TLS 1.2 Update for Long-term Support
draft-gutmann-tls-lts-07

Document Type Active Internet-Draft (individual)
Last updated 2017-02-05
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
TLS Working Group                                             P. Gutmann
Internet-Draft                                    University of Auckland
Intended status: Standards Track                        February 5, 2017
Expires: August 9, 2017

                  TLS 1.2 Update for Long-term Support
                        draft-gutmann-tls-lts-07

Abstract

   This document specifies an update of TLS 1.2 for long-term support on
   systems that can have multi-year or even decade-long update cycles,
   one that incoporates as far as possible what's already deployed for
   TLS 1.2 but with the security holes and bugs fixed.  This document
   also recognises the fact that there is a huge amount of TLS use
   outside the web content-delivery environment with its resource-rich
   hardware and software that can be updated whenever required and
   provides a long-term stable, known-good version that can be deployed
   to systems that can't roll out ongoing changes on a continuous basis.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 9, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect

Gutmann                  Expires August 9, 2017                 [Page 1]
Internet-Draft                   TLS-LTS                   February 2017

   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
   2.  TLS-LTS Negotiation . . . . . . . . . . . . . . . . . . . . .   3
   3.  TLS-LTS . . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Encryption/Authentication . . . . . . . . . . . . . . . .   4
     3.2.  Message Formats . . . . . . . . . . . . . . . . . . . . .   6
     3.3.  Miscellaneous . . . . . . . . . . . . . . . . . . . . . .   7
     3.4.  Implementation Issues . . . . . . . . . . . . . . . . . .   8
     3.5.  Use of TLS Extensions . . . . . . . . . . . . . . . . . .  11
     3.6.  Downgrade Attack Prevention . . . . . . . . . . . . . . .  13
     3.7.  Rationale . . . . . . . . . . . . . . . . . . . . . . . .  13
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .  14
     4.1.  Security Properties Provided by TLS-LTS . . . . . . . . .  15
     4.2.  Security Properties Not Provided by TLS-LTS . . . . . . .  15
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  16
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  16
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  17
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  19

1.  Introduction

   TLS [2] and DTLS [5], by nature of their enormous complexity and the
   inclusion of large amounts of legacy material, contain numerous
   security issues that have been known to be a problem for many years
   and that keep coming up again and again in attacks (there are too
   many of these to provide references for in the standard manner, and
   in any case more will have been published by the time you read this).
   This document presents a minimal, known-good set of mechanisms that
   defend against all currently-known weaknesses in TLS, that would have
   defended against them ten years ago, and that have a good chance of
   defending against them ten years from now, providing the long-term
   stability that's required by many systems in the field.  This long-
Show full document text