Folks, I've just submitted draft-ietf-tls-tls13-14.txt and it should show up on the draft repository shortly. In the meantime you can find the editor's copy in the usual location at:
http://tlswg.github.io/tls13-spec/ The major changes in this document are: * A big restructure to make it read better. I moved the Overview to the beginning and then put the document in a more logical order starting with the handshake and then the record and alerts. * Totally rewrote the section which used to be called "Security Analysis" and is now called "Overview of Security Properties". This section is still kind of a hard hat area, so PRs welcome. In particular, I know I need to beef up the citations for the record layer section. * Removed the 0-RTT EncryptedExtensions and moved ticket_age into the ClientHello. This quasi-reverts a change in -13 that made implementation of 0-RTT kind of a pain. As usual, comments welcome. -Ekr * Allow cookies to be longer (*) * Remove the "context" from EarlyDataIndication as it was undefined and nobody used it (*) * Remove 0-RTT EncryptedExtensions and replace the ticket_age extension with an obfuscated version. Also necessitates a change to NewSessionTicket (*). * Move the downgrade sentinel to the end of ServerHello.Random to accomodate tlsdate (*). * Define ecdsa_sha1 (*). * Allow resumption even after fatal alerts. This matches current practice. * Remove non-closure warning alerts. Require treating unknown alerts as fatal. * Make the rules for accepting 0-RTT less restrictive. * Clarify 0-RTT backward-compatibility rules. * Clarify how 0-RTT and PSK identities interact. * Add a section describing the data limits for each cipher. * Major editorial restructuring. * Replace the Security Analysis section with a WIP draft. (*) indicates changes to the wire protocol which may require implementations to update.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
