[TLS] draft-ietf-tls-rfc8446bis-06 posted
Eric Rescorla <ekr@rtfm.com> Mon, 13 March 2023 20:38 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9FE1C14EB19 for <tls@ietfa.amsl.com>; Mon, 13 Mar 2023 13:38:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P3vvaX6R834x for <tls@ietfa.amsl.com>; Mon, 13 Mar 2023 13:38:53 -0700 (PDT)
Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0072C16951C for <tls@ietf.org>; Mon, 13 Mar 2023 13:38:21 -0700 (PDT)
Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-5419d4c340aso79755287b3.11 for <tls@ietf.org>; Mon, 13 Mar 2023 13:38:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; t=1678739900; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=HpZqQzS5vtOfB8QpalK5IRA6t78e/2lhoq8J5KAkR24=; b=pvvV4PtJ9I7mOW65PLBYJMfxMvgUVN9Yi6/2Gyot1WNdBPpN5GzHYZKna86pLxLrIy HLI9rEaWO5uoWBPbGp417MFJHAy7RIqkgfN6jrWeYEiKTM2FTCl+3LB5kmTjG/+dwxxS rRcNKOaAx13mZe1Azmkph4cs+iY249xwlcU0eGJtfl4nstgWCaxh4Pmw1IanLGV2i+WR Bzk7ojFAwQKxl4sdLKYj+Rok2HZ43i4M/XwTM5gVAAbOPwQFlZI8Mh8IFR2hTvNJ0XIJ k/mQOUottNyBdyYKYK6iKn/X2KG2SZuTg8abi+l8/MwNL8WJLYnsxSBJFQN5+JEjoC09 fZOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678739900; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=HpZqQzS5vtOfB8QpalK5IRA6t78e/2lhoq8J5KAkR24=; b=5zM+efVJOg8HODEbMeR8QJfq+PQniQuO0DdhlbLeztgZ1ea437J86BV+T8wohgb8x8 4l3UT5UXyFLGAUvBPREs24FjSiZWUF/jeMgueZeBybtnptVIYEmmw2T2vB2PyPtQJ+dT Ogx8b54PqD8/TY5+xNQuZ/XhUsFehR5vNZSD1oye0ubkY0bJ/1AcmOwv0csiQsJRjfHe 57MBQ9TrDQrwYbTvvlXDr2l187NJtGd5UBc3MSY/An64IDnWif8yO3B13jwy00WSSEB1 qDfdbNwFddJZxyqkhy+rJpGIRmVxlFAiY7aBbx94ZbKjJD/rhqrBW1ZS5xNCJlzKSlyT seNw==
X-Gm-Message-State: AO0yUKUp6TWNCMQ9Y9OXBrdye0RMQ4gpGgEswsi/zLyIUV4Ilsq/GvwZ w5ZUVRIDFOICINvBItiD79oLB7OAni8tbnbxeHzjccO3lajvZxQyGYw=
X-Google-Smtp-Source: AK7set8mYsrm1urCNAkL5070fpI0qojzeeoLFxcoR1Yy7caGeZ+2v+wmFtqEt7qM23DAhfIpGuRyn+DqJtSk2EQvTPw=
X-Received: by 2002:a81:ad19:0:b0:541:a0ab:bd28 with SMTP id l25-20020a81ad19000000b00541a0abbd28mr3206165ywh.4.1678739900544; Mon, 13 Mar 2023 13:38:20 -0700 (PDT)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 13 Mar 2023 13:37:44 -0700
Message-ID: <CABcZeBMHLDn32St2sBPx2cjnZOY7dtYG11Dq84FO2bAz8qTmpg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000071527605f6ce171d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kb_jKe5xbqfmgAj7GOmwQRQidnc>
Subject: [TLS] draft-ietf-tls-rfc8446bis-06 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2023 20:38:54 -0000
Hi,
I just submitted draft-ietf-tls-rfc8446bis-06.
Here is a summary of the Changes since -05. I believe the following
changes are largely uncontroversial and were widely reviewed.
* Advice on key deletion (PR 1282)
* Clarify what unsolicited extensions means (PR 1275)
* close_notify should be warning (PR 1290)
The following got somewhat less review, but I merged in order to get
this in before the deadline. If people feel strongly that I got it
wrong, then please speak up. I also closed a few PRs on these
same topics in favor of the PRs below.
* Discuss the privacy implications of external key reuse (Issue
1287)
* Clarify that you need to ignore NST if you don't do resumption
(Issue 1280)
* Port in text on key update limits from RFC 9147 (Issue 1257)
* Reference RFC 8773 (PR 1296)
* Add some more information about application bindings and cite
6125-bis (PR 1297)
There is one remaining issue, which I was undecided on how to handle:
Security considerations of using same cert for TLS client and server
https://github.com/tlswg/tls13-spec/issues/1291
My sense is that this has seen less analysis than other properties
of TLS 1.3 and we should say that, but I'm open to other approaches.
I don't think the MAY in PR 1292 is sufficient guidance.
Aside from this issue, I believe that this document is ready for
WGLC. If we come to an agreement on how to handle Issue 1921 I
can submit a new draft immediately, or we can treat it as
a LC comment.
-Ekr
- [TLS] draft-ietf-tls-rfc8446bis-06 posted Eric Rescorla