Thanks to all who helped to get this published. spt
On Sep 16, 2015, at 13:44, rfc-edi...@rfc-editor.org wrote: > A new Request for Comments is now available in online RFC libraries. > > > RFC 7627 > > Title: Transport Layer Security (TLS) Session > Hash and Extended Master Secret Extension > Author: K. Bhargavan, Ed., A. Delignat-Lavaud, > A. Pironti, A. Langley, M. Ray > Status: Standards Track > Stream: IETF > Date: September 2015 > Mailbox: karthikeyan.bharga...@inria.fr, > antoine.delignat-lav...@inria.fr, > alfredo.piro...@inria.fr, > a...@google.com, > ma...@microsoft.com > Pages: 15 > Characters: 34788 > Updates: RFC 5246 > > I-D Tag: draft-ietf-tls-session-hash-06.txt > > URL: https://www.rfc-editor.org/info/rfc7627 > > DOI: http://dx.doi.org/10.17487/RFC7627 > > The Transport Layer Security (TLS) master secret is not > cryptographically bound to important session parameters such as the > server certificate. Consequently, it is possible for an active > attacker to set up two sessions, one with a client and another with a > server, such that the master secrets on the two sessions are the > same. Thereafter, any mechanism that relies on the master secret for > authentication, including session resumption, becomes vulnerable to a > man-in-the-middle attack, where the attacker can simply forward > messages back and forth between the client and server. This > specification defines a TLS extension that contextually binds the > master secret to a log of the full handshake that computes it, thus > preventing such attacks. > > This document is a product of the Transport Layer Security Working Group of > the IETF. > > This is now a Proposed Standard. > > STANDARDS TRACK: This document specifies an Internet Standards Track > protocol for the Internet community, and requests discussion and suggestions > for improvements. Please refer to the current edition of the Official > Internet Protocol Standards (https://www.rfc-editor.org/standards) for the > standardization state and status of this protocol. Distribution of this > memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > https://www.ietf.org/mailman/listinfo/ietf-announce > https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see https://www.rfc-editor.org/search > For downloading RFCs, see https://www.rfc-editor.org/rfc.html > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-edi...@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
