draft-ietf-tls-tls13-25.txt   draft-ietf-tls-tls13-26.txt 
Network Working Group E. Rescorla Network Working Group E. Rescorla
Internet-Draft RTFM, Inc. Internet-Draft RTFM, Inc.
Obsoletes: 5077, 5246, 6961 (if March 02, 2018 Obsoletes: 5077, 5246, 6961 (if March 04, 2018
approved) approved)
Updates: 4492, 5705, 6066 (if approved) Updates: 4492, 5705, 6066 (if approved)
Intended status: Standards Track Intended status: Standards Track
Expires: September 3, 2018 Expires: September 5, 2018
The Transport Layer Security (TLS) Protocol Version 1.3 The Transport Layer Security (TLS) Protocol Version 1.3
draft-ietf-tls-tls13-25 draft-ietf-tls-tls13-26
Abstract Abstract
This document specifies version 1.3 of the Transport Layer Security This document specifies version 1.3 of the Transport Layer Security
(TLS) protocol. TLS allows client/server applications to communicate (TLS) protocol. TLS allows client/server applications to communicate
over the Internet in a way that is designed to prevent eavesdropping, over the Internet in a way that is designed to prevent eavesdropping,
tampering, and message forgery. tampering, and message forgery.
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 3, 2018. This Internet-Draft will expire on September 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 7, line 14 skipping to change at page 7, line 14
server: The endpoint which did not initiate the TLS connection. server: The endpoint which did not initiate the TLS connection.
1.2. Change Log 1.2. Change Log
RFC EDITOR PLEASE DELETE THIS SECTION. RFC EDITOR PLEASE DELETE THIS SECTION.
(*) indicates changes to the wire protocol which may require (*) indicates changes to the wire protocol which may require
implementations to update. implementations to update.
draft-26 - Clarify that you can't negotiate pre-TLS 1.3 with
supported_versions.
draft-25 - Add the header to additional data (*) draft-25 - Add the header to additional data (*)
- Minor clarifications. - Minor clarifications.
- IANA cleanup. - IANA cleanup.
draft-24 draft-24
- Require that CH2 have version 0303 (*) - Require that CH2 have version 0303 (*)
skipping to change at page 7, line 51 skipping to change at page 8, line 5
- Allow resumption with a different SNI (*) - Allow resumption with a different SNI (*)
- Padding extension can change on HRR (*) - Padding extension can change on HRR (*)
- Allow an empty ticket_nonce (*) - Allow an empty ticket_nonce (*)
- Remove requirement to immediately respond to close_notify with - Remove requirement to immediately respond to close_notify with
close_notify (allowing half-close) close_notify (allowing half-close)
draft-21
- Add a per-ticket nonce so that each ticket is associated with a - Add a per-ticket nonce so that each ticket is associated with a
different PSK (*). different PSK (*).
- Clarify that clients should send alerts with the handshake key if - Clarify that clients should send alerts with the handshake key if
possible. possible.
- Update state machine to show rekeying events - Update state machine to show rekeying events
- Add discussion of 0-RTT and replay. Recommend that - Add discussion of 0-RTT and replay. Recommend that
implementations implement some anti-replay mechanism. implementations implement some anti-replay mechanism.
skipping to change at page 13, line 48 skipping to change at page 14, line 5
- Change HKDF labeling to include protocol version and value - Change HKDF labeling to include protocol version and value
lengths. lengths.
- Shift the final decision to abort a handshake due to incompatible - Shift the final decision to abort a handshake due to incompatible
certificates to the client rather than having servers abort early. certificates to the client rather than having servers abort early.
- Deprecate SHA-1 with signatures. - Deprecate SHA-1 with signatures.
- Add MTI algorithms. - Add MTI algorithms.
draft-08
- Remove support for weak and lesser used named curves. - Remove support for weak and lesser used named curves.
- Remove support for MD5 and SHA-224 hashes with signatures. - Remove support for MD5 and SHA-224 hashes with signatures.
- Update lists of available AEAD cipher suites and error alerts. - Update lists of available AEAD cipher suites and error alerts.
- Reduce maximum permitted record expansion for AEAD from 2048 to - Reduce maximum permitted record expansion for AEAD from 2048 to
256 octets. 256 octets.
- Require digital signatures even when a previous configuration is - Require digital signatures even when a previous configuration is
skipping to change at page 43, line 30 skipping to change at page 43, line 30
"supported_versions" extension to determine client preferences. "supported_versions" extension to determine client preferences.
Servers MUST only select a version of TLS present in that extension Servers MUST only select a version of TLS present in that extension
and MUST ignore any unknown versions that are present in that and MUST ignore any unknown versions that are present in that
extension. Note that this mechanism makes it possible to negotiate a extension. Note that this mechanism makes it possible to negotiate a
version prior to TLS 1.2 if one side supports a sparse range. version prior to TLS 1.2 if one side supports a sparse range.
Implementations of TLS 1.3 which choose to support prior versions of Implementations of TLS 1.3 which choose to support prior versions of
TLS SHOULD support TLS 1.2. Servers should be prepared to receive TLS SHOULD support TLS 1.2. Servers should be prepared to receive
ClientHellos that include this extension but do not include 0x0304 in ClientHellos that include this extension but do not include 0x0304 in
the list of versions. the list of versions.
A server which negotiates TLS 1.3 MUST respond by sending a A server which negotiates a version of TLS prior to TLS 1.3 MUST set
"supported_versions" extension containing the selected version value ServerHello.version and MUST NOT send the "supported_versions"
(0x0304). It MUST set the ServerHello.legacy_version field to 0x0303 extension. A server which negotiates TLS 1.3 MUST respond by sending
(TLS 1.2). Clients MUST check for this extension prior to processing a "supported_versions" extension containing the selected version
the rest of the ServerHello (although they will have to parse the value (0x0304). It MUST set the ServerHello.legacy_version field to
ServerHello in order to read the extension). If this extension is 0x0303 (TLS 1.2). Clients MUST check for this extension prior to
present, clients MUST ignore the ServerHello.legacy_version value and processing the rest of the ServerHello (although they will have to
MUST use only the "supported_versions" extension to determine the parse the ServerHello in order to read the extension). If this
selected version. If the "supported_versions" extension contains a extension is present, clients MUST ignore the
version not offered by the client, the client MUST abort the ServerHello.legacy_version value and MUST use only the
handshake with an "illegal_parameter" alert. "supported_versions" extension to determine the selected version. If
the "supported_versions" extension contains a version not offered by
the client or contains a version prior to TLS 1.3, the client MUST
abort the handshake with an "illegal_parameter" alert.
4.2.1.1. Draft Version Indicator 4.2.1.1. Draft Version Indicator
RFC EDITOR: PLEASE REMOVE THIS SECTION RFC EDITOR: PLEASE REMOVE THIS SECTION
While the eventual version indicator for the RFC version of TLS 1.3 While the eventual version indicator for the RFC version of TLS 1.3
will be 0x0304, implementations of draft versions of this will be 0x0304, implementations of draft versions of this
specification SHOULD instead advertise 0x7f00 | draft_version in the specification SHOULD instead advertise 0x7f00 | draft_version in the
ServerHello and HelloRetryRequest "supported_versions" extension. ServerHello and HelloRetryRequest "supported_versions" extension.
For instance, draft-17 would be encoded as the 0x7f11. This allows For instance, draft-17 would be encoded as the 0x7f11. This allows
 End of changes. 8 change blocks. 
18 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/