Transport Layer Security (tls) Internet Drafts

	TLS Encrypted Client Hello
	draft-ietf-tls-esni-18.txt   Date: 04/03/2024   Authors: Eric Rescorla, Kazuho Oku, Nick Sullivan, Christopher Wood   Working Group: Transport Layer Security (tls)	This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni).
	A Flags Extension for TLS 1.3
	draft-ietf-tls-tlsflags-13.txt   Date: 16/03/2024   Authors: Yoav Nir   Working Group: Transport Layer Security (tls)	A number of extensions are proposed in the TLS working group that carry no interesting information except the 1-bit indication that a certain optional feature is supported. Such extensions take 4 octets each. This document defines a flags extension that can provide such indications at an average marginal cost of 1 bit each. More precisely, it provides as many flag extensions as needed at 4 + the order of the last set bit divided by 8.
	Hybrid key exchange in TLS 1.3
	draft-ietf-tls-hybrid-design-10.txt   Date: 05/04/2024   Authors: Douglas Stebila, Scott Fluhrer, Shay Gueron   Working Group: Transport Layer Security (tls)	Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken. It is motivated by transition to post-quantum cryptography. This document provides a construction for hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3. Discussion of this work is encouraged to happen on the TLS IETF mailing list tls@ietf.org or on the GitHub repository which contains the draft: https://github.com/dstebila/draft-ietf-tls-hybrid-design.
	Compact TLS 1.3
	draft-ietf-tls-ctls-10.txt   Date: 17/04/2024   Authors: Eric Rescorla, Richard Barnes, Hannes Tschofenig, Benjamin Schwartz   Working Group: Transport Layer Security (tls)	This document specifies a "compact" version of TLS 1.3 and DTLS 1.3. It saves bandwidth by trimming obsolete material, tighter encoding, a template-based specialization technique, and alternative cryptographic techniques. cTLS is not directly interoperable with TLS 1.3 or DTLS 1.3 since the over-the-wire framing is different. A single server can, however, offer cTLS alongside TLS or DTLS.
	The Transport Layer Security (TLS) Protocol Version 1.3
	draft-ietf-tls-rfc8446bis-10.txt   Date: 03/03/2024   Authors: Eric Rescorla   Working Group: Transport Layer Security (tls)	This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes RFCs 5077, 5246, 6961, and 8446. This document also specifies new requirements for TLS 1.2 implementations.
	Return Routability Check for DTLS 1.2 and DTLS 1.3
	draft-ietf-tls-dtls-rrc-11.txt   Date: 01/04/2024   Authors: Hannes Tschofenig, Achim Kraus, Thomas Fossati   Working Group: Transport Layer Security (tls)	This document specifies a return routability check for use in context of the Connection ID (CID) construct for the Datagram Transport Layer Security (DTLS) protocol versions 1.2 and 1.3. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Transport Layer Security Working Group mailing list (tls@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/tls/. Source for this draft and an issue tracker can be found at https://github.com/tlswg/dtls-rrc.
	IANA Registry Updates for TLS and DTLS
	draft-ietf-tls-rfc8447bis-08.txt   Date: 23/01/2024   Authors: Joseph Salowey, Sean Turner   Working Group: Transport Layer Security (tls)	This document updates the changes to TLS and DTLS IANA registries made in RFC 8447. It adds a new value "D" for discouraged to the recommended column of the selected TLS registries. This document updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, 7301, and 8447.
	Abridged Compression for WebPKI Certificates
	draft-ietf-tls-cert-abridge-01.txt   Date: 16/03/2024   Authors: Dennis Jackson   Working Group: Transport Layer Security (tls)	This draft defines a new TLS Certificate Compression scheme which uses a shared dictionary of root and intermediate WebPKI certificates. The scheme smooths the transition to post-quantum certificates by eliminating the root and intermediate certificates from the TLS certificate chain without impacting trust negotiation. It also delivers better compression than alternative proposals whilst ensuring fair treatment for both CAs and website operators. It may also be useful in other applications which store certificate chains, e.g. Certificate Transparency logs.
	Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
	draft-ietf-tls-svcb-ech-01.txt   Date: 27/03/2024   Authors: Benjamin Schwartz, Mike Bishop, Erik Nygren   Working Group: Transport Layer Security (tls)	To use TLS Encrypted ClientHello (ECH) the client needs to learn the ECH configuration for a server before it attempts a connection to the server. This specification provides a mechanism for conveying the ECH configuration information via DNS, using a SVCB or HTTPS record.
	TLS 1.3 Extension for Using Certificates with an External Pre-Shared Key
	draft-ietf-tls-8773bis-01.txt   Date: 09/01/2024   Authors: Russ Housley   Working Group: Transport Layer Security (tls)	This document specifies a TLS 1.3 extension that allows TLS clients and servers to authenticate with a combination of a certificate and an external pre-shared key (PSK).
	Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3
	draft-ietf-tls-tls13-pkcs1-00.txt   Date: 30/11/2023   Authors: David Benjamin, Andrei Popov   Working Group: Transport Layer Security (tls)	This document allocates code points for the use of RSASSA-PKCS1-v1_5 with client certificates in TLS 1.3. This removes an obstacle for some deployments to migrate to TLS 1.3.
	The SSLKEYLOGFILE Format for TLS
	draft-ietf-tls-keylogfile-01.txt   Date: 02/04/2024   Authors: Martin Thomson   Working Group: Transport Layer Security (tls)	A format that supports the logging information about the secrets used in a TLS connection is described. Recording secrets to a file in SSLKEYLOGFILE format allows diagnostic and logging tools that use this file to decrypt messages exchanged by TLS endpoints.
	TLS 1.2 is in Feature Freeze
	draft-ietf-tls-tls12-frozen-00.txt   Date: 03/04/2024   Authors: Rich Salz, Nimrod Aviram   Working Group: Transport Layer Security (tls)	TLS 1.2 is in widespread use and can be configured such that it provides good security properties. TLS 1.3 is also in widespread use and fixes some known deficiencies with TLS 1.2, such as removing error-prone cryptographic primitives and encrypting more of the traffic so that it is not readable by outsiders. Both versions have several extension points, so items like new cryptographic algorithms, new supported groups (formerly "named curves"), etc., can be added without defining a new protocol. This document specifies that outside of urgent security fixes, no new features will be approved for TLS 1.2. This prescription does not pertain to DTLS (in any DTLS version); it pertains to TLS only.

data-group-menu-data-url="/group/groupmenu.json"> Skip to main content