[TLS] RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
rfc-editor@rfc-editor.org Wed, 16 September 2015 20:45 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED4A1A1A7B; Wed, 16 Sep 2015 13:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.912
X-Spam-Level:
X-Spam-Status: No, score=-106.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cpfonlJUZDhW; Wed, 16 Sep 2015 13:45:31 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) by ietfa.amsl.com (Postfix) with ESMTP id EEDA51A1A77; Wed, 16 Sep 2015 13:45:30 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id A9F2B180205; Wed, 16 Sep 2015 13:44:58 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
X-PHP-Originating-Script: 1005:ams_util_lib.php
From: rfc-editor@rfc-editor.org
Message-Id: <20150916204458.A9F2B180205@rfc-editor.org>
Date: Wed, 16 Sep 2015 13:44:58 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/aLRgjwkGqpGKE53efU89U2otNOM>
Cc: drafts-update-ref@iana.org, tls@ietf.org, rfc-editor@rfc-editor.org
Subject: [TLS] RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 20:45:32 -0000
A new Request for Comments is now available in online RFC libraries. RFC 7627 Title: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension Author: K. Bhargavan, Ed., A. Delignat-Lavaud, A. Pironti, A. Langley, M. Ray Status: Standards Track Stream: IETF Date: September 2015 Mailbox: karthikeyan.bhargavan@inria.fr, antoine.delignat-lavaud@inria.fr, alfredo.pironti@inria.fr, agl@google.com, maray@microsoft.com Pages: 15 Characters: 34788 Updates: RFC 5246 I-D Tag: draft-ietf-tls-session-hash-06.txt URL: https://www.rfc-editor.org/info/rfc7627 DOI: http://dx.doi.org/10.17487/RFC7627 The Transport Layer Security (TLS) master secret is not cryptographically bound to important session parameters such as the server certificate. Consequently, it is possible for an active attacker to set up two sessions, one with a client and another with a server, such that the master secrets on the two sessions are the same. Thereafter, any mechanism that relies on the master secret for authentication, including session resumption, becomes vulnerable to a man-in-the-middle attack, where the attacker can simply forward messages back and forth between the client and server. This specification defines a TLS extension that contextually binds the master secret to a log of the full handshake that computes it, thus preventing such attacks. This document is a product of the Transport Layer Security Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/rfc.html Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC