9cd3649 | EKR | 07 July 2023, 21:02:47 UTC | Fix affiliation | 07 July 2023, 21:02:47 UTC |
3a03304 | Eric Rescorla | 07 July 2023, 20:55:18 UTC | Merge pull request #1321 from ekr/issue1310 MT's proposed change. Fixes #1310. Fixes #1319 | 07 July 2023, 20:55:18 UTC |
1c10608 | Eric Rescorla | 07 July 2023, 20:54:09 UTC | Update draft-ietf-tls-rfc8446bis.md | 07 July 2023, 20:54:09 UTC |
76c269f | Eric Rescorla | 07 July 2023, 20:53:19 UTC | Merge pull request #1322 from ekr/issue1309_obsoletes Remove things that are already obsolete. Fixes #1309. | 07 July 2023, 20:53:19 UTC |
2d5c33f | Eric Rescorla | 07 July 2023, 20:53:11 UTC | Merge pull request #1323 from ekr/issue1311_certificate_request Add changelog entry for CertificateRequest. Fixes #1311 | 07 July 2023, 20:53:11 UTC |
21f66aa | Eric Rescorla | 07 July 2023, 20:53:00 UTC | Merge pull request #1324 from ekr/issue1313_punctuation Fix punctuation changes that didn't get ported from RFC 8446. Fixes #… | 07 July 2023, 20:53:00 UTC |
0d5fdbd | EKR | 07 July 2023, 03:12:22 UTC | Fix punctuation changes that didn't get ported from RFC 8446. Fixes #1313 | 07 July 2023, 03:12:22 UTC |
8137642 | EKR | 07 July 2023, 03:09:11 UTC | Add changelog entry for CertificateRequest. Fixes #1311 | 07 July 2023, 03:09:11 UTC |
f7aaf01 | EKR | 07 July 2023, 03:05:32 UTC | Remove things that are already obsolete | 07 July 2023, 03:05:32 UTC |
332a7c0 | EKR | 07 July 2023, 03:03:48 UTC | Fix lint | 07 July 2023, 03:03:48 UTC |
d6c78e2 | EKR | 07 July 2023, 03:02:04 UTC | MT's proposed change. Fixes #1310. Fixes #1319 | 07 July 2023, 03:02:04 UTC |
5a5818b | Eric Rescorla | 07 July 2023, 02:27:25 UTC | Merge pull request #1320 from davidben/double-brackets Clarify that double brackets are not part of the presentation language | 07 July 2023, 02:27:25 UTC |
abf78ff | David Benjamin | 16 June 2023, 17:29:02 UTC | Clarify that double brackets are not part of the presentation language They denote optional components of the presentation language and are not literal components of the presentation language itself. Fixes #1315 | 16 June 2023, 17:29:44 UTC |
d393ed5 | Eric Rescorla | 16 June 2023, 13:25:40 UTC | Merge pull request #1316 from sayrer/naming Fix a missed name change. | 16 June 2023, 13:25:40 UTC |
85706d6 | Robert Sayre | 15 June 2023, 21:14:55 UTC | Fix a missed name change. | 15 June 2023, 21:14:55 UTC |
18ee21a | Eric Rescorla | 21 May 2023, 22:59:22 UTC | Merge pull request #1314 from emanjon/patch-23 (EC)DHE instead of EC(DHE) | 21 May 2023, 22:59:22 UTC |
b826999 | John Preuß Mattsson | 20 May 2023, 18:00:00 UTC | (EC)DHE instead of EC(DHE) #1312 | 20 May 2023, 18:00:00 UTC |
d7bb422 | Eric Rescorla | 27 March 2023, 04:06:53 UTC | Merge pull request #1307 from tlswg/seanturner-IANA-tweak IANA tweak | 27 March 2023, 04:06:53 UTC |
b7ad1ac | Sean Turner | 27 March 2023, 03:59:19 UTC | IANA tweak I believe we are asking IANA to also update all references to "this RFC". | 27 March 2023, 03:59:19 UTC |
c9bf87b | EKR | 27 March 2023, 02:29:50 UTC | Changelog | 27 March 2023, 02:29:50 UTC |
2afa45f | Eric Rescorla | 27 March 2023, 02:25:50 UTC | Merge pull request #1304 from ekr/iana_considerations_bis Update IANA considerations to clarify what is new | 27 March 2023, 02:25:50 UTC |
c2a9f86 | Eric Rescorla | 27 March 2023, 02:25:27 UTC | Merge pull request #1303 from ekr/changelog_plus Update the changelog | 27 March 2023, 02:25:27 UTC |
dfc4c59 | Eric Rescorla | 27 March 2023, 02:25:22 UTC | Update draft-ietf-tls-rfc8446bis.md Co-authored-by: Christopher Wood <caw@heapingbits.net> | 27 March 2023, 02:25:22 UTC |
56fb7c3 | EKR | 27 March 2023, 02:24:56 UTC | And 8447 | 27 March 2023, 02:24:56 UTC |
3f7145f | EKR | 27 March 2023, 02:11:05 UTC | Update IANA considerations to clarify what is new | 27 March 2023, 02:11:05 UTC |
cedc968 | EKR | 27 March 2023, 02:01:22 UTC | Update the changelog - Change "should" -> "SHOULD" around user_canceled - Replicate the 8773 language to another place where external PSKs is discussed. - Remove an OPEN ISSUE marker | 27 March 2023, 02:01:22 UTC |
b69ee73 | Eric Rescorla | 27 March 2023, 01:32:39 UTC | Merge pull request #1301 from ekr/issue1299_key_limits Fixes #1299. Require key updates | 27 March 2023, 01:32:39 UTC |
d4ab8bf | EKR | 27 March 2023, 01:16:28 UTC | Amendment from MT | 27 March 2023, 01:16:28 UTC |
96439f7 | EKR | 26 March 2023, 22:08:01 UTC | Fixes #1299. Require key updates but tell receiving implementations not to enforce. | 26 March 2023, 22:08:01 UTC |
2560c00 | Eric Rescorla | 26 March 2023, 22:02:30 UTC | Merge pull request #1300 from ekr/issue1291_same_key clarify same certificatE | 26 March 2023, 22:02:30 UTC |
724677a | EKR | 26 March 2023, 01:21:42 UTC | clarify same certificatE | 26 March 2023, 01:21:42 UTC |
476f7d8 | BenSmyth | 29 January 2021, 10:08:07 UTC | Updated contributor list with Ben Smyth. | 14 March 2023, 13:22:45 UTC |
df0ce2b | Eric Rescorla | 13 March 2023, 20:24:55 UTC | Merge pull request #1298 from ekr/changelog Changelog entries | 13 March 2023, 20:24:55 UTC |
4b520c3 | Eric Rescorla | 13 March 2023, 20:20:06 UTC | Merge pull request #1296 from ekr/certs_plus_psk Certs plus psk | 13 March 2023, 20:20:06 UTC |
5bf48d8 | Eric Rescorla | 13 March 2023, 20:19:57 UTC | Merge pull request #1297 from ekr/issue1284_auth_text Issue1284 auth text | 13 March 2023, 20:19:57 UTC |
9e91187 | EKR | 13 March 2023, 19:07:05 UTC | Changelog entries | 13 March 2023, 19:07:05 UTC |
a2e9cfc | EKR | 13 March 2023, 19:00:13 UTC | Add some more text around authentication. Fixes #1284 | 13 March 2023, 19:00:55 UTC |
8da62fd | EKR | 13 March 2023, 18:54:33 UTC | Clarification | 13 March 2023, 19:00:55 UTC |
bbf9d93 | EKR | 13 March 2023, 18:54:33 UTC | Clarification | 13 March 2023, 18:54:33 UTC |
42476c4 | EKR | 13 March 2023, 18:53:25 UTC | Explain about RFC 8773 | 13 March 2023, 18:53:25 UTC |
688b038 | Eric Rescorla | 13 March 2023, 18:50:17 UTC | Merge pull request #1270 from ekr/issue1257_key_updates Update KeyUpdate limits with text from RFC 9147. Fixed #1257 | 13 March 2023, 18:50:17 UTC |
c7e3cdd | EKR | 13 March 2023, 18:47:50 UTC | Revisions based on review comments | 13 March 2023, 18:49:24 UTC |
5cf2c89 | EKR | 21 October 2022, 20:14:46 UTC | Update KeyUpdate limits with text from RFC 9147. Fixed #1257 | 13 March 2023, 18:48:54 UTC |
14cd577 | Eric Rescorla | 13 March 2023, 18:35:06 UTC | Merge pull request #1294 from ekr/reuse_of_external_psk Discuss the implications of external PSK reuse. Fixes #1287 | 13 March 2023, 18:35:06 UTC |
cc12740 | Eric Rescorla | 13 March 2023, 18:34:37 UTC | Merge pull request #1295 from ekr/issue1280_ignore_nst Ignore NST if you don't support resumption. Fixes #1280 | 13 March 2023, 18:34:37 UTC |
1f22ddb | EKR | 13 March 2023, 15:53:32 UTC | Fix whitespace | 13 March 2023, 15:53:32 UTC |
80141b4 | EKR | 11 March 2023, 22:34:03 UTC | Ignore NST if you don't support resumption. Fixes #1280 | 11 March 2023, 22:34:03 UTC |
bcc4927 | EKR | 11 March 2023, 22:31:22 UTC | Editorial | 11 March 2023, 22:31:22 UTC |
39f1fe3 | Eric Rescorla | 11 March 2023, 22:30:21 UTC | Merge pull request #1282 from emanjon/patch-17 #1281 describe effects of creating new long-term keys | 11 March 2023, 22:30:21 UTC |
e83b12b | EKR | 11 March 2023, 22:17:11 UTC | Discuss the implications of external PSK reuse. Fixes #1287 | 11 March 2023, 22:17:11 UTC |
fcc6177 | Eric Rescorla | 11 March 2023, 20:50:54 UTC | Merge pull request #1286 from emanjon/patch-19 Reusing key shares enables client and server tracking | 11 March 2023, 20:50:54 UTC |
37cab99 | Eric Rescorla | 11 March 2023, 20:41:44 UTC | Merge pull request #1293 from emanjon/patch-22 FIPS.186-5 has been published by NIST | 11 March 2023, 20:41:44 UTC |
8d1e46e | Eric Rescorla | 11 March 2023, 20:41:12 UTC | Merge pull request #1275 from ekr/unsolicited_responses Clarify unsolicited | 11 March 2023, 20:41:12 UTC |
e8b732a | Eric Rescorla | 11 March 2023, 20:40:50 UTC | Merge pull request #1283 from emanjon/patch-18 Adding John Preuß Mattsson as contributor | 11 March 2023, 20:40:50 UTC |
03af783 | Eric Rescorla | 11 March 2023, 20:40:04 UTC | Merge pull request #1290 from davidben/close-notify-level Specify the alert level of close_notify. | 11 March 2023, 20:40:04 UTC |
bac25fb | John Preuß Mattsson | 03 February 2023, 14:38:41 UTC | FIPS.186-5 has been published by NIST - FIPS 186-4 is obsolete - Curve definitions have moved to the new NIST SP 800-186 - ANSI X9.62 is behind a paywall and should be avoided if possible. References behind paywall can not be accessed by most readers. This makes it harder to implement and to evaluate the security of the protocol. FIPS 186-5 removed the dependency on ANSI X9.62 and defines ECDSA itself. Point validation is defined in the new NIST SP 800-186. | 03 February 2023, 14:38:41 UTC |
128387d | David Benjamin | 13 January 2023, 00:53:54 UTC | Specify the alert level of close_notify. close_notify has always used a warning alert level, but this is not actually written down anywhere. It seems to have gotten lost as early as RFC 4346 (TLS 1.1!). In RFC 2246, there is some text that mentions the correct level is warning as an aside in describing something else. close_notify This message notifies the recipient that the sender will not send any more messages on this connection. The session becomes unresumable if any connection is terminated without proper close_notify messages with level equal to warning. I wasn't able to find any other text that discussed this. Then, RFC 4346 dropped the session termination behavior: close_notify This message notifies the recipient that the sender will not send any more messages on this connection. Note that as of TLS 1.1, failure to properly close a connection no longer requires that a session not be resumed. This is a change from TLS 1.0 to conform with widespread implementation practice. But in doing so, it dropped any mention of which alert level to use. That text has carried over to RFC 8446 as: close_notify: This alert notifies the recipient that the sender will not send any more messages on this connection. Any data received after a closure alert has been received MUST be ignored. In RFC 8446, we said alert levels no longer matter and can be "safely ignored", but this still leaves unspecified what the sender should do. Skimming implementations, both BoringSSL and NSS will treat "fatal" close_notify as an error, so using "warning" is also necessary for interop. | 13 January 2023, 00:58:54 UTC |
0d48f9e | John Preuß Mattsson | 12 January 2023, 16:15:26 UTC | Update draft-ietf-tls-rfc8446bis.md | 12 January 2023, 16:15:26 UTC |
51ee405 | John Preuß Mattsson | 10 January 2023, 06:41:16 UTC | Update draft-ietf-tls-rfc8446bis.md key shares -> private keys related to key shares resumption_Secret -> resumption_secret | 10 January 2023, 06:41:16 UTC |
d27f557 | John Preuß Mattsson | 10 January 2023, 06:28:24 UTC | remove comma slice as suggested by Martin | 10 January 2023, 06:28:24 UTC |
dfce89f | John Preuß Mattsson | 10 January 2023, 06:27:29 UTC | Update draft-ietf-tls-rfc8446bis.md Co-authored-by: kaduk <kaduk-github@mit.edu> | 10 January 2023, 06:27:29 UTC |
bc0c90b | John Preuß Mattsson | 10 January 2023, 06:27:22 UTC | Update draft-ietf-tls-rfc8446bis.md Co-authored-by: kaduk <kaduk-github@mit.edu> | 10 January 2023, 06:27:22 UTC |
d2191f3 | John Preuß Mattsson | 06 January 2023, 12:12:59 UTC | Reusing key shares enables tracking #1285 | 06 January 2023, 12:12:59 UTC |
43eec87 | John Preuß Mattsson | 06 January 2023, 10:28:07 UTC | Update draft-ietf-tls-rfc8446bis.md | 06 January 2023, 10:28:07 UTC |
e39d0e0 | John Preuß Mattsson | 06 January 2023, 10:27:17 UTC | erased to align with sentence earlier in the paragraph | 06 January 2023, 10:27:17 UTC |
60dc847 | John Preuß Mattsson | 06 January 2023, 10:09:09 UTC | Update draft-ietf-tls-rfc8446bis.md | 06 January 2023, 10:09:09 UTC |
6138482 | John Preuß Mattsson | 06 January 2023, 10:03:12 UTC | Update draft-ietf-tls-rfc8446bis.md | 06 January 2023, 10:03:12 UTC |
f3117d7 | John Preuß Mattsson | 06 January 2023, 10:02:45 UTC | non-normative info instead of normative MUST | 06 January 2023, 10:02:45 UTC |
bf81dfd | John Preuß Mattsson | 31 December 2022, 09:35:17 UTC | Adding John Preuß Mattsson as contributor After the whole paragraph on forward secrecy and exfiltration was merged to Appendix F.1 I probably deserve to be included. | 31 December 2022, 09:35:17 UTC |
57ac3d3 | John Preuß Mattsson | 31 December 2022, 09:25:34 UTC | #1281 delete keys on connection closure I think it would make sense to give more guidance on what to do when the connection closes. #1281 | 31 December 2022, 09:25:34 UTC |
3461a95 | ekr | 09 November 2022, 17:14:24 UTC | Merge pull request #1279 from davidben/mgf1 Fix reference to MGF1 | 09 November 2022, 17:14:24 UTC |
677ee7e | David Benjamin | 31 October 2022, 21:48:36 UTC | Fix reference to MGF1 MGF1 got unhelpfully spelled out as "mask generation function 1" in RFC 8446. I'm guessing this is the result of an acronym expansion editting pass, but the function is simply called "MGF1". There is no such thing as "mask generation function 1". Correct this back to MGF1. In hopes this doesn't get hit the same editing pass later, I've tweaked the wording and moved the citation so that "mask generation function" is still uttered before MGF1, and it's clearer that both primitives are defined in RFC 8017. | 31 October 2022, 21:52:06 UTC |
28ac62b | EKR | 24 October 2022, 19:55:46 UTC | Add Changelog. Fix build | 24 October 2022, 19:55:50 UTC |
420f558 | ekr | 24 October 2022, 19:48:34 UTC | Merge pull request #1271 from ekr/issue1227_which_hash Clarify how message reinjection is done. Fixes #1227 | 24 October 2022, 19:48:34 UTC |
6cc0d4b | ekr | 24 October 2022, 19:47:14 UTC | Merge pull request #1276 from ekr/issue1225_cache_issues Clarify 0-RTT cache further. Fixes #1225 | 24 October 2022, 19:47:14 UTC |
ca7140c | ekr | 24 October 2022, 19:44:09 UTC | Merge pull request #1277 from ekr/issue1241_update_extensions Update extension table. Fixes #1241 | 24 October 2022, 19:44:09 UTC |
db326cb | ekr | 24 October 2022, 19:43:32 UTC | Merge pull request #1273 from ekr/issue1208_close_notify Attempt to clarify user_canceled. Fixes #1208 | 24 October 2022, 19:43:32 UTC |
873a36f | EKR | 21 October 2022, 21:26:52 UTC | Update extension table. Fixes #1241 | 21 October 2022, 21:26:52 UTC |
a6a6548 | EKR | 21 October 2022, 21:09:44 UTC | Clarify 0-RTT cache further. Fixes #1225 | 21 October 2022, 21:09:44 UTC |
4ea3c58 | EKR | 21 October 2022, 21:02:27 UTC | Clarify unsolicited | 21 October 2022, 21:02:27 UTC |
0c86bc6 | EKR | 21 October 2022, 20:52:57 UTC | Attempt to clarify user_canceled. Fixes #1208 | 21 October 2022, 20:52:57 UTC |
05f97de | ekr | 21 October 2022, 20:40:50 UTC | Merge pull request #1272 from bemasc/bemasc-1225 Reduce emphasis on timing in the 0-RTT cache attack | 21 October 2022, 20:40:50 UTC |
839a299 | EKR | 21 October 2022, 20:32:26 UTC | Remove trailing whitespace | 21 October 2022, 20:32:26 UTC |
0b7910f | EKR | 21 October 2022, 20:29:57 UTC | Clarify how message reinjection is done. Fixes #1227 | 21 October 2022, 20:29:57 UTC |
9235abd | Ben Schwartz | 21 October 2022, 20:27:55 UTC | Reduce emphasis on timing in the 0-RTT cache attack This attack is often possible even without a timing channel due to application-layer behaviors that allow cache probing (e.g. in HTTP and DNS). This change addresses the original concern in #1225. A more thorough revamp of the anti-replay and side channel recommendations might be needed to address all the questions raised there. | 21 October 2022, 20:27:55 UTC |
6190229 | ekr | 11 July 2022, 23:06:54 UTC | Merge pull request #1267 from ekr/issue1212_general_alert General error. Fixes #1212 | 11 July 2022, 23:06:54 UTC |
18a4978 | EKR | 11 July 2022, 23:05:07 UTC | General error. Fixes #1212 | 11 July 2022, 23:06:25 UTC |
41ff95e | EKR | 07 March 2022, 22:04:49 UTC | Fix build | 07 March 2022, 22:04:49 UTC |
c889a59 | ekr | 07 March 2022, 22:00:21 UTC | Merge pull request #1255 from ekr/issue1248_traffic_key_use Issue1248 traffic key use | 07 March 2022, 22:00:21 UTC |
ca6a51b | ekr | 07 March 2022, 22:00:01 UTC | Merge pull request #1254 from ekr/issue1249_aead_limits No rekey in early data. Fixes #1249 | 07 March 2022, 22:00:01 UTC |
d26f675 | ekr | 07 March 2022, 21:59:47 UTC | Merge pull request #1252 from ekr/deprecating_tls_1_1 This attempts to split the difference on the 1.1 and 1.0 deprecation. | 07 March 2022, 21:59:47 UTC |
c781fdb | EKR | 07 March 2022, 19:00:15 UTC | Update | 07 March 2022, 19:00:15 UTC |
9cdc101 | EKR | 07 March 2022, 18:59:21 UTC | Clarify traffic keys. Fixes #1248 | 07 March 2022, 18:59:21 UTC |
e4b1ce4 | EKR | 07 March 2022, 18:50:51 UTC | No rekey in early data. Fixes #1249 | 07 March 2022, 18:50:51 UTC |
d80dbff | EKR | 07 March 2022, 18:16:22 UTC | Remove recommendation; reflow | 07 March 2022, 18:17:10 UTC |
ecdb448 | John Mattsson | 19 November 2021, 12:38:05 UTC | Some more detailed clarifications. - More details of what protection EC(DHE) gives for different key types, full handshake or resumption and passive and active attackers. - Example of how the forward secrecy of KeyUpdate still allows static key exfiltration. | 07 March 2022, 18:17:10 UTC |
768687f | John Mattsson | 14 November 2021, 07:59:15 UTC | Forward secrecy, long connections, and key exfiltration #1245 | 07 March 2022, 18:17:10 UTC |
cc575a1 | ekr | 07 March 2022, 18:15:13 UTC | Merge pull request #1229 from emanjon/patch-8 Updates and obsolete in abstract | 07 March 2022, 18:15:13 UTC |
15940de | EKR | 07 March 2022, 18:11:29 UTC | This attempts to split the difference on the 1.1 and 1.0 deprecation. | 07 March 2022, 18:11:29 UTC |
e48cf0f | ekr | 14 November 2021, 20:34:30 UTC | Merge pull request #1244 from emanjon/patch-13 Resumption is allowed before the initial connection is closed | 14 November 2021, 20:34:30 UTC |