Record Size Limit Extension for TLS
draft-ietf-tls-record-limit-03

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-record-limit@ietf.org, tls-chairs@ietf.org, Sean Turner <sean@sn3rd.com>, tls@ietf.org, rfc-editor@rfc-editor.org, sean@sn3rd.com, kaduk@mit.edu
Subject: Protocol Action: 'Record Size Limit Extension for Transport Layer Security (TLS)' to Proposed Standard (draft-ietf-tls-record-limit-03.txt)

The IESG has approved the following document:
- 'Record Size Limit Extension for Transport Layer Security (TLS)'
  (draft-ietf-tls-record-limit-03.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Benjamin Kaduk and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-record-limit/

Ballot Text

Technical Summary

This draft defines a TLS extension to negotiate the maximum size of protected records that each peers sends.
This mechanism replaces the maximum fragment length extension defined in RFC 6066.
It’s standards track because it updates RFC 6066, which is a Proposed Standard.

Working Group Summary

The draft was very well received by the WG, resulting in minimal, minor comments.
Unlike other TLS-related topics, this WG settled on a solution quickly and consensus was very easily found.

Document Quality

This document received careful review from several participants, including pointing out
some subtle edge cases and differences between TLS 1.2 and TLS 1.3 that got resolved in the
document.

Personnel

Sean Turner is the document shepherd.
Benjamin Kaduk is the responsible Area Director.

RFC Editor Note

RFC Editor Note

  Two late-breaking changes, both in Section 1:

OLD
   Implementing Transport Layer Security (TLS) [TLS] or Datagram TLS
   (DTLS) [DTLS] constrained devices can be challenging.  However,

NEW
   Implementing Transport Layer Security (TLS) [TLS] or Datagram TLS
   (DTLS) [DTLS] for constrained devices can be challenging.  However,

OLD
   authenticated data until the entire record is present.  Incremental
   processing of records could expose endpoints to the risk of forged
   data.

NEW
   authenticated data until the entire record is present.  Incremental
   processing of records exposes endpoints to the risk of forged
   data.