I-D Action: draft-asmithee-tls-dnssec-downprot-00.txt
internet-drafts@ietf.org Tue, 15 May 2018 18:47 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E8158124205 for <i-d-announce@ietf.org>; Tue, 15 May 2018 11:47:17 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-asmithee-tls-dnssec-downprot-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152641003786.3907.1456267472610457704@ietfa.amsl.com>
Date: Tue, 15 May 2018 11:47:17 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/CTJCWp-KTFUAiZRcE44igriVub0>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 18:47:18 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : TLS Downgrade protection extension for TLS DNSSEC Authentication Chain Extension Authors : Alan Smithee Alan Smithee Filename : draft-asmithee-tls-dnssec-downprot-00.txt Pages : 5 Date : 2018-05-15 Abstract: This draft specifies a TLS extension that adds downgrade protection for another TLS extension, [dnssec-chain-extension]. Without the downgrade protection specified in this TLS extension, the only effect of deploying [dnssec-chain-extension] is to reduce TLS security from the standard "WebPKI security" to "WebPKI or DANE, whichever is weaker". This draft dictates that [dnssec-chain-extension] MUST only be used in combination with this TLS extension, whose only content is a two octet SupportLifetime value. A value of 0 prohibits the TLS client from unilaterally requiring ongoing use of both TLS extensions based on prior observation of their use (pinning). A non-zero value is the value in hours for which this TLS extension as well as [dnssec-chain-extension] MUST appear in subsequent TLS handshakes to the same TLS hostname and port. If this TLS extention or [dnssec-chain-extension] is missing from the TLS handshake within this observed pinning time, the TLS client MUST assume it is under attack and abort the TLS connection. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-asmithee-tls-dnssec-downprot/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-asmithee-tls-dnssec-downprot-00 https://datatracker.ietf.org/doc/html/draft-asmithee-tls-dnssec-downprot-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-asmithee-tls-dnssec-downprot-00… internet-drafts