Folks, I've just posted draft-08 which includes the changes discussed on-list to require digital signatures from the client even if you are re-using a previous configuration in 0-RTT (per WG discussion).
This version also includes a bunch of other cleanup, as detailed below: - Remove support for weak and lesser used named curves. - Remove support for MD5 and SHA-224 hashes with signatures. - Revise list of currently available AEAD cipher suites. - Reduce maximum permitted record expansion for AEAD from 2048 to 256 octets. - Require digital signatures even when a previous configuration is used. - Merge EarlyDataIndication and KnownConfiguration. - Change code point for server_configuration to avoid collision with server_hello_done. As usual, comments welcome. If you think I missed something important please let me know and/or file a github issue so I don't forget it this time. I thought it might be useful for people to know what's coming in upcoming drafts. 1. As I mentioned in Prague, I plan to do a fairly significant restructuring/editorial effort to make things easier to read. This will include: - Reordering the text to put the overview first. - Cleaning up or removing obsolete/redundant material (e.g., the now really old security analysis) - General editorial cleanup. 1. The intention is to produce a cleaned-up draft that doesn't have any major technical changes (optimally no technical changes) but is significantly easier to read. I'm targeting that for early September. I'll keep a github branch up to date on this in case people want to see how it's going. 2. In parallel I'll be starting threads on the list to try to resolve a number of open technical issues. Hopefully we can deal with a bunch of this on the list and get the rest on-deck for the interim in SEA. Depending on the timeline and the number of issues we resolve, I may do a -09 and then have -10 be the rewrite, or -09 may just be the rewrite. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
