[TLS] I-D Action: draft-ietf-tls-session-hash-05.txt

internet-drafts@ietf.org Thu, 16 April 2015 22:54 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE76A1A916A; Thu, 16 Apr 2015 15:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYEqDsY6ltBd; Thu, 16 Apr 2015 15:54:31 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E571A9143; Thu, 16 Apr 2015 15:54:31 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150416225431.22606.93480.idtracker@ietfa.amsl.com>
Date: Thu, 16 Apr 2015 15:54:31 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jFe1hKGgwrKFC_r1Se7VZ0-wM8U>
Cc: tls@ietf.org
Subject: [TLS] I-D Action: draft-ietf-tls-session-hash-05.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2015 22:54:32 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Transport Layer Security Working Group of the IETF.

        Title           : Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
        Authors         : Karthikeyan Bhargavan
                          Antoine Delignat-Lavaud
                          Alfredo Pironti
                          Adam Langley
                          Marsh Ray
	Filename        : draft-ietf-tls-session-hash-05.txt
	Pages           : 14
	Date            : 2015-04-16

Abstract:
   The Transport Layer Security (TLS) master secret is not
   cryptographically bound to important session parameters such as the
   server certificate.  Consequently, it is possible for an active
   attacker to set up two sessions, one with a client and another with a
   server, such that the master secrets on the two sessions are the
   same.  Thereafter, any mechanism that relies on the master secret for
   authentication, including session resumption, becomes vulnerable to a
   man-in-the-middle attack, where the attacker can simply forward
   messages back and forth between the client and server.  This
   specification defines a TLS extension that contextually binds the
   master secret to a log of the full handshake that computes it, thus
   preventing such attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-tls-session-hash-05

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-tls-session-hash-05


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/