Return-Path: <kondtir@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 902BAC1D5C73
	for <tls@mail2.ietf.org>; Mon,  2 Mar 2026 04:19:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id iynKRaJT6Wax for <tls@mail2.ietf.org>;
	Mon,  2 Mar 2026 04:19:08 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com
 [IPv6:2a00:1450:4864:20::62b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id 10048C1D5C6C
	for <tls@ietf.org>; Mon,  2 Mar 2026 04:19:08 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id
 a640c23a62f3a-b904e1cd038so581118466b.1
        for <tls@ietf.org>; Mon, 02 Mar 2026 04:19:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772453947; cv=none;
        d=google.com; s=arc-20240605;
        b=RXpcAWobxVpa983wSLOZp5UOMZ79K5Y67I+beKDIyo9HnLNwTMnKsYad8a65yNSRlz
         rzePk6sJfKFUC6bX59CwUkLZOuwygSHUc4tqYR+/OrHlyRXkuw1OuwMv73gSy7weMXtM
         Rv7yZXSTR82ToeLjjOMrFAuA3WG7hhV9z1uw5+wiK81IWGj7171MPMLhISSrUL8mEdNo
         589Z954dcjZyvWvESc+HlWwOiWKlcfe8Vwgrfxo4UCb4FeN0DIWArJj3VjULoU8Ie2KE
         BvkC9uSmkAdLzWjVz09TwaDd5pYORqf0KzzWZcJIdl1DPyGIHZLae+KyTpQX2oczLlvg
         NQiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=oIr9PWbWkN5gqc5doB0AxwNcyClEFeRLIcDGwcwNZhI=;
        fh=6dNaabedNczh5TXKCP3vnXRLFdmtidwzU4uB2XwvFYI=;
        b=KEzCaxQ3YhUWw732p5dG30TCGUDSsPcXsf+9W8sLlX1ib09DgQ8OW3Ez45zkHsu0/E
         yq/jj5O91/ooltBnP7YNAW0Atzb2jE8CrmgXyzBOZwHMhE+G+V37xo/MtDoWpH2SOS+d
         X8sAhNjKa+wj/AOAbMuXijWA2AlHTFvz5Yv6ELSiuZOoxc7xvrsAflwfI9+Okdn39gGG
         TCE4gifqXy38Lswd2fhARBDSHAfV7K1zdoc1TAmfh8TdKatrBC65U646AO7WxVYmok1/
         H5bRQ4Fc6yuczYUq7uDWd01fOA9nBDnOTYE1nR4C6erh1C+ad2KETzpPv+s8xCAy8tjO
         Vcew==;
        darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772453947; x=1773058747; darn=ietf.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=oIr9PWbWkN5gqc5doB0AxwNcyClEFeRLIcDGwcwNZhI=;
        b=B6UnZMUVWAMk7HlvDT5beNBFGbu0Ex6EFmOzypMJ2EUruMgbVRLQ2GBApEHeQur7NF
         EG3dvolGs8MB6b8zuVRsPdf15HWY8g5ildYbQEvCnaCSOuvyApI+nYQrK6lGTcnkDVGM
         dAzJApdVvJ+6QwXHUiKyylZPWM3z2wIGalXu1Lz0PkYkIK08Fj1R7sYijyZLHpTRHjE2
         rvPoRdapa3B2OVfrCCKfzMx/a+ssEk3IsKC3r6oVakhmCZbB58nGRAxXb79Ig5bpASPq
         PrKc7ZDY+LjBKLJ4qHaRDtYR1Ljz+RVKvQewQ2bFCzckj21yzNThPu8NDs1yGYJGdOYf
         mb3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772453947; x=1773058747;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=oIr9PWbWkN5gqc5doB0AxwNcyClEFeRLIcDGwcwNZhI=;
        b=RVi+ZT74dYrJVdafeGJmtnTVuc1u+7FrLJox9o10Eiw9rbbQAC34dyVHIdKxuDFvav
         o0RTsYDyT9OTObEs1HAeAk/uk3BiYFAOXMmmxDAX4XCOUQ9XycEDbN1LG8enFLPdri6U
         kNZZLM+NRlyzhlnA/GIjSERKvVKAeSvmtH9vC/nIec1QHW4CRL0NAd1rLSe12GyWjqg8
         xwq9hiWTzu/EXY6IqqyzWlwUNyILlAiSEivR0RVCSM+mKfcAXPbpXQi/eFVb1Ch1+Xa4
         qMNlvPCBW82Xri7m84XUWmqoM/JaktECLUN59i+BgFp8+HaO74dT5hyD7R/OlVfVW4S0
         oEvg==
X-Gm-Message-State: AOJu0YxMb1PZg81dld+288qaTywm1Aff+iMsWT4fTHASRSd3Tj5S7OGh
	iVs5QUmuZbAdrjNMWijsUMqQMehT1KoeMNPF3S75tKHQtzuSAlmKHR1enwTW7ssQhdLnXH88Tgl
	MfC5kea6wQdJ3Q6stfazo/nudrTbJKCoOrBAy
X-Gm-Gg: ATEYQzxfjZHuMv8gDqW6wvIQs29MtvsCIOTu02ndgG7r+Ee4Wodv9eLWh07AB8jr+8O
	G03Q15+vvuiCqS8xk5p8G7vbJ3lwl0SJdtFNMRPTGaCOLWD3XV00nBr1K3FrC50HYXndvKZoKAY
	r+cZUqQJWvvLUTx/H20XhBNTzyjPVaK7iVEENCTU4p6YHdLnNdnxqKaejvmlWvkpcnFmpbPBGV7
	lTcPc1vsXRomKeOjvCOHrDCU3yXxgqw5kNmB37RqgLgN76qyA9LpldzNhtNWtDHdVDb5VsfB/Fu
	vKCVRTeb7Yl3wT1ut7Q=
X-Received: by 2002:a17:907:9691:b0:b8f:a32d:b90c with SMTP id
 a640c23a62f3a-b93764c79a2mr680817266b.38.1772453946353; Mon, 02 Mar 2026
 04:19:06 -0800 (PST)
MIME-Version: 1.0
References: 
 <177245334761.3494122.16417546920214555219@dt-datatracker-6ff7c68975-7k42g>
In-Reply-To: 
 <177245334761.3494122.16417546920214555219@dt-datatracker-6ff7c68975-7k42g>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 2 Mar 2026 17:48:29 +0530
X-Gm-Features: AaiRm507ASHCskt-oymlc5euhA62C5U_k8zoE4pb5ZNOqJm_40LrVxWp8zS4g-o
Message-ID: 
 <CAFpG3gdR3omguE1-A-SFhgq+JukDer3Uk9kk58TvrBa+ZFO6fA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000da6c04064c0997b9"
Message-ID-Hash: 5EYGZKQ4A2KNTP4RNCXD7TQIW4ROTPAV
X-Message-ID-Hash: 5EYGZKQ4A2KNTP4RNCXD7TQIW4ROTPAV
X-MailFrom: kondtir@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-tls.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BTLS=5D_Fwd=3A_I-D_Action=3A_draft-ietf-tls-extended-key-update-?=
	=?utf-8?q?10=2Etxt?=
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/tls/KFUD3FPcrUlJmnXSyb3s25UFbdo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

--000000000000da6c04064c0997b9
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi ,

The main changes in
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/ addres=
ses
the session resumption threat identified by the FATT team. The revised
draft also tightens serialization rules between EKU and post-handshake
client authentication to address the comments from Ilari.

Best Regards,
-Tiru

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Mon, 2 Mar 2026 at 17:39
Subject: [TLS] I-D Action: draft-ietf-tls-extended-key-update-10.txt
To: <i-d-announce@ietf.org>
Cc: <tls@ietf.org>


Internet-Draft draft-ietf-tls-extended-key-update-10.txt is now available.
It
is a work item of the Transport Layer Security (TLS) WG of the IETF.

   Title:   Extended Key Update for Transport Layer Security (TLS) 1.3
   Authors: Hannes Tschofenig
            Michael T=C3=BCxen
            Tirumaleswar Reddy
            Steffen Fries
            Yaroslav Rosomakho
   Name:    draft-ietf-tls-extended-key-update-10.txt
   Pages:   41
   Dates:   2026-03-02

Abstract:

   TLS 1.3 ensures forward secrecy by performing an ephemeral Diffie-
   Hellman key exchange during the initial handshake, protecting past
   communications even if a party's long-term keys (typically a private
   key with a corresponding certificate) are later compromised.  While
   the built-in KeyUpdate mechanism allows application traffic keys to
   be refreshed during a session, it does not incorporate fresh entropy
   from a new key exchange and therefore does not provide post-
   compromise security.  This limitation can pose a security risk in
   long-lived sessions, such as those found in industrial IoT or
   telecommunications environments.

   To address this, this specification defines an extended key update
   mechanism that performs a fresh Diffie-Hellman exchange within an
   active session, thereby ensuring post-compromise security.  By
   forcing attackers to exfiltrate new key material repeatedly, this
   approach mitigates the risks associated with static key compromise.
   Regular renewal of session keys helps contain the impact of such
   compromises.  The extension is applicable to both TLS 1.3 and DTLS
   1.3.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-update-10.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-tls-extended-key-upd=
ate-10

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

--000000000000da6c04064c0997b9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi ,<br><br>The main changes in=C2=A0<a href=3D"https://da=
tatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/" rel=3D"noreferr=
er" target=3D"_blank">https://datatracker.ietf.org/doc/draft-ietf-tls-exten=
ded-key-update/</a>=C2=A0addresses the session resumption threat identified=
 by the FATT team. The revised draft also tightens serialization rules betw=
een EKU and post-handshake client authentication to address the comments fr=
om Ilari.<div><br><div>Best Regards,<br>-Tiru<br><br><div class=3D"gmail_qu=
ote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">----------=
 Forwarded message ---------<br>From: <span dir=3D"auto">&lt;<a href=3D"mai=
lto:internet-drafts@ietf.org">internet-drafts@ietf.org</a>&gt;</span><br>Da=
te: Mon, 2 Mar 2026 at 17:39<br>Subject: [TLS] I-D Action: draft-ietf-tls-e=
xtended-key-update-10.txt<br>To:  &lt;<a href=3D"mailto:i-d-announce@ietf.o=
rg">i-d-announce@ietf.org</a>&gt;<br>Cc:  &lt;<a href=3D"mailto:tls@ietf.or=
g">tls@ietf.org</a>&gt;<br></div><br><br>Internet-Draft draft-ietf-tls-exte=
nded-key-update-10.txt is now available. It<br>
is a work item of the Transport Layer Security (TLS) WG of the IETF.<br>
<br>
=C2=A0 =C2=A0Title:=C2=A0 =C2=A0Extended Key Update for Transport Layer Sec=
urity (TLS) 1.3<br>
=C2=A0 =C2=A0Authors: Hannes Tschofenig<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Michael T=C3=BCxen<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Tirumaleswar Reddy<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Steffen Fries<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Yaroslav Rosomakho<br>
=C2=A0 =C2=A0Name:=C2=A0 =C2=A0 draft-ietf-tls-extended-key-update-10.txt<b=
r>
=C2=A0 =C2=A0Pages:=C2=A0 =C2=A041<br>
=C2=A0 =C2=A0Dates:=C2=A0 =C2=A02026-03-02<br>
<br>
Abstract:<br>
<br>
=C2=A0 =C2=A0TLS 1.3 ensures forward secrecy by performing an ephemeral Dif=
fie-<br>
=C2=A0 =C2=A0Hellman key exchange during the initial handshake, protecting =
past<br>
=C2=A0 =C2=A0communications even if a party&#39;s long-term keys (typically=
 a private<br>
=C2=A0 =C2=A0key with a corresponding certificate) are later compromised.=
=C2=A0 While<br>
=C2=A0 =C2=A0the built-in KeyUpdate mechanism allows application traffic ke=
ys to<br>
=C2=A0 =C2=A0be refreshed during a session, it does not incorporate fresh e=
ntropy<br>
=C2=A0 =C2=A0from a new key exchange and therefore does not provide post-<b=
r>
=C2=A0 =C2=A0compromise security.=C2=A0 This limitation can pose a security=
 risk in<br>
=C2=A0 =C2=A0long-lived sessions, such as those found in industrial IoT or<=
br>
=C2=A0 =C2=A0telecommunications environments.<br>
<br>
=C2=A0 =C2=A0To address this, this specification defines an extended key up=
date<br>
=C2=A0 =C2=A0mechanism that performs a fresh Diffie-Hellman exchange within=
 an<br>
=C2=A0 =C2=A0active session, thereby ensuring post-compromise security.=C2=
=A0 By<br>
=C2=A0 =C2=A0forcing attackers to exfiltrate new key material repeatedly, t=
his<br>
=C2=A0 =C2=A0approach mitigates the risks associated with static key compro=
mise.<br>
=C2=A0 =C2=A0Regular renewal of session keys helps contain the impact of su=
ch<br>
=C2=A0 =C2=A0compromises.=C2=A0 The extension is applicable to both TLS 1.3=
 and DTLS<br>
=C2=A0 =C2=A01.3.<br>
<br>
The IETF datatracker status page for this Internet-Draft is:<br>
<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-upd=
ate/" rel=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/doc=
/draft-ietf-tls-extended-key-update/</a><br>
<br>
There is also an HTML version available at:<br>
<a href=3D"https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-upda=
te-10.html" rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/archi=
ve/id/draft-ietf-tls-extended-key-update-10.html</a><br>
<br>
A diff from the previous version is available at:<br>
<a href=3D"https://author-tools.ietf.org/iddiff?url2=3Ddraft-ietf-tls-exten=
ded-key-update-10" rel=3D"noreferrer" target=3D"_blank">https://author-tool=
s.ietf.org/iddiff?url2=3Ddraft-ietf-tls-extended-key-update-10</a><br>
<br>
Internet-Drafts are also available by rsync at:<br>
rsync.ietf.org::internet-drafts<br>
<br>
<br>
_______________________________________________<br>
TLS mailing list -- <a href=3D"mailto:tls@ietf.org" target=3D"_blank">tls@i=
etf.org</a><br>
To unsubscribe send an email to <a href=3D"mailto:tls-leave@ietf.org" targe=
t=3D"_blank">tls-leave@ietf.org</a><br>
</div></div></div></div>

--000000000000da6c04064c0997b9--