BCP 195, RFC 9325 on Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
rfc-editor@rfc-editor.org Wed, 30 November 2022 14:06 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E5AC14CE53; Wed, 30 Nov 2022 06:06:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.947
X-Spam-Level:
X-Spam-Status: No, score=-3.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ydlau9vwsQP; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26B2DC14CE4E; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 0C7A7853FF; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: BCP 195, RFC 9325 on Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, uta@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20221130140609.0C7A7853FF@rfcpa.amsl.com>
Date: Wed, 30 Nov 2022 06:06:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/k8kzFPN3nQK5BAYRpYP4mwApuy8>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 14:06:13 -0000
A new Request for Comments is now available in online RFC libraries.
BCP 195
RFC 9325
Title: Recommendations for Secure Use of
Transport Layer Security (TLS) and Datagram
Transport Layer Security (DTLS)
Author: Y. Sheffer,
P. Saint-Andre,
T. Fossati
Status: Best Current Practice
Stream: IETF
Date: November 2022
Mailbox: yaronf.ietf@gmail.com,
stpeter@stpeter.im,
thomas.fossati@arm.com
Pages: 34
Obsoletes: RFC 7525
Updates: RFC 5288, RFC 6066
See Also: BCP 195
I-D Tag: draft-ietf-uta-rfc7525bis-11.txt
URL: https://www.rfc-editor.org/info/rfc9325
DOI: 10.17487/RFC9325
Transport Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) are used to protect data exchanged over a wide range of
application protocols and can also form the basis for secure
transport protocols. Over the years, the industry has witnessed
several serious attacks on TLS and DTLS, including attacks on the
most commonly used cipher suites and their modes of operation. This
document provides the latest recommendations for ensuring the
security of deployed services that use TLS and DTLS. These
recommendations are applicable to the majority of use cases.
RFC 7525, an earlier version of the TLS recommendations, was
published when the industry was transitioning to TLS 1.2. Years
later, this transition is largely complete, and TLS 1.3 is widely
available. This document updates the guidance given the new
environment and obsoletes RFC 7525. In addition, this document
updates RFCs 5288 and 6066 in view of recent attacks.
This document is a product of the Using TLS in Applications Working Group of the IETF.
BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC