Internet-Draft draft-ietf-tls-extended-key-update-01.txt is now available. It
is a work item of the Transport Layer Security (TLS) WG of the IETF.
Title: Extended Key Update for Transport Layer Security (TLS) 1.3
Authors: Hannes Tschofenig
Michael Tüxen
Tirumaleswar Reddy
Steffen Fries
Yaroslav Rosomakho
Name: draft-ietf-tls-extended-key-update-01.txt
Pages: 16
Dates: 2024-10-19
Abstract:
The Transport Layer Security (TLS) 1.3 specification offers a
dedicated message to update cryptographic keys during the lifetime of
an ongoing session. The traffic secret and the initialization vector
are updated directionally but the sender may trigger the recipient,
via the request_update field, to transmit a key update message in the
reverse direction.
In environments where sessions are long-lived, such as industrial IoT
or telecommunication networks, this key update alone is insufficient
since forward secrecy is not offered via this mechanism. Earlier
versions of TLS allowed the two peers to perform renegotiation, which
is a handshake that establishes new cryptographic parameters for an
existing session. When a security vulnerability with the
renegotiation mechanism was discovered, RFC 5746 was developed as a
fix. Renegotiation has, however, been removed from version 1.3
leaving a gap in the feature set of TLS.
This specification defines an extended key update that supports
forward secrecy.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-update-01.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-extended-key-update-01
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
