Using TLS in Applications (uta) Internet Drafts

      
 TLS/DTLS 1.3 Profiles for the Internet of Things
 
 draft-ietf-uta-tls13-iot-profile-09.txt
 Date: 03/03/2024
 Authors: Hannes Tschofenig, Thomas Fossati, Michael Richardson
 Working Group: Using TLS in Applications (uta)
 This document is a companion to RFC 7925 and defines TLS/DTLS 1.3 profiles for Internet of Things devices. It also updates RFC 7925 with regards to the X.509 certificate profile. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/thomas-fossati/draft-tls13-iot.
 Updates to the Cipher Suites in Secure Syslog
 
 draft-ietf-uta-ciphersuites-in-sec-syslog-05.txt
 Date: 21/09/2023
 Authors: Chris Lonvick, Sean Turner, Joseph Salowey
 Working Group: Using TLS in Applications (uta)
 The Syslog Working Group published two specifications, namely RFC 5425 and RFC 6012, for securing the Syslog protocol using TLS and DTLS, respectively. This document updates the cipher suites in RFC 5425, Transport Layer Security (TLS) Transport Mapping for Syslog, and RFC 6012, Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog. It also updates the transport protocol in RFC 6012.

data-group-menu-data-url="/group/groupmenu.json">

Using TLS in Applications (uta)

WG Name Using TLS in Applications
Acronym uta
Area Security Area (sec)
State Active
Charter charter-ietf-uta-01 Approved
Document dependencies
Additional resources Issue tracker
Issue tracker for MTA-STS drafts
Wiki
Zulip Stream
Personnel Chairs Alan DeKok, Valery Smyslov
Area Director Paul Wouters
Mailing list Address uta@ietf.org
To subscribe https://www.ietf.org/mailman/listinfo/uta
Archive https://mailarchive.ietf.org/arch/browse/uta/
Chat Room address https://zulip.ietf.org/#narrow/stream/uta

Charter for Working Group

There is a renewed and urgent interest in the IETF to increase the security of transmissions over the Internet. Many application protocols have defined methods for using TLS to authenticate the server (and sometimes the client), and to encrypt the connection between the client and server. However, there is a diversity of definitions and requirements, and that diversity has caused confusion for application developers and also has led to lack of interoperability or lack of deployment. Implementers and deployers are faced with multiple security issues in real-world usage of TLS, which currently does not preclude insecure ciphers and modes of operation.

This WG has the following tasks:

  • Update the definitions for using TLS over a set of representative application protocols. This includes communication with proxies, between servers, and between peers, where appropriate, in addition to client/server communication.

  • Specify a set of best practices for TLS clients and servers, including but not limited to recommended versions of TLS, using forward secrecy, and one or more ciphersuites and extensions that are mandatory to implement.

  • Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved.

  • Create a document that helps application protocol developers use TLS in future application definitions.

The initial set of representative application protocols is SMTP, POP, IMAP, XMPP, and HTTP 1.1. It is expected that other protocols that use TLS might later be updated using the guidelines from this WG, and that those updates will happen through other WGs or through individual submissions.

The WG will make the fewest changes needed to achieve good interoperable security for the applications using TLS. No changes to TLS itself will be made in this WG, and the WG will ensure that changes to current versions of popular TLS libaries will not be required to conform to the WG's specifications.

This WG will collaborate with other IETF WGs, in particular with the TLS and DANE WGs.

Milestones

Date Milestone Associated documents
Mar 2024 TLS/DTLS 1.3 Profiles for IoT to IETF LC draft-ietf-uta-tls13-iot-profile

Done milestones

Date Milestone Associated documents
Done Updates to the Cipher Suites in Secure Syslog to IETF LC draft-ietf-uta-ciphersuites-in-sec-syslog
Done Representation and Verification of Domain-Based Application Service Identity within Internet PKI Using X.509 Certificates in the Context of TLS (rfc6125-bis) to IETF LC draft-ietf-uta-rfc6125bis
Done Recommendations for Secure Use of TLS and DTLS (rfc7525-bis) to IETF LC draft-ietf-uta-rfc7525bis
Done Use of TLS for Email Submission and Access to IETF LC