.md | 19 February 2021, 18:39:30 UTC |
6cc2c6f | EKR | 19 February 2021, 18:33:55 UTC | Changelog for -01 | 19 February 2021, 18:33:55 UTC |
2fb7b0a | EKR | 19 February 2021, 18:29:05 UTC | Fix merge conflict | 19 February 2021, 18:29:05 UTC |
3c0e8c0 | ekr | 19 February 2021, 18:20:37 UTC | Merge pull request #1204 from davidben/tls12-names Align TLS 1.2 terminology with this document | 19 February 2021, 18:20:37 UTC |
ec5d7e6 | ekr | 19 February 2021, 18:19:36 UTC | Merge pull request #1210 from emanjon/patch-1 Security Property - Protection of endpoint identities | 19 February 2021, 18:19:36 UTC |
dde8adb | ekr | 19 February 2021, 18:19:02 UTC | Update draft-ietf-tls-rfc8446bis.md | 19 February 2021, 18:19:02 UTC |
8f8c841 | ekr | 19 February 2021, 18:15:33 UTC | Merge pull request #1205 from davidben/resumption-tracking Discuss tracking implications of session resumption. | 19 February 2021, 18:15:33 UTC |
f2be3bc | ekr | 19 February 2021, 18:14:50 UTC | Merge pull request #1211 from emanjon/patch-2 Editorial: "Client Authentication" -> "Certificate-Based Client Authentication" | 19 February 2021, 18:14:50 UTC |
e7a4f1d | John Mattsson | 11 February 2021, 09:03:57 UTC | Certificate-Based Client Authentication Based on the PSK authentication was not included in the past. I think specification has some places where "Client Authentication" refer to only certificate-based client authentication and not client authentication is general. Not a big thing, but I think it might confuse some readers, and would be good to clarify. | 11 February 2021, 09:03:57 UTC |
f63175b | John Mattsson | 11 February 2021, 08:53:31 UTC | Update draft-ietf-tls-rfc8446bis.md As discussed on the TLS list. It seems like cipher suites without confidentiality is already registered. Feel free to reformulate in any way. Refering to the cipher suites in the document is not very useful for the reader, and it does not seem to be a rule that a NULL encryption could not be recommended even if that seems very unlikely. I also suggest adding "(certificate)" after client identity. The security property does obviously not hold for PSK authentication. | 11 February 2021, 08:53:31 UTC |
1a67fd2 | David Benjamin | 02 December 2020, 22:35:27 UTC | Discuss tracking implications of session resumption. In WG discussion of draft-vvv-tls-cross-sni-resumption-00, tracking implications came up. While that draft does expand the set of servers that can cross-resume, it's not a new issue. For instance, on the Web, if https://a.example and https://b.example both include a subresource to a common https://tracker.example, TLS session resumption may be used to correlate activity across the two sites. Add some text to discuss this. This is distinct from the single-use ticket mitigation, which only covers correlation by passive observers. Correlation by the server itself is pretty much inherent to session resumption and other cache-like optimizations. Instead, the text points this out and gives an example of how applications can keep their resumption scopes consistent with their privacy goals. Fixes #1201. | 02 December 2020, 22:41:56 UTC |
eea31f7 | David Benjamin | 17 November 2020, 07:23:42 UTC | Align TLS 1.2 terminology with this document Closes #1203. | 17 November 2020, 07:23:59 UTC |
b93311e | David Benjamin | 13 November 2020, 21:52:02 UTC | Shorten some unnecessarily long names. While we're renaming these anyway, exporter_secret and resumption_secret are just as descriptive. Closes #1200. | 13 November 2020, 21:56:17 UTC |
b71bdb7 | EKR | 03 October 2020, 23:30:42 UTC | Python3 | 03 October 2020, 23:30:42 UTC |
ea7d1e2 | EKR | 03 October 2020, 23:23:26 UTC | Right actions this time | 03 October 2020, 23:23:26 UTC |
7a49dbd | EKR | 03 October 2020, 23:19:09 UTC | trigger on push | 03 October 2020, 23:19:09 UTC |
504ef19 | EKR | 03 October 2020, 23:17:51 UTC | Moves action to the right place | 03 October 2020, 23:17:51 UTC |
b669dfd | EKR | 03 October 2020, 23:15:16 UTC | Add action | 03 October 2020, 23:15:16 UTC |
4328233 | EKR | 03 October 2020, 23:06:40 UTC | Remove - | 03 October 2020, 23:06:40 UTC |
c385fa8 | EKR | 03 October 2020, 22:50:20 UTC | Change draft name internally | 03 October 2020, 22:50:20 UTC |
4458b4a | EKR | 03 October 2020, 22:48:19 UTC | Delete unneeded | 03 October 2020, 22:48:19 UTC |
9f7b2f2 | EKR | 03 October 2020, 22:47:52 UTC | Rename | 03 October 2020, 22:47:52 UTC |
8c8aed6 | EKR | 03 October 2020, 22:46:37 UTC | Removed pre-8446 | 03 October 2020, 22:46:46 UTC |
5478a02 | EKR | 11 August 2020, 16:41:06 UTC | Fix title | 11 August 2020, 16:41:06 UTC |
349a183 | ekr | 11 August 2020, 11:47:23 UTC | Merge pull request #79 from ekr/mt_comments MT editorial | 11 August 2020, 11:47:23 UTC |
2df6739 | ekr | 11 August 2020, 11:47:01 UTC | Update draft-rescorla-tls-rfc8446-bis.md Co-authored-by: Martin Thomson <mt@lowentropy.net> | 11 August 2020, 11:47:01 UTC |
f6c67e9 | EKR | 10 August 2020, 23:46:20 UTC | MT editorial | 10 August 2020, 23:46:20 UTC |
e17f8e8 | EKR | 10 August 2020, 17:23:29 UTC | the the | 10 August 2020, 17:23:29 UTC |
22cd4cb | ekr | 10 August 2020, 16:36:42 UTC | Merge pull request #78 from ekr/pre_pub Minor tweaks caught in pre-publication pass | 10 August 2020, 16:36:42 UTC |
e590390 | EKR | 10 August 2020, 16:35:53 UTC | Minor tweaks caught in pre-publication pass | 10 August 2020, 16:35:53 UTC |
5ef0a06 | Christopher Wood | 10 August 2020, 14:36:02 UTC | Merge pull request #77 from ekr/framing_text Framing text | 10 August 2020, 14:36:02 UTC |
e0ab460 | EKR | 10 August 2020, 13:46:01 UTC | Update framing text | 10 August 2020, 13:46:01 UTC |
7f2255e | EKR | 10 August 2020, 13:33:56 UTC | Revert one wording choice that didn't need to change | 10 August 2020, 13:33:56 UTC |
f288643 | ekr | 10 August 2020, 13:33:24 UTC | Merge pull request #71 from ekr/caw/erratum-6135 Converge to "vector" in lieu of list and set. Fixes erratum 6135. | 10 August 2020, 13:33:24 UTC |
ed378a7 | Christopher Wood | 10 August 2020, 13:28:16 UTC | Converge to list. Drop vector everywhere outside of the type section. | 10 August 2020, 13:28:16 UTC |
eda655b | Christopher Wood | 10 August 2020, 13:15:28 UTC | Merge pull request #76 from ekr/de-master De master | 10 August 2020, 13:15:28 UTC |
7173a5b | EKR | 10 August 2020, 12:59:47 UTC | Revert EMS name | 10 August 2020, 12:59:47 UTC |
8a610fb | ekr | 10 August 2020, 12:57:51 UTC | Update draft-rescorla-tls-rfc8446-bis.md Co-authored-by: Christopher Wood <caw@heapingbits.net> | 10 August 2020, 12:57:51 UTC |
63ce17f | ekr | 10 August 2020, 12:57:30 UTC | Update draft-rescorla-tls-rfc8446-bis.md Co-authored-by: Christopher Wood <caw@heapingbits.net> | 10 August 2020, 12:57:30 UTC |