[TLS] Re: rfc8446bis status
John Mattsson <john.mattsson@ericsson.com> Wed, 06 May 2026 10:41 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D6EADE9CF91B for <tls@mail2.ietf.org>; Wed, 6 May 2026 03:41:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778064081; bh=ZXh7VdD5RNzsB8h5hBUoLebc79Crbg/sqvuz4ZLCus0=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=TFTx03/JZ2xaCsk/SrjeWHc/hyoDjg75dCAA7RHAkYOTLPI32IH6olQ6PuuUGqKwS ChNL9HSvasUL5QtBlqcWRrJf8YsFdq7kKqa1S3J8I/lrQypTwQI8Pt7fyIe4+OqNep xDiDY877mP67u7EjEJ7K3WWtCwzSNU8zilCHmDpg=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55bivEMR7y0I for <tls@mail2.ietf.org>; Wed, 6 May 2026 03:41:17 -0700 (PDT)
Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazon11013065.outbound.protection.outlook.com [52.101.83.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 94D34E9CF909 for <tls@ietf.org>; Wed, 6 May 2026 03:41:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FkygnN7b0r5cEoiqTBuypxDSXzkmLs1UO51boLgS9VQ+6i/1Go+DCZZnPq4w2HBmCE2OrJy/66Fdw0BWvcHQN701tV8XmF8C3AM6eL6L5LnfNKwqGxOjGOxFTw8QQ0M/pvJaAubGpznnkf/nBuMtYPu6AE6vkNtu7RW6JMzkAKmoRQANJSoxG885vlE1MRGeynXjzPv0tJO0gnlclfOpZIYiilf7EJ5Fhku04s7eHauRaq3uE51OjUdknLGoiV/I1xnhjDCIjm8BThPRMjXZq9i2AZ0wfxCEHmU4UO0FufNtDLr82tjiK+5ao0tKRbtFY3lnfCcEQnnNFkN6hDiJJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZXh7VdD5RNzsB8h5hBUoLebc79Crbg/sqvuz4ZLCus0=; b=i6WxioYyjWcrjaGi3VHz0+vLNBTQnxhznCO/9NxNUYk28qdCbOIz5Kc1ld2YAzYIxQuidKc9np3g9NWNEDYU/DdDQwW4+uZRWcoeCV4cBTgcKDgd+RquzXKP6L1C3B1HswAPFbWAP5pxGYqQw8X1jOWjS3UTJUghGHIikwYix7ibeW0jWnhZBPPQG9mka7pZW3uJvMoMtObp5IACDqcOofCfZ57XcuZd+SniG5UNqQLCxMoKc2e5dLnHJuhZZdMXZPpumbM47J6Urt2CpsWFThQ2EyvUka9MXO5WO69cT4GkOOnJ5UZ151skiNr3WFmavIQtSmHSI8my4E+xd8AK7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZXh7VdD5RNzsB8h5hBUoLebc79Crbg/sqvuz4ZLCus0=; b=DjO591R/RmHlb2KDXSIzVdsBH7EvcB2l4cR8Zu3IChKNgRWuK831PdBx8lwUsZeCZ8KMC2+/mAdZVibeBq+LUdhiQCYv/7/+KHyzqzVv14tAcKpdo2aCtO9rBWFF77T7BF0ZztvrTIAhmYlsQXtlwi0EXeoz8Ssd0tp/M4ryjkqeejG8odxzT3tPIICChw4gIcKxTAkuA98JTDVH3HvXRQdpejZCiI8y/RFHOYZGLYnZaJtQwY7cpD61qpZjpOzrvkqHlIp7XzhylcSFyo8KqtZfXXsXegjz+JHcSR37mC/yiGG3ctZFRBWw0xflVleDlZqq4wEaUmIfdGCUsYefGQ==
Received: from AS4PR07MB8825.eurprd07.prod.outlook.com (2603:10a6:20b:4f3::15) by VI0PR07MB12385.eurprd07.prod.outlook.com (2603:10a6:800:321::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Wed, 6 May 2026 10:41:08 +0000
Received: from AS4PR07MB8825.eurprd07.prod.outlook.com ([fe80::11a4:5f37:fa92:f174]) by AS4PR07MB8825.eurprd07.prod.outlook.com ([fe80::11a4:5f37:fa92:f174%6]) with mapi id 15.20.9870.023; Wed, 6 May 2026 10:41:08 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [TLS] Re: rfc8446bis status
Thread-Index: AQHc3G/VcGti1w9i+UerUhoPglgEr7YAFSeAgAC7enA=
Date: Wed, 06 May 2026 10:41:08 +0000
Message-ID: <AS4PR07MB8825F75E271907108957EB5F893F2@AS4PR07MB8825.eurprd07.prod.outlook.com>
References: <AS4PR07MB8825673B27A6CCED92F48E18893E2@AS4PR07MB8825.eurprd07.prod.outlook.com> <CABcZeBPGeG7s5GcCmPW_4xVM7qioFZjkELH04Xjj7F01nxAP3g@mail.gmail.com>
In-Reply-To: <CABcZeBPGeG7s5GcCmPW_4xVM7qioFZjkELH04Xjj7F01nxAP3g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS4PR07MB8825:EE_|VI0PR07MB12385:EE_
x-ms-office365-filtering-correlation-id: a3a42f42-836f-401e-498b-08deab5bfbb8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|8096899003|13003099007|38070700021|18002099003|22082099003|56012099003;
x-microsoft-antispam-message-info: VZeSJEWOAwpooBGLdH3v3ERvo5YQgj70uBPBs8Pse5tsJ3yyPDa+RDdx0Y8mJaCqDEv8Gr4htYP4AS/zA8Gtf373JM6vMV/VKxxtcWhucRFSSfCaG7D2syAs/53OP39Hvw7Yz+QrbU3kIqXj0F1eg2Ra5uFQ8IsUVypO5AdWouPZC/eVzjx5zeKyuPblxFbN1J9NxwojZkMCEChdFzAIT0qZjhMtK+gX3bTQVdIYvuG0glxkVwhdBjBARvdSn9O3ugcyocX+1yzAuEjx40cM6YIrIKVqbtRERiHt0UG1mfuWmxoBM3MZJNa8h4LOiKXr0QVjIatvE/IZaHeIf9RWf7b+H4WIOdXcM/Bq4WYcxQQm1BuYpG2awMa1cSCf4QQMRHFlrbkleGwW/aHlgoj6KhEepOOKzDRG3Krk82iZO9zekYMSFPMtThuOQfJ5aIUnyabRyrDFC2P+90rnU9FZAD0S4WNsXwtvNwNbVy6efZjxYRmrywXzk67luA4gbYNRKXH40LQDFjGZD9BMVeAT5z0k2eshCfdl4aGFymIhuxBErMEybOlbkX8qjn1tZDDe04ItJKlaco5V4ifPsMRToQ3FWXCH47rsbWVYpcGXWWLW9M/tZTPQNKh19GzJV9inL76oX27Pu2PAjNN/lrB/xw1ucV/D8z5xRD0LMCBqyBROkunNa89lc7GgbslUb9QgZ75Acw/DahkmoMc991VZkg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR07MB8825.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(8096899003)(13003099007)(38070700021)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dGG8GfFcjfKN0Vaogks8+ammPqwiWw2LVdhOi2ugP6W9cty0CVy+Ncvgu4vjNMpkr6PCdOszPoCb6YoUZeoJvjyBkA+v7/FutO1UrdDeXFLsGJ7oP/xaQ9CfmzU4WB68gnYNpWy2nIfyQz7oqivZ/FONrTw+m6ciRh3jElKDTArh1bVFHsbhS/+GGMm8eCrpr2sHbc72yYcgvkQ7jpHY3pFhQuLA0QjMSZEsA73FjQ1Ec8DERDTQ/toHtrIIiz7eiZtOFpvAvyvld8XQtp/8KGQyLcJxJNsGND5BCUORIIKBllfzVpoZ6GECu63U4UVVej28YVVu4JJVW4gcUU5OnjrmFMscProjjuDG/Hy1KOGwWJzoQB56mZokvF2wKV5cqAYMQEpEdnjBEaijC/NUlGAC0W5HUncrWaL65Fb2bbT+ca/ulSyvUI44kSOM6OQw+QHX62+28xrr1mryGwH0RPeKF/e2zeCUqBuwMOQFlqSAAyXC7PbJuZ6MJIxogRtd6l6WmLaUnfAas8g/tli69nAMphRm9KbQ6fcicqG2uNVseIdq0IY2eEcj8ngGdKRuE2JRGlDTXuGJpV6qtlq/ZmAzLQyfWQcEFh0WCcWHTSSRdQhqv5zC90x6Qnj5YtxFD59dip0bY229yiVAtOYtA0lqdE4/CzKIj3nkA5RUs4WVXcfS95ebPls0r85U4VAMeVcuUeCQbj1nIZsw4hgtFvNQ3C0F1m6eLGbw1Mm/SXb20CIJrpZCRZzhAuQG6z3rg8wfHY/tQsaqHgkN9ngrVNRrR7v6GeW2EeCxAPvBnb6zg5K8pxtrDYWdThhAcy0Jx/o92V5qKb7FVWQB06DLgFGVd8fkI2vKD8dVSQ4BEI8tU22u8xRLaqmxyJIVaB8L73cLe9ma3HRlRrBpLY879zva0S62Vrk/KfleKd+Y/H2m+yCVGJNAFTLjVVM5RVnGNkiHaeMCB/7qlULQ3LkrNasfAC2v1OKg7y+s9k/aiAIrATjsKgRagVAH1s6Yq/l9pPOBK6vXCnnB2E5fUWliqBYQdOxMMz6eLqIMai/9fPPzU0hVL2/hZkBUEe57IhXKIBy1lGUB+S0gmh5Oi7QAQbOQRdF/47paQSDhzQbfnuLjkPZFgnW8XQSttzhBmAwTsCqTmKFvazRxqgDtEuYv+HXTOhgFOoEgPYusI7uTM1FZTdjLNUBJw9WqCiDVgF01vI0uWViywWntZACmB0+QndtCupMHvvNL4Akvpnjbt9ObgBB14Evzjsfsg4P25urWN9V0Q43t6aDqdCydb/X0MYGeVPPtjtPtITKQs9xB0jgNUkdEUjvxUoX3lGaeDjiaxENkrklwSCqNWzR9aM5uqRtagF/FNzPUzdGRVtCsh0s1e1VOgfyD4GFterKqYODOgWb2MBgbvVbxViT2EcGeh74pgaBSnbIfm6XubmfilfIN2iiVBadlrGEFtmTroZdN/SdB03zCo/f8XKQZmVqBYpkRgRTrtKhipv4gj/bUb6ydqIBRG9vvxeEbCayDM50532pek/kxIOsuoL10DDMnKb0XNdO+if+EgZDt8hIb/KoaDEG4n0CGtyMe9e+vT71TUrDAmFfiM0f/G3Ji2hX8FNqjt2z0vvV3dcL/w2rnWCqYe1Wd5tyKHwz55ASniExBtRVuqMX6R9py3JpEvwo3zu8cajEAzEBaI3wbVdOCDemutl09aYD3G8ZnYcR8I1+fyfs2181Hpay+cr66okCvPZ3XjyHvFk+UZbmsuGciNDY=
Content-Type: multipart/alternative; boundary="_000_AS4PR07MB8825F75E271907108957EB5F893F2AS4PR07MB8825eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS4PR07MB8825.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a3a42f42-836f-401e-498b-08deab5bfbb8
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 May 2026 10:41:08.6384 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AyH+MNnldgNEiavT8ZNFtLJ2e0wls+9JCKQI7UwwranChW5nBL2Y2tkO+VVBSa9kWx58n8FgBS4bUzdfQKM56thZWQ51+J/FAu+LReJVMqo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR07MB12385
Message-ID-Hash: KKUSHEKOQ6HWYIDHSGZANWTGK22S4B67
X-Message-ID-Hash: KKUSHEKOQ6HWYIDHSGZANWTGK22S4B67
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: rfc8446bis status
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BBCONW1ch9SKIoVNiBzqO64IXRw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I tried to make an PR fixing the inconsistencies between abstract and header: - Adding all obsolete drafts from the abstract to the heading - fixing that 8422 is not both updated and obsoleted - Changed "Negotiated Groups" to "Supported Groups". The term "Negotiated Groups" is only used once and never again. https://mailarchive.ietf.org/arch/msg/tls/Raci4Lxm1Tk9IxrCpyQgJHMlXBw/ Eric Rescorla wrote: >I'm now trying to recall why we did this. ISTM that given that we are >obsoleting 5246 (already done in 8446), we should obsolete all the >other specs that only meaningfully apply to 5246. Here's the >list: > > * RFC 5077: Transport Layer Security (TLS) Session Resumption without >Server-Side State > * RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 > * RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) > * RFC 6066: Transport Layer Security (TLS) Extensions: Extension >Definitions > * RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status >Request Extension > * RFC 7627: Transport Layer Security (TLS) Session Hash and Extended >Master Secret Extension > * RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport >Layer Security (TLS) > Versions 1.2 and Earlier Note that 5705, 6066, and 7627 are listed as updated and not obsoleted Cheers, John Preuß Mattsson From: Eric Rescorla <ekr@rtfm.com> Date: Wednesday, 6 May 2026 at 01:30 To: John Mattsson <john.mattsson@ericsson.com> Cc: tls@ietf.org <tls@ietf.org> Subject: Re: [TLS] Re: rfc8446bis status On Tue, May 5, 2026 at 2:21 AM John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> wrote: Hi, I looked at https://tlswg.org/tls13-spec/rfc9846.txt and found some things that I think should be fixed in AUTH48. I made a PR for the two easy editorial corrections https://github.com/tlswg/tls13-spec/pull/1416/changes Cheers, John Preuß Mattsson ---- The heading and abstract are not aligned. - The heading says it only obsoletes 8446, while the abstract says 5077, 5246, 6961, 8422, and 8446 - The heading says 8422 is updates, while the abstract says obsoleted. "Obsoletes: 8446 (if approved)" "Updates: 5705, 6066, 7627, 8422 (if approved)” "This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes RFCs 5077, 5246, 6961, 8422, and 8446." I'm now trying to recall why we did this. ISTM that given that we are obsoleting 5246 (already done in 8446), we should obsolete all the other specs that only meaningfully apply to 5246. Here's the list: * RFC 5077: Transport Layer Security (TLS) Session Resumption without Server-Side State * RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 * RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension * RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension * RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier ISTM that this standard applies to all of them, so we should just mark them all Obsoletes. OLD: record_size_limit [RFC8849] NEW: record_size_limit [RFC8449] Fixed in auth48 branch. --- OLD: as described in Section 4.1.4). NEW: as described in Section 4.1.4. Fixed in auth48 branch. --- "A client sending a ClientHello MUST support all parameters advertised in it" Shouldn't this be "MUST support all non-GREASE [RFC8701] parameters" See: https://github.com/tlswg/tls13-spec/pull/1421 -Ekr --- From: Rob Sayre <sayrer@gmail.com<mailto:sayrer@gmail.com>> Date: Friday, 20 March 2026 at 20:27 To: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> Cc: TLS@ietf.org<mailto:TLS@ietf.org> <tls@ietf.org<mailto:tls@ietf.org>> Subject: [TLS] Re: rfc8446bis status -- On Fri, Mar 20, 2026 at 12:21 PM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote: On Fri, Mar 20, 2026 at 12:19 PM Rob Sayre <sayrer@gmail.com<mailto:sayrer@gmail.com>> wrote: Hi, https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/history/ has been in AUTH48 for 3 months now. What's the holdup? The holdup is that we're working through some last minute issues, such as https://github.com/tlswg/tls13-spec/pull/1410 I need to cite it. Cite 8446. Oh I would, but I need to say the equivalent of "master secret". thanks, Rob
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status John Mattsson
- [TLS] rfc8446bis status Rob Sayre
- [TLS] Re: rfc8446bis status Rob Sayre
- [TLS] Re: rfc8446bis status John Mattsson
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Paul Wouters
- [TLS] Re: rfc8446bis status Salz, Rich
- [TLS] Re: rfc8446bis status Sean Turner
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Eric Rescorla