draft-ietf-tls-cached-info-04.txt   draft-ietf-tls-cached-info-05.txt 
INTERNET-DRAFT S. Santesson (3xA Security) INTERNET-DRAFT S. Santesson (3xA Security)
Intended Status: Proposed Standard Intended Status: Proposed Standard
Expires: September 26, 2010 March 25, 2010 Expires: September 27, 2010 March 26, 2010
Transport Layer Security (TLS) Cached Information Extension Transport Layer Security (TLS) Cached Information Extension
<draft-ietf-tls-cached-info-04.txt> <draft-ietf-tls-cached-info-05.txt>
Abstract
This document defines a Transport Layer Security (TLS) extension for
cached information. This extension allows the TLS client to inform a
server of cached information from previous TLS sessions, allowing the
server to omit sending cached static information to the client during
the TLS handshake protocol exchange.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 2, line 5 skipping to change at page 2, line 20
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Abstract
This document defines a Transport Layer Security (TLS) extension for
cached information. This extension allows the TLS client to inform a
server of cached information from previous TLS sessions, allowing the
server to omit sending cached static information to the client during
the TLS handshake protocol exchange.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Cached Information Extension . . . . . . . . . . . . . . . . . 4 2. Cached Information Extension . . . . . . . . . . . . . . . . . 4
4. Extension Exchange . . . . . . . . . . . . . . . . . . . . . . 5 4. Extension Exchange . . . . . . . . . . . . . . . . . . . . . . 5
4.1. Reconnaissance . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Reconnaissance . . . . . . . . . . . . . . . . . . . . . . 5
4.2. Cached Information . . . . . . . . . . . . . . . . . . . . 5 4.2. Cached Information . . . . . . . . . . . . . . . . . . . . 5
5. Data Substitution . . . . . . . . . . . . . . . . . . . . . . . 6 5. Data Substitution . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Data Substitution Syntax for certificate_chain . . . . . . 6 5.1. Data Substitution Syntax for certificate_chain . . . . . . 6
5.2. Data Substitution Syntax for trusted_cas . . . . . . . . . 7 5.2. Data Substitution Syntax for trusted_cas . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
7. Normative References . . . . . . . . . . . . . . . . . . . . . 8 8. Normative References . . . . . . . . . . . . . . . . . . . . . 8
Annex A - 64 bit FNV Digest . . . . . . . . . . . . . . . . . . . . 9 Annex A - 64 bit FNV-1 Digest . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
TLS handshakes often include fairly static information such as server TLS handshakes often include fairly static information such as server
certificate and a list of trusted Certification Authorities (CAs). certificate and a list of trusted Certification Authorities (CAs).
Static information such as a server certificate can be of Static information such as a server certificate can be of
considerable size. This is the case in particular if the server considerable size. This is the case in particular if the server
certificate is bundled with a complete certificate path, including certificate is bundled with a complete certificate path, including
all intermediary certificates up to the trust anchor public key. all intermediary certificates up to the trust anchor public key.
skipping to change at page 4, line 33 skipping to change at page 4, line 33
struct { struct {
CachedInformationType type; CachedInformationType type;
opaque digest_value<0..8>; opaque digest_value<0..8>;
} CachedObject; } CachedObject;
struct { struct {
CachedObject cached_info<1..2^16-1>; CachedObject cached_info<1..2^16-1>;
} CachedInformation; } CachedInformation;
The digest_value of a CachedObject MUST either be empty (0 bytes) or The digest_value of a CachedObject MUST either be empty (0 bytes) or
contain a 64 bit FNV digest (8 bytes) as specified in Annex A. contain a 64 bit FNV digest (8 bytes) as specified in Annex A. The 64
bit integer is represented as an 8 byte digest_value in big-endian
order (with most significant bits in the first byte and least
significant bits in the last byte).
When CachedInformationType identifies certificate_chain, then When CachedInformationType identifies certificate_chain, then
digest_value MUST include a digest calculated over the digest_value MUST include a digest calculated over the
certificate_list element of a server side Certificate message. certificate_list element of a server side Certificate message,
excluding the three length bytes of the certificate_list vector.
When CachedInformationType identifies trusted_cas, then digest_value When CachedInformationType identifies trusted_cas, then digest_value
MUST include a digest calculated over the certificate_authorities MUST include a digest calculated over the certificate_authorities
element of a server side CertificateRequest message. element of a server side CertificateRequest message, excluding the
two length bytes of the certificate_authorities vector.
Other specifications MAY define more CachedInformationType types. Other specifications MAY define more CachedInformationType types.
4. Extension Exchange 4. Extension Exchange
4.1. Reconnaissance 4.1. Reconnaissance
A client MAY include an empty cached_information extension (with A client MAY include an empty cached_information extension (with
empty extension_data field) in its (extended) client hello to query empty extension_data field) in its (extended) client hello to query
whether the server supports cached information. whether the server supports cached information.
skipping to change at page 6, line 30 skipping to change at page 6, line 33
Each CachedInformationType MUST specify how actual data is replaced Each CachedInformationType MUST specify how actual data is replaced
by a digest in a way that does not violate the defined syntax of by a digest in a way that does not violate the defined syntax of
existing handshake messages. the data exchange syntax for existing handshake messages. the data exchange syntax for
certificate_chain(1) and trusted_cas(2) are provided below. certificate_chain(1) and trusted_cas(2) are provided below.
The server MUST NOT provide more than one digest value as The server MUST NOT provide more than one digest value as
substitution for the cached data. substitution for the cached data.
5.1. Data Substitution Syntax for certificate_chain 5.1. Data Substitution Syntax for certificate_chain
When a digest for an object of type trusted_cas is provided in the When a digest for an object of type certificate_chain is provided in
client hello, the server MAY substitute the cached data with a the client hello, the server MAY substitute the cached data with a
matching digest value received from the client by expanding the matching digest value received from the client by expanding the
Certificate handshake message as follows. Certificate handshake message as follows.
Original handshake message syntax defined in RFC 5246 [RFC5246]: Original handshake message syntax defined in RFC 5246 [RFC5246]:
opaque ASN.1Cert<1..2^24-1>; opaque ASN.1Cert<1..2^24-1>;
struct { struct {
ASN.1Cert certificate_list<0..2^24-1>; ASN.1Cert certificate_list<0..2^24-1>;
} Certificate; } Certificate;
Substitution syntax is defined by expanding the definition of the Substitution syntax is defined by expanding the definition of the
opaque ASN.1Cert structure: opaque ASN.1Cert structure:
DigestInfo ASN.1Cert<1..2^24-1>;
struct { struct {
opaque digest_value<0..8>; opaque digest_value<0..8>;
} ASN.1Cert } DigestInfo;
5.2. Data Substitution Syntax for trusted_cas 5.2. Data Substitution Syntax for trusted_cas
When a digest for an object of type trusted_cas is provided in the When a digest for an object of type trusted_cas is provided in the
client hello, the server MAY substitute the cached data with a client hello, the server MAY substitute the cached data with a
matching digest value received from the client by expanding the matching digest value received from the client by expanding the
CertificateRequest handshake message as follows. CertificateRequest handshake message as follows.
Original handshake message syntax defined in RFC 5246 [RFC5246]: Original handshake message syntax defined in RFC 5246 [RFC5246]:
skipping to change at page 7, line 26 skipping to change at page 7, line 29
struct { struct {
ClientCertificateType certificate_types<1..2^8-1>; ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>; supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>; DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest } CertificateRequest
The substitution syntax is defined by expanding the definition of the The substitution syntax is defined by expanding the definition of the
opaque DistinguishedName structure: opaque DistinguishedName structure:
DigestInfo DistinguishedName<1..2^16-1>;
struct { struct {
opaque digest_value<0..8>; opaque digest_value<0..8>;
} DistinguishedName } DigestInfo;
5. Security Considerations 6. Security Considerations
The digest algorithm used in this specification is required to have The digest algorithm used in this specification is required to have
reasonable random properties in order to provide reasonably unique reasonable random properties in order to provide reasonably unique
identifiers. There is no requirement that this digest algorithm must identifiers. There is no requirement that this digest algorithm must
have strong collision resistance. A non unique digest may at most have strong collision resistance. A non unique digest may at most
lead to a failed TLS handshake followed by a new attempt without the lead to a failed TLS handshake followed by a new attempt without the
cached information extension. There are no identified security cached information extension. There are no identified security
threats that require the selected digest algorithm to have strong threats that require the selected digest algorithm to have strong
collision resistance. collision resistance.
6. IANA Considerations 7. IANA Considerations
1) Create an entry, cached_information(TBD), in the existing registry 1) Create an entry, cached_information(TBD), in the existing registry
for ExtensionType (defined in RFC 5246 [RFC5246]). for ExtensionType (defined in RFC 5246 [RFC5246]).
2) Establish a registry for TLS CachedInformationType values. The 2) Establish a registry for TLS CachedInformationType values. The
first entries in the registry are certificate_chain(1) and first entries in the registry are certificate_chain(1) and
trusted_cas(2). TLS CachedInformationType values in the inclusive trusted_cas(2). TLS CachedInformationType values in the inclusive
range 0-63 (decimal) are assigned via RFC 5226 [RFC5226] Standards range 0-63 (decimal) are assigned via RFC 5226 [RFC5226] Standards
Action. Values from the inclusive range 64-223 (decimal) are Action. Values from the inclusive range 64-223 (decimal) are
assigned via RFC 5226 Specification Required. Values from the assigned via RFC 5226 Specification Required. Values from the
inclusive range 224-255 (decimal) are reserved for RFC 5226 inclusive range 224-255 (decimal) are reserved for RFC 5226
Private Use. Private Use.
7. Normative References 8. Normative References
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997 Requirement Levels", BCP 14, RFC 2119, March 1997
[RFC5226] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA [RFC5226] T. Narten, H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 5226, May 2008 Considerations Section in RFCs", RFC 5226, May 2008
[RFC5246] T. Dierks, E. Rescorla, "The Transport Layer Security [RFC5246] T. Dierks, E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008 (TLS) Protocol Version 1.2", RFC 5246, August 2008
[RFC4366] S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, T. [RFC4366] S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, T.
Wright, "Transport Layer Security (TLS) Extensions", RFC Wright, "Transport Layer Security (TLS) Extensions", RFC
4366, April 2006 4366, April 2006
NOTE: RFC 4366 will be updated by RFC4366bis, currently in IESG NOTE: RFC 4366 will be updated by RFC4366bis, currently in IESG
process. process.
Annex A - 64 bit FNV Digest Annex A - 64 bit FNV-1 Digest
FNV-1 digest algorithm is a non-cryptographic hash function created FNV-1 digest algorithm is a non-cryptographic hash function created
by Glenn Fowler, Landon Curt Noll, and Phong Vo. The FNV digest by Glenn Fowler, Landon Curt Noll, and Phong Vo. The FNV digest
algorithms and sample FNV source code have been released into the algorithms and sample FNV source code have been released into the
public domain. public domain.
The FNV-1 digest is generated as follows: The FNV-1 digest is generated as follows:
digest = FNV_offset_basis digest = FNV_offset_basis
for each octet_of_data to be digested for each octet_of_data to be digested
 End of changes. 16 change blocks. 
25 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/