The Transport Layer Security (TLS) Protocol Version 1.3
draft-ietf-tls-tls13-28

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-tls13@ietf.org, Sean Turner <sean@sn3rd.com>, Kathleen.Moriarty.ietf@gmail.com, tls-chairs@ietf.org, rfc-editor@rfc-editor.org, sean@sn3rd.com, tls@ietf.org
Subject: Protocol Action: 'The Transport Layer Security (TLS) Protocol Version 1.3' to Proposed Standard (draft-ietf-tls-tls13-28.txt)

The IESG has approved the following document:
- 'The Transport Layer Security (TLS) Protocol Version 1.3'
  (draft-ietf-tls-tls13-28.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/


Technical Summary

   This document specifies version 1.3 of the Transport Layer Security
   (TLS) protocol.  TLS allows client/server applications to communicate
   over the Internet in a way that is designed to prevent eavesdropping,
   tampering, and message forgery.

Working Group Summary

  The document is the work product of the members of the TLS
  WG.  There is strong consensus in the working group for this
  document.  The area that was most controversial was around
  the inclusion of a 0-RTT mode that has different security
  properties than the rest of TLS.  s1.3 lists the major differences
  from TLS1.2, as agreed by the contributors; we do not think
  that the RFC needs to list the changes that occurred between
  each draft.

  The draft has had 3 WGLCs to address various issues and the
  chairs assessment was fair in each of these discussions.  At this
  point there are no known outstanding issue.

  While I personally do not agree with inclusion of 0-RTT because
  there are bound to be successful attacks against the mitigations
  in the future, I do agree with the chair's assessment of the WG
  consensus and am pleased with the additional text on mitigating
  the associated risks with 0-RTT.

Document Quality

  There are over 10 interoperable implementations of the
  protocol from different sources written in different
  languages.  The major web browser vendors and TLS
  libraries vendors have draft implementations or have
  indicated they will support the protocol in the future.  In
  addition to having extensive review in the TLS working
  group, the protocol has received unprecedented security
  review by the academic community.  Several TRON (TLS
  Ready or Not) conferences were held with academic
  community to give them a chance to present their
  findings for TLS.  This has resulted in improvements to
  the protocol.  There was also much consideration and 
  discussion around any contentious points, resolved through
  polls and working group last calls.

  Please note that ID-nits complains about the obsoleted/
  updated RFCs not being listed in the abstract. This is
  intentional because the abstract is now a concise and
  comprehensive overview and is free form citations, as
  per RFC7322.

Personnel

   The Document Shepherd is Sean Turner.
   The responsible AD is Kathleen Moriarty.
   
   The IANA Expert(s) for the registries
   in this document are 
     Yoav Nir <ynir.ietf@gmail.com>, 
     Rich Salz <rsalz@akamai.com>, and 
     Nick Sullivan <nick@cloudflare.com> .

IANA Note

  This document requests the creation of the TLS SignatureScheme
  Registry with values assigned via Specification Required [RFC8126].

  This document requests the reference for several registries be 
  updated to point to this document.  The registries include:
  - TLS Cipher Suite Registry, updated via via Specification Required [RFC8126]
  - TLS ContentType Registry, future values allocated via Standards Action [RFC8126]
  - TLS Alert Registry, future values allocated via Standards Action [RFC8126]
  - TLS HandshakeType Registry, future values allocated via Standards Action [RFC8126]
  - TLS ExtensionType Registry, the policy is changed in ietf-tls-iana-registry-updates and this will be reflected in version 25 of the draft

RFC Editor Note

Please ensure a reference is added prior to final publication for the
text added in section
E.6. PSK Identity Exposure
of draft-ietf-tls-tls13