Rich, Check out SP 800-52r2. Section 3.1 includes the following:
servers … should be configured to negotiate TLS 1.3. and Agencies shall support TLS 1.3 by January 1, 2024. “should” and “shall” are defined in RFC 2119. One could make the case that you are already there ;} If not, then I’m going to guess that SP 800-135r1, which includes a bunch of Application-Specific KDFs (e.g., IKEv2, TLS 1.2) needs a rev. spt > On May 9, 2020, at 09:07, Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> > wrote: > > Sorry for the confusion I caused. > > HKDF is part of SP 800-56C. NIST says that what TLS 1.3 does isn't quite the > same, and therefore will not be covered by 56C. NIST wants to get TLS 1.3 > validated for FIPS, and is currently trying to figure out how to do so. The > comment period for 56C closes Friday, and getting the TLS 1.3 KDF accepted > into that is one way to get TLS 1.3 into FIPS. > > Hope this helps clear things up. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
