ee4a437 | EKR | 09 March 2015, 19:58:49 UTC | Fix which master secret is used for exporters. Fixes #138 | 09 March 2015, 19:58:49 UTC |
e88b855 | EKR | 12 February 2015, 19:40:20 UTC | Fix merge conflict | 12 February 2015, 19:40:20 UTC |
97a2900 | Dave Garrett | 12 February 2015, 18:49:47 UTC | update changelog | 12 February 2015, 18:49:47 UTC |
96f2624 | Dave Garrett | 11 February 2015, 18:02:07 UTC | repeat *Hello.version language for additional clarity | 11 February 2015, 18:02:07 UTC |
b43b7d0 | Dave Garrett | 11 February 2015, 17:50:55 UTC | use RFC 2119 "NOT RECOMMENDED" better language using new keyword per chairs' suggestion | 11 February 2015, 17:50:55 UTC |
0b6bcb3 | Dave Garrett | 26 January 2015, 23:36:48 UTC | add redundant MUST NOT negotiate SSL language With SSL2 compatible CLIENT-HELLO messages still being permitted, this text is more complicated than it should be. Adding extra strict language stating that SSL MUST NOT be negotiated in addition to the specific restrictions that prohibit doing so. | 26 January 2015, 23:36:48 UTC |
4cc8757 | Dave Garrett | 25 January 2015, 23:46:14 UTC | minor change to wording slight wording change to be "double clear" per ekr's suggestion | 25 January 2015, 23:46:14 UTC |
8c43755 | ekr | 23 January 2015, 00:18:19 UTC | Merge pull request #133 from beurdouche/patch_typo4 Fix some RFC keywords case | 23 January 2015, 00:18:19 UTC |
8fc2800 | ekr | 23 January 2015, 00:00:05 UTC | Merge pull request #135 from beurdouche/patch_style Fix paragraph alignment | 23 January 2015, 00:00:05 UTC |
e028045 | Benjamin Beurdouche | 22 January 2015, 20:47:43 UTC | Fix paragraph alignment | 22 January 2015, 20:47:43 UTC |
c81a83d | ekr | 22 January 2015, 19:48:49 UTC | Merge pull request #131 from seanturner/patch1 Removing some straggling reference to renegotiation. | 22 January 2015, 19:48:49 UTC |
63110d7 | ekr | 22 January 2015, 19:47:21 UTC | Merge pull request #132 from beurdouche/patch_typo3 Another fix typo | 22 January 2015, 19:47:21 UTC |
1e6028a | Benjamin Beurdouche | 22 January 2015, 19:40:59 UTC | Fix some RFC keywords case | 22 January 2015, 19:40:59 UTC |
cacaf54 | Benjamin Beurdouche | 22 January 2015, 19:24:47 UTC | Another fix typo | 22 January 2015, 19:24:47 UTC |
7fa8a29 | Sean Turner | 22 January 2015, 19:03:55 UTC | Removing some straggling reference to renegotiation. | 22 January 2015, 19:03:55 UTC |
88e61fe | ekr | 22 January 2015, 16:21:08 UTC | Merge pull request #130 from beurdouche/patch_typo1 Fix typo | 22 January 2015, 16:21:08 UTC |
d4d6e7c | Benjamin Beurdouche | 22 January 2015, 16:15:33 UTC | Fix typo | 22 January 2015, 16:15:33 UTC |
fd8eebd | ekr | 22 January 2015, 16:01:54 UTC | Merge pull request #128 from beurdouche/master Another editorial strike reference to CCS. | 22 January 2015, 16:01:54 UTC |
7225dd0 | Benjamin Beurdouche | 22 January 2015, 14:52:39 UTC | Another editorial strike reference to CCS. | 22 January 2015, 14:52:39 UTC |
75f32fd | ekr | 21 January 2015, 22:38:43 UTC | Merge pull request #127 from seanturner/master Editorial strike reference to CCS. | 21 January 2015, 22:38:43 UTC |
ec521e9 | Sean Turner | 21 January 2015, 22:27:50 UTC | Editorial strike reference to CCS. | 21 January 2015, 22:27:50 UTC |
b28bee9 | Sean Turner | 21 January 2015, 21:50:09 UTC | Moving Tim Dierks to Contributors section. | 21 January 2015, 21:50:09 UTC |
a94eaee | ekr | 14 January 2015, 14:22:53 UTC | Merge pull request #126 from fedor-brunner/cipher_suite_codes_RSA Cipher suite without ephemeral Diffie-Hellman. | 14 January 2015, 14:22:53 UTC |
15bab23 | Fedor Brunner | 14 January 2015, 13:05:45 UTC | Cipher suite without ephemeral Diffie-Hellman. These don't use ephemeral Diffie-Hellman: TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 | 14 January 2015, 13:05:45 UTC |
e93af78 | ekr | 07 January 2015, 14:13:29 UTC | Merge pull request #123 from ekr/issue121_dh_updates Issue121 dh updates | 07 January 2015, 14:13:29 UTC |
2f1958a | EKR | 07 January 2015, 00:14:18 UTC | Remove note that doesn't really apply with negotiated FFDHE | 07 January 2015, 00:14:18 UTC |
7160d82 | EKR | 07 January 2015, 00:11:36 UTC | Update FFDH groups to match draft-05. Fixes #121 | 07 January 2015, 00:11:36 UTC |
f895c84 | ekr | 06 January 2015, 20:23:15 UTC | Merge pull request #122 from ekr/auto_generate_appendix Auto-generate appendix | 06 January 2015, 20:23:15 UTC |
7bb4ad6 | EKR | 06 January 2015, 20:20:40 UTC | Makefile comments from MT | 06 January 2015, 20:20:40 UTC |
1a70878 | EKR | 05 January 2015, 18:56:32 UTC | First cut at auto-generating appendix | 06 January 2015, 19:39:32 UTC |
8a74c88 | EKR | 02 January 2015, 22:41:55 UTC | Fix editorial issues | 02 January 2015, 22:41:55 UTC |
7fb85b5 | EKR | 02 January 2015, 22:22:26 UTC | Remove date for xml2rfc futureproofing | 02 January 2015, 22:22:26 UTC |
533b2c6 | ekr | 30 December 2014, 22:37:08 UTC | Merge pull request #119 from ekr/issue63_session_hash_rebase Issue63 session hash rebase. Fixes #63 | 30 December 2014, 22:37:08 UTC |
ba20ef7 | EKR | 22 December 2014, 21:28:35 UTC | Update to match mailing list comments | 30 December 2014, 22:29:28 UTC |
610005b | EKR | 08 November 2014, 20:21:32 UTC | Update changelog | 30 December 2014, 22:29:28 UTC |
3c6b6d4 | EKR | 08 November 2014, 20:19:42 UTC | Fix diagram. Add author of session hash document | 30 December 2014, 22:29:28 UTC |
0043bb6 | EKR | 04 November 2014, 21:45:34 UTC | Minor comments from Martin | 30 December 2014, 22:29:27 UTC |
21099bc | EKR | 03 November 2014, 17:50:16 UTC | WIP: Add session hash and remote CCS | 30 December 2014, 22:29:27 UTC |
32a08c1 | ekr | 30 December 2014, 19:21:56 UTC | Merge pull request #110 from ekr/issue100_context_strings Issue100 context strings | 30 December 2014, 19:21:56 UTC |
653ce3c | ekr | 30 December 2014, 19:21:47 UTC | Merge pull request #111 from ekr/issue108_106_handshake_numbers Issue108 106 handshake numbers | 30 December 2014, 19:21:47 UTC |
cb74ac5 | Dave Garrett | 30 December 2014, 09:05:40 UTC | Update draft-ietf-tls-tls13.md | 30 December 2014, 09:05:40 UTC |
065a4cd | Dave Garrett | 30 December 2014, 09:02:59 UTC | current consensus SSL2 language Relax the SSL backwards compatibility language to current apparent consensus. A new issue will be opened for the issue of fully prohibiting SSL version 2.0 compatible CLIENT-HELLO support. | 30 December 2014, 09:02:59 UTC |
1f5f5c8 | ekr | 29 December 2014, 23:10:18 UTC | Merge pull request #112 from davegarrett/patch-4 grammar improvement for issue #109 | 29 December 2014, 23:10:18 UTC |
a8b1566 | Dave Garrett | 29 December 2014, 23:09:03 UTC | grammar improvement for issue #109 | 29 December 2014, 23:09:03 UTC |
2acae3b | EKR | 29 December 2014, 22:04:43 UTC | Update changelog | 29 December 2014, 22:04:43 UTC |
281b2b6 | EKR | 29 December 2014, 22:02:29 UTC | Update appendix | 29 December 2014, 22:02:29 UTC |
2bc8062 | EKR | 29 December 2014, 22:00:15 UTC | Renumber handshake message numbers. Fixes #106, Fixes #108 | 29 December 2014, 22:00:56 UTC |
50b516e | EKR | 29 December 2014, 17:15:09 UTC | Trivial editorial from AGL | 29 December 2014, 17:15:09 UTC |
a17839a | EKR | 29 December 2014, 16:58:33 UTC | Change handshake_hashes for CertificateVerify to be the PRF hash | 29 December 2014, 16:58:33 UTC |
148d947 | Adam Langley | 02 December 2014, 01:15:21 UTC | Have CertificateVerify sign a hash of the messages Once padding and context is introduced into the signatures, it's no longer possible for a single running hash to be used for both CertificateVerify and Finished processing. That might cause implementations to have to keep multiple running digests. This change causes a hash of the messages to be signed instead, which solves the problem. If we are using the hash for a signature then we already depend on its second-preimage resistance in any case. | 29 December 2014, 16:49:27 UTC |
c3902e6 | Adam Langley | 01 December 2014, 22:21:09 UTC | Specify padding and context strings for signatures The TLS 1.2 ServerKeyExchange signature never included enough context and it was possible to lift a signature for one ciphersuite into a handshake for a different one. TLS 1.2 only avoided signature repurposing attacks because of luck[1]. Additionally, TLS 1.2 allows an attacker to obtain a signature of a message with a chosen, 32-byte prefix. Because of this, this change causes TLS 1.3 to include 64 bytes of padding at the begining of signed messages in order to easily clear the chosen-prefix and also context strings to ensure that signatures cannot be repurposed. For more context, see https://www.ietf.org/mail-archive/web/tls/current/msg14734.html [1] https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf | 29 December 2014, 16:49:26 UTC |
6d871f3 | Dave Garrett | 24 December 2014, 01:01:03 UTC | Update draft-ietf-tls-tls13.md | 24 December 2014, 01:01:03 UTC |
b4abfbf | Dave Garrett | 24 December 2014, 00:57:52 UTC | prohibit SSL3 negotiation too This merges in language prohibiting SSL3 based on: https://tools.ietf.org/html/draft-ietf-tls-sslv3-diediedie-00 | 24 December 2014, 00:57:52 UTC |
a399011 | Dave Garrett | 23 December 2014, 23:56:14 UTC | shortening text shortening text per Brian's suggestion | 23 December 2014, 23:56:14 UTC |
a080622 | Dave Garrett | 22 December 2014, 23:52:57 UTC | Update draft-ietf-tls-tls13.md | 22 December 2014, 23:52:57 UTC |
1a74c55 | Dave Garrett | 22 December 2014, 23:42:38 UTC | drop SSL2 backwards compatibility SSL 2.0 CLIENT-HELLO support was previously deprecated in TLS 1.2 and SSL 2.0 negotiation was prohibited entirely in RFC 6176. | 22 December 2014, 23:42:38 UTC |
1c897d5 | ekr | 22 December 2014, 21:39:38 UTC | Merge pull request #102 from davegarrett/patch-1 remove obsolete differences since TLS 1.1 section | 22 December 2014, 21:39:38 UTC |
15bdb4a | Dave Garrett | 20 December 2014, 03:28:06 UTC | remove obsolete differences since TLS 1.1 section TLS 1.1 [RFC 4346] & TLS 1.2 [RFC 5246] each only have a list of changes from the immediately previous version. This current draft has both the current changelog since TLS 1.2 and the old list of changes from TLS 1.1 to 1.2. The contents of this old section are no longer relevant, in particular it mentions TLS_RSA_WITH_AES_128_CBC_SHA as MTI which is no longer permitted at all. Suggesting just removing this now. | 20 December 2014, 03:28:06 UTC |
b52af69 | ekr | 01 December 2014, 15:52:47 UTC | Merge pull request #88 from ekr/issue38_remove_renegotiation Issue38 remove renegotiation | 01 December 2014, 15:52:47 UTC |
27a61f8 | ekr | 01 December 2014, 15:51:32 UTC | Merge pull request #86 from ekr/Issue80_single_point_format Issue80 single point format | 01 December 2014, 15:51:32 UTC |
910a9ee | EKR | 13 November 2014, 01:39:52 UTC | Diffs to random commits | 13 November 2014, 01:44:50 UTC |
88e8eba | EKR | 05 November 2014, 01:39:33 UTC | Clean up wording per MT | 05 November 2014, 01:39:33 UTC |
09cf107 | EKR | 05 November 2014, 00:56:19 UTC | Remove renegotiation. Fixes #38 | 05 November 2014, 00:57:25 UTC |
d9c78a3 | EKR | 31 October 2014, 17:30:07 UTC | Fix version | 31 October 2014, 17:30:07 UTC |
e2b98e3 | EKR | 31 October 2014, 17:08:37 UTC | Remove point format negotiation. Fixes 80 | 31 October 2014, 17:08:37 UTC |
3bed720 | ekr | 27 October 2014, 18:09:11 UTC | Merge pull request #84 from ekr/pre_submit_cleanup Pre submit cleanup | 27 October 2014, 18:09:11 UTC |
60937b8 | EKR | 27 October 2014, 16:48:26 UTC | Remove GMT entirely | 27 October 2014, 16:48:26 UTC |
713cae1 | EKR | 27 October 2014, 16:48:16 UTC | Add MT to contributor's list | 27 October 2014, 16:48:16 UTC |
3cd1ec1 | EKR | 27 October 2014, 16:47:49 UTC | Clean up some text. Add people to the contributors list | 27 October 2014, 16:47:49 UTC |
7a731b8 | ekr | 09 October 2014, 19:53:44 UTC | Merge pull request #82 from ekr/Merge_in_ECC_and_FF-DHE Merge in ECC and FF-DHE. Fixes #79. Fixes #73. Fixes #71. Fixes #78. Fix... | 09 October 2014, 19:53:44 UTC |
43dfc24 | EKR | 07 October 2014, 21:56:24 UTC | Require the named_groups extension. Update changelog | 07 October 2014, 21:56:24 UTC |
9901920 | EKR | 07 October 2014, 18:12:15 UTC | Merge in ECC and FF-DHE. Fixes #79. Fixes #73. Fixes #71. Fixes #78. Fixes #57 | 07 October 2014, 18:12:15 UTC |
710ee9b | ekr | 06 September 2014, 21:23:26 UTC | Merge pull request #77 from ekr/issue67_remove_aead_length Remove length from additional_data. Fixes #67. Fixes #47 | 06 September 2014, 21:23:26 UTC |
bcec710 | EKR | 26 August 2014, 16:29:59 UTC | Remove length from additional_data. Fixes #67. Fixes #47 | 26 August 2014, 16:29:59 UTC |
0ea06cc | ekr | 18 July 2014, 20:39:26 UTC | Merge pull request #65 from ekr/issue42_remove_gmt Issue42 remove gmt | 18 July 2014, 20:39:26 UTC |
7c6cce9 | EKR | 18 July 2014, 20:37:00 UTC | Update changes | 18 July 2014, 20:37:00 UTC |
d1748a2 | EKR | 16 July 2014, 15:07:37 UTC | Remove GMT time. Fixes #42 | 16 July 2014, 15:07:37 UTC |
0472bac | EKR | 26 June 2014, 16:37:23 UTC | Checkpoint | 12 July 2014, 18:00:20 UTC |
da567dc | EKR | 08 July 2014, 01:09:26 UTC | Retain .xml for submit | 08 July 2014, 01:09:26 UTC |
7cb4e5e | EKR | 08 July 2014, 00:28:26 UTC | Merge commit | 08 July 2014, 00:28:26 UTC |
7ab9c0d | ekr | 08 July 2014, 00:25:50 UTC | Merge pull request #63 from ekr/remove_dh_x Remove the rest of non-DHE DH | 08 July 2014, 00:25:50 UTC |
9de2c4d | EKR | 08 July 2014, 00:02:15 UTC | Remove the rest of non-DHE DH | 08 July 2014, 00:02:15 UTC |
2079026 | EKR | 07 July 2014, 23:53:13 UTC | Clean up | 07 July 2014, 23:53:13 UTC |
0b0e7b8 | EKR | 07 July 2014, 23:27:44 UTC | Add disclaimer, update changes | 07 July 2014, 23:27:44 UTC |
7052551 | EKR | 07 July 2014, 21:29:58 UTC | Address Wan-Teh Chang's comments | 07 July 2014, 21:29:58 UTC |
3c734b5 | ekr | 06 July 2014, 05:05:15 UTC | Merge pull request #52 from ekr/1rtt First cut at 1RTT handshake. Lots of OPEN ISSUEs and TODOs | 06 July 2014, 05:05:15 UTC |
4dcdc65 | EKR | 06 July 2014, 05:01:40 UTC | Incorporate comments from Hovav Shacham | 06 July 2014, 05:01:40 UTC |
4629590 | EKR | 06 July 2014, 03:31:00 UTC | Fix minor editorial error | 06 July 2014, 03:33:58 UTC |
4030cac | EKR | 03 July 2014, 14:42:16 UTC | Clarify wording per MT's suggestion | 03 July 2014, 14:42:16 UTC |
9d9ba28 | EKR | 03 July 2014, 14:40:15 UTC | Clarify repeat ClientHello and deal with extension duplication | 03 July 2014, 14:40:15 UTC |
27dd2e6 | EKR | 03 July 2014, 14:20:57 UTC | Merge commit | 03 July 2014, 14:20:57 UTC |
5d7157f | Daniel Kahn Gillmor | 02 July 2014, 22:54:47 UTC | Normalize description of supported_signtaure_algorithms Since each SignatureAndHashAlgorithm is 2 octets, and at least one must be supported, the range is 2 - 2^16-2. Note that cipher_suites is already declared in the same way: CipherSuite cipher_suites<2..2^16-2> | 02 July 2014, 22:54:47 UTC |
e03b3c6 | Daniel Kahn Gillmor | 02 July 2014, 22:37:53 UTC | clarify what is an inappropriate ClientKeyExchange | 02 July 2014, 22:37:53 UTC |
ca35851 | Daniel Kahn Gillmor | 02 July 2014, 21:59:43 UTC | clarify what to do when client certificate is requested but unavailable | 02 July 2014, 21:59:43 UTC |
cb26185 | Daniel Kahn Gillmor | 02 July 2014, 21:53:54 UTC | clean up language there is no "first handshake" any more, and the ChangeCipherSpec message is being sent much earlier here. The constraints replaced here don't make sense in the new model. | 02 July 2014, 21:57:48 UTC |
caa8f10 | Daniel Kahn Gillmor | 02 July 2014, 21:46:40 UTC | limit CertificateRequest only to position in the handshake I don't think the CertificateRequest needs to be limited to authenticated servers, or to certain ciphersuites. i note that RFC 5246 (TLS 1.2) does seem to suggest these same limitations, but it's not clear to me why they exist. If we're going for a simpler state machine for TLS 1.3, i see no reason to keep these limitations. | 02 July 2014, 21:46:40 UTC |
3b8ec11 | Daniel Kahn Gillmor | 02 July 2014, 21:42:17 UTC | use the term "custom DHE group" consistently | 02 July 2014, 21:42:17 UTC |
a7c8176 | EKR | 02 July 2014, 21:40:55 UTC | Clean up some legacy artifacts | 02 July 2014, 21:40:55 UTC |
64e2314 | EKR | 25 June 2014, 15:09:21 UTC | WIP: Start work at 1-RTT handshake. Lots of TODOs/OPEN ISSUES | 02 July 2014, 21:21:56 UTC |
68051a3 | ekr | 24 June 2014, 22:09:01 UTC | Merge pull request #48 from dkg/master fix typo | 24 June 2014, 22:09:01 UTC |