[rfc-dist] BCP 195, RFC 9325 on Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
rfc-editor@rfc-editor.org Wed, 30 November 2022 14:06 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: rfc-dist@ietfa.amsl.com
Delivered-To: rfc-dist@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E5AC14CE53; Wed, 30 Nov 2022 06:06:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.947
X-Spam-Level:
X-Spam-Status: No, score=-3.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ydlau9vwsQP; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26B2DC14CE4E; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 0C7A7853FF; Wed, 30 Nov 2022 06:06:09 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: [rfc-dist] BCP 195, RFC 9325 on Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, uta@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20221130140609.0C7A7853FF@rfcpa.amsl.com>
Date: Wed, 30 Nov 2022 06:06:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rfc-dist/EaTXYWbdOIttl5jHgD-PpFej6II>
X-BeenThere: rfc-dist@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RFC Announcements <rfc-dist.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rfc-dist/>
List-Post: <mailto:rfc-dist@rfc-editor.org>
List-Help: <mailto:rfc-dist-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>, <mailto:rfc-dist-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 14:06:13 -0000
A new Request for Comments is now available in online RFC libraries. BCP 195 RFC 9325 Title: Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Author: Y. Sheffer, P. Saint-Andre, T. Fossati Status: Best Current Practice Stream: IETF Date: November 2022 Mailbox: yaronf.ietf@gmail.com, stpeter@stpeter.im, thomas.fossati@arm.com Pages: 34 Obsoletes: RFC 7525 Updates: RFC 5288, RFC 6066 See Also: BCP 195 I-D Tag: draft-ietf-uta-rfc7525bis-11.txt URL: https://www.rfc-editor.org/info/rfc9325 DOI: 10.17487/RFC9325 Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are used to protect data exchanged over a wide range of application protocols and can also form the basis for secure transport protocols. Over the years, the industry has witnessed several serious attacks on TLS and DTLS, including attacks on the most commonly used cipher suites and their modes of operation. This document provides the latest recommendations for ensuring the security of deployed services that use TLS and DTLS. These recommendations are applicable to the majority of use cases. RFC 7525, an earlier version of the TLS recommendations, was published when the industry was transitioning to TLS 1.2. Years later, this transition is largely complete, and TLS 1.3 is widely available. This document updates the guidance given the new environment and obsoletes RFC 7525. In addition, this document updates RFCs 5288 and 6066 in view of recent attacks. This document is a product of the Using TLS in Applications Working Group of the IETF. BCP: This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC