Skip to main content

IETF conflict review for draft-sheffer-tls-pinning-ticket

The information below is for an old version of the document.
Document Conflict review draft-sheffer-tls-pinning-ticket-12 ISE stream Snapshot
Last updated 2019-06-13
State Approved No Problem - announcement to be sent
IESG Responsible AD Benjamin Kaduk
Send notices to Adrian Farrel <>,
The IESG has concluded that this work is related to IETF work done in WG TLS,
but this relationship does not prevent publishing.

Additionally, the IESG requests the following note be added to the document if
it is published:

The cryptographic construction used in this document to derive a
pinning_protection_key from an existing resumption_protection_key (e.g., one
that is shared across a cluster of servers authoritative for the same domain)
reuses the same long-term cryptographic key for both bulk encryption (of TLS
session tickets) and as the PRK input to HMAC [RFC2104] via the HKDF-Expand()
[RFC5689] construction.  This reuse of key material without an intermediate
derivation step has not undergone extensive cryptanalysis and may introduce
unforseen weaknesses for both the original session-ticket encryption usage
[RFC5077] and the new usage proposed in this document.