[TLS] I-D Action: draft-ietf-tls-extended-key-update-04.txt

internet-drafts@ietf.org Mon, 03 March 2025 08:09 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <174098936134.380413.3161718326108580842@dt-datatracker-5dd67b77bb-4k4zh>
Date: Mon, 03 Mar 2025 00:09:21 -0800
Message-ID-Hash: KKT4G7NZFEO26LEDJPTBCJCM5RRI3UUY
CC: tls@ietf.org
Reply-To: tls@ietf.org
Subject: [TLS] I-D Action: draft-ietf-tls-extended-key-update-04.txt
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3S9-Q7g-jJy-J5XJikSjK2hbGFs>

Internet-Draft draft-ietf-tls-extended-key-update-04.txt is now available. It
is a work item of the Transport Layer Security (TLS) WG of the IETF.

   Title:   Extended Key Update for Transport Layer Security (TLS) 1.3
   Authors: Hannes Tschofenig
            Michael Tüxen
            Tirumaleswar Reddy
            Steffen Fries
            Yaroslav Rosomakho
   Name:    draft-ietf-tls-extended-key-update-04.txt
   Pages:   16
   Dates:   2025-03-03

Abstract:

   The Transport Layer Security (TLS) 1.3 specification provides forward
   secrecy by utilizing an ephemeral key exchange during the initial
   handshake.  Forward secrecy ensures that even if an attacker later
   obtains a party's long-term private key, past encrypted sessions
   cannot be decrypted.  This protects against adversaries who record
   encrypted conversations in the hope of decrypting them later.

   TLS 1.3 also includes a Key Update mechanism, allowing cryptographic
   keys to be refreshed during an ongoing session.  However, this update
   does not establish new forward-secret key material.  While this is
   generally not an issue for short-lived sessions, it can pose a
   security risk for long-lived connections, such as those in industrial
   IoT or telecommunication networks, where an attacker could compromise
   application traffic secrets after the initial handshake.

   Earlier versions of TLS supported session renegotiation, a mechanism
   that allowed peers to establish new cryptographic parameters within
   an existing session.  This included the ability to update the
   originally used long-term keys (certificates) with renewed
   credentials.  However, due to security vulnerabilities, the
   renegotiation mechanism was modified via RFC 5746 and later removed
   entirely in TLS 1.3, leaving a gap in TLS's ability to refresh
   cryptographic material securely.

   This specification introduces an extended key update mechanism that
   supports forward secrecy, forcing attackers to continuously
   exfiltrate key material throughout the session to decrypt the entire
   conversation.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-update-04.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-extended-key-update-04

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

[TLS] I-D Action: draft-ietf-tls-extended-key-upd… internet-drafts