Separating Crypto Negotiation and Communication
draft-kuehlewind-taps-crypto-sep-03

Document Type Expired Internet-Draft (individual)
Last updated 2019-01-01 (latest revision 2018-06-30)
Replaces draft-kuehlewind-crypto-sep
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-kuehlewind-taps-crypto-sep-03.txt

Abstract

Secure transport protocols often consist of three logically distinct components: transport, control (handshake), and record protection. Typically, such a protocol contains a single module that is responsible for all three functions. However, in many cases, this coupling is unnecessary. For example, while cryptographic context and endpoint capabilities need to be known before encrypted application data can be sent on a specific transport connection, there is otherwise no technical constraint that a cryptographic handshake must be performed on said connection. This document recommends a logical separation between transport, control, and record components of secure transport protocols. We compare existing protocols such as Transport Layer Security, QUIC, and IKEv2+ESP in the context of this logical separation.

Authors

Mirja K├╝hlewind (mirja.kuehlewind@tik.ee.ethz.ch)
Tommy Pauly (tpauly@apple.com)
Christopher Wood (cawood@apple.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)