[TLS] Re: rfc8446bis status
Eric Rescorla <ekr@rtfm.com> Tue, 05 May 2026 23:30 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E5346E98F1FF for <tls@mail2.ietf.org>; Tue, 5 May 2026 16:30:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778023808; bh=P0mrJQAbPxu3IHbfBGSv395yZTADAn6VxLWDIFiddO8=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=eX8DRCJ7TWRxs5OK99vstmvUcSPH4Get0nmz2gfCA6+HLL9CZrFPGmQLSHEUQlBCW DOSs3keqhwTBaR45dCyDzLLQUIyazureM8C1z5wx0MQxwysR3R+vK48KtVmZbyEKt8 xsxQBAK7IwLwRWZkeF9aiW0vJ8ZI5a4ebscTYXe0=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20251104.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyQ4IOtH-917 for <tls@mail2.ietf.org>; Tue, 5 May 2026 16:30:04 -0700 (PDT)
Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C9D93E98F1F8 for <tls@ietf.org>; Tue, 5 May 2026 16:30:04 -0700 (PDT)
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-79a46260385so70743097b3.3 for <tls@ietf.org>; Tue, 05 May 2026 16:30:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1778023804; cv=none; d=google.com; s=arc-20240605; b=er+4PKKIpWqpvgyjZPXTu+5VLV6w63UthV6/wPgbMcg+oB22Ru/Jjdq5NY7Hz4WR/C PxwxtZ7tEBri6zKpxRm83P6pC784I4Nmoh2DMJUbJQZ3nhvTIiBYmZviSJCkHcM4YH2s ZwIv/zbqRZWZOKa2iSumJnYLcjiP/JEi2627G10GExQUAjHSoUpgU/BJMaydKTknhju/ HKR24BK6DbXMFZTribz5stUlRjjP3j/zPrurv22Il6YoJ5Ja2+hadD1TXtdFfHuxxAss sHZ0+L4UgiclBOFk0OrCdNHApnfU8KqX61J/J22xtFmAPDAgGnYZWQ6RbVgc1pVOTPMr g6cg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=H3qhD42x9poyJwJtAPAEr2SZzQHi/Mco+rCSr3yoLvs=; fh=OYgPN6MWsgZsa9vk/ljhfZCa2+K53fR2TUkbYMFSQ5w=; b=VAisvhpfq6LHAjBqkaHUQVLJi3XbJGaPVayc47kUsXC2sPljsU4JyGLUleZ7T0syf1 EEJSkaeK68a07yiKKWixjs8D8UzVbAJ1212ETO1R0Eq/bgOuKi3vLkYjPktI5Rd2MlM0 MN+rNwrfMjs75wYCE4jtepY625vUKByDUn0dGdahOLcDv9gsjxrEGg3o6Zi5B8dFgjP/ VWMsH0yUrQOJ+qHuzIGHJrU2/1vwEbV5ew8gytCD0HSiBitdY9gy6xeq9x7yuboHSzyT ueDghrbJYDLpP8k162oD2hcdnIStDzHu7PcNhNN4GcrdDzDbCwBAcwnlfGoe4jPeEsXv 2lMA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20251104.gappssmtp.com; s=20251104; t=1778023804; x=1778628604; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=H3qhD42x9poyJwJtAPAEr2SZzQHi/Mco+rCSr3yoLvs=; b=VKLTa5sxh9MCPInaMbw2QpmVH9176HHh+mpZQz8a7FsHt8b+/XX18Goxzgzk0zyqHa Urkk8xvFbPDFm6EkCjKNUrtBcZFLJ7LNXqVfI8+zD2VorQxF821TskgafNfgHRD2Cw0Q KmIy4aVrF4TSdQPgYB6pExSGACABzNVw6XCw5PdRKwH9jvJQgNGEHSZRRJtOT4vZdn43 do92YewGQ3Kznj1W4J9NQgvyZkkcLb81Z3iCFo74+5X0odDSL+gfC2roRC6ELpHTtOjt Glk0uQLlb4+MnpeRJX6arIns/RXU2yoovTmd9aU04d14uD04zGGYMz+v1Fckai8WtNjf zC3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778023804; x=1778628604; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=H3qhD42x9poyJwJtAPAEr2SZzQHi/Mco+rCSr3yoLvs=; b=MCVDrpoYyEKTN6J5lAfLB7K8X1JPYzmQ1MJQmNTGVUW0ZFNHdaOLekQyiMiRZsUk8f 7A1f4tr70iptTHih0WgveYNXiNllhpw4u8Bw8ARhb0Uk9ahaqDdADRL8T59bPykiHvGs 3+tA63OETkCvK73Rzfhes/k1J7O+t9+U80mEOXpMoRqlOtxuUvUU7TmCNt73fsI6/5GI wH4/v2POg57Q1KkcdbFyNfL+FtEsENoRXLFdtcbM5D++L4RmBN+B1uex8vFH3jA/FtlY YoQ2NM4Mk/bSeOxuNtq/qOJ1MjcZYRZbDuAMBKWGEh29fmAYnarCR8HtnovY12SBJOWB XNww==
X-Gm-Message-State: AOJu0YzOT9fN6jsqH/4/i+kRJzFbiZGegiCiOhdx9l5GE3oAmiu4/kw/ 10kdBZkqoEmJSsZ3DZrAmdmy9BS+lU9tIjZ6xeFsVpsqOVMzR/seHjAl0E8NtSlkKmmC6U+tLII FOJMiCKiCWy33mF4y/wYSIrSHchtskWvyhc0ANHYXZ4hUHcK+Hec7cyM=
X-Gm-Gg: AeBDietgVnyl/e0tGswm5K/8efnGH1hBrA8c752LcE4zE2mA4tJ3CEKyKeUH3BCkHLA 081PQb/BJMTKdAPD3Y2uucHULLxmNpRDGTENVTT6R3pIs+Y2gdZ80kBa7UAWoFaz6xKGPnq0QrR 8isL48B0JKKa9zMqsYcd4mX37vbJGW0032VzZjDwZqvjSF6aMp99Cf5/UGT0Y4cTeH8gqkCaCDJ 6QP4EAPpI/nvPrWsKBJZ/zJt6ONC+Jxc3ca2NvB81655GZwlms9NWj7w+NLirYPxuCRUFvZp/ZT tQfXa8DaOqJUSwK+K0tkhdor7Iqx+IM4/KUueMkXUIy2TrB43KPYxauIi7MSp6zQNjwVzu5o6EO jhcKmYPnIAnaIjGnMQxTukobRL2ptcDD2
X-Received: by 2002:a05:690c:480a:b0:7b2:9d07:57fb with SMTP id 00721157ae682-7bdf5d9920dmr17373467b3.2.1778023804237; Tue, 05 May 2026 16:30:04 -0700 (PDT)
MIME-Version: 1.0
References: <AS4PR07MB8825673B27A6CCED92F48E18893E2@AS4PR07MB8825.eurprd07.prod.outlook.com>
In-Reply-To: <AS4PR07MB8825673B27A6CCED92F48E18893E2@AS4PR07MB8825.eurprd07.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 05 May 2026 16:29:27 -0700
X-Gm-Features: AVHnY4I0tx7flxJXxAG3pX6Kr0RwXgyGx_vBPXWVDkl-gwi-KbPduDG95OarKY4
Message-ID: <CABcZeBPGeG7s5GcCmPW_4xVM7qioFZjkELH04Xjj7F01nxAP3g@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/alternative; boundary="0000000000004110d506511a6d28"
Message-ID-Hash: 5ZBFIUX26CEUGSESPVZIUWTTQPMUMFXQ
X-Message-ID-Hash: 5ZBFIUX26CEUGSESPVZIUWTTQPMUMFXQ
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: rfc8446bis status
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Raci4Lxm1Tk9IxrCpyQgJHMlXBw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Tue, May 5, 2026 at 2:21 AM John Mattsson <john.mattsson@ericsson.com> wrote: > Hi, > > I looked at https://tlswg.org/tls13-spec/rfc9846.txt > and found some things that I think should be fixed in AUTH48. > I made a PR for the two easy editorial corrections > https://github.com/tlswg/tls13-spec/pull/1416/changes > > Cheers, > John Preuß Mattsson > > ---- > > The heading and abstract are not aligned. > - The heading says it only obsoletes 8446, while the abstract says 5077, > 5246, 6961, 8422, and 8446 > - The heading says 8422 is updates, while the abstract says obsoleted. > > "Obsoletes: 8446 (if approved)" > "Updates: 5705, 6066, 7627, 8422 (if approved)” > > "This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes RFCs > 5077, 5246, 6961, 8422, and 8446." > I'm now trying to recall why we did this. ISTM that given that we are obsoleting 5246 (already done in 8446), we should obsolete all the other specs that only meaningfully apply to 5246. Here's the list: * RFC 5077: Transport Layer Security (TLS) Session Resumption without Server-Side State * RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 * RFC 5705: Keying Material Exporters for Transport Layer Security (TLS) * RFC 6066: Transport Layer Security (TLS) Extensions: Extension Definitions * RFC 6961: The Transport Layer Security (TLS) Multiple Certificate Status Request Extension * RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension * RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier ISTM that this standard applies to all of them, so we should just mark them all Obsoletes. > OLD: record_size_limit [RFC8849] > NEW: record_size_limit [RFC8449] > Fixed in auth48 branch. > > --- > > OLD: as described in Section 4.1.4). > NEW: as described in Section 4.1.4. > Fixed in auth48 branch. > > --- > > "A client sending a ClientHello MUST support all parameters advertised in > it" > > Shouldn't this be "MUST support all non-GREASE [RFC8701] parameters" > See: https://github.com/tlswg/tls13-spec/pull/1421 -Ekr > > --- > > > > > *From: *Rob Sayre <sayrer@gmail.com> > *Date: *Friday, 20 March 2026 at 20:27 > *To: *Eric Rescorla <ekr@rtfm.com> > *Cc: *TLS@ietf.org <tls@ietf.org> > *Subject: *[TLS] Re: rfc8446bis status > > -- > > > > On Fri, Mar 20, 2026 at 12:21 PM Eric Rescorla <ekr@rtfm.com> wrote: > > On Fri, Mar 20, 2026 at 12:19 PM Rob Sayre <sayrer@gmail.com> wrote: > > Hi, > > https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/history/ > > has been in AUTH48 for 3 months now. What's the holdup? > > > The holdup is that we're working through some last minute issues, such as > https://github.com/tlswg/tls13-spec/pull/1410 > > > > I need to cite it. > > > Cite 8446. > > > > Oh I would, but I need to say the equivalent of "master secret". > > thanks, > Rob >
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status John Mattsson
- [TLS] rfc8446bis status Rob Sayre
- [TLS] Re: rfc8446bis status Rob Sayre
- [TLS] Re: rfc8446bis status John Mattsson
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Paul Wouters
- [TLS] Re: rfc8446bis status Salz, Rich
- [TLS] Re: rfc8446bis status Sean Turner
- [TLS] Re: rfc8446bis status Eric Rescorla
- [TLS] Re: rfc8446bis status Eric Rescorla