[TLS] draft-ietf-tls-tls13 posted

Eric Rescorla <ekr@rtfm.com> Wed, 26 October 2016 05:44 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E9D20129A10 for <tls@ietfa.amsl.com>; Tue, 25 Oct 2016 22:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Ud4seqz6MuU4 for <tls@ietfa.amsl.com>; Tue, 25 Oct 2016 22:44:43 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6DB0129A18 for <tls@ietf.org>; Tue, 25 Oct 2016 22:44:39 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id w3so960242ywg.1 for <tls@ietf.org>; Tue, 25 Oct 2016 22:44:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=NNm4eT1ifwyGdyFF4yZLSm2gGfnH6JOgbth3z4vvmRU=; b=YTMtEWdSZmM0WfsPalr6tNl7UU8cPkNATUUGWlbAURxe1IO+UMqbcFekFig/+RQwBI cYDnGBkT/x0J9I7o38ilHR2SQpyhgj1s23vPzmY3r0fJ5yNwZGD5YDqDgPeQzzrbOLAP VHjBn1jwwQ0cZiylqA7qUs9MJxOMHWZbmW9H1/SUsXzxckbwWAAdDlYNQeWYTWt+w5fP 0Pg/pTU7oA2It0kPeHaFt9+OZ4AT19KlKfjPio4f8nBtmn7tKdJio/cPTh4vwfUXRIP0 fmgrUiAOuszJnpwio9b9gnEfGgDW9r59OUiR1TK96XivFyiwUJMEtuOePMSxVQK5Pe5o bUBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=NNm4eT1ifwyGdyFF4yZLSm2gGfnH6JOgbth3z4vvmRU=; b=m+KHXpAME3tuTBbwUb5IC+FTj+18OJKkrkMHTrOmxgmiwIv7HxKteWtUH88x6Sw/S2 VJTH2zv8WU4UA5l4C/jtK7sz/ugQB+F49iIjHdV1TfmcnoPPSD3qYiDZhvjxNWFReJgj N+IR1DefBjg/BVoNjczAsdJlyky8JR+G3Qgr/7Pfm3pZy6hPHhva5SNADypu86MHeQ6g KEL9VmmuTo8zrjz2DaX6H0gjjOrQ+4CgB60jWwlIxgZW6hf+LEwP4KI6NW73rvebeGz6 7qubvopj77SYITJYEI7Lv35nwR9AtHvPs830M2UzkmDShjgd9BbNrhmCGbod+LwkxblP hWOQ==
X-Gm-Message-State: ABUngve6g7YPXCRDbg3uFinIJmfpXYbc6iJbwrrYrIgV4kGHNA8vOXgsse5/naoCcncm75UNmmkqgutRgwRuNA==
X-Received: by with SMTP id c188mr293108ywb.21.1477460678654; Tue, 25 Oct 2016 22:44:38 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 25 Oct 2016 22:43:58 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 26 Oct 2016 16:43:58 +1100
Message-ID: <CABcZeBMRNf3EEtKMus9Rhy=h0y7jjxm8w1AumU=0bwY1zyiXQQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a114ddac6ebe9c5053fbe1eef
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nmyJrZPGm1R81F88EiLrutmflHY>
Subject: [TLS] draft-ietf-tls-tls13 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 05:44:45 -0000


I have just posted draft-ietf-tls-tls13-18.

The only wire format change from -17 is that I removed the extra key
derivation stage computing resumption_psk from RMS. This was a
holdover from when we also had a resumption context. Now PSK for
connection N+1 = RMS from connection N. Thanks to Kazuho for
suggesting this simplification.

This draft also makes a number of minor editorial changes that
should make for easier reading.

The two remaining open technical issues I am aware of are both
requirements issues:

1. Can you resume with a different SNI than the one that the
   connection was initiated with [current answer is "no"]?

2. Do you need an application profile to do post-handshake
   client auth [current answer is "no"]?

There has been a bunch of discussion of these on the list but no
consensus declarations from the chairs. These are easy to change
in the draft once the chairs make the call.

As always, comments welcome.


P.S. NSS will be skipping draft-17 and going right to -18. This
should happen before Seoul.