datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Transport Layer Security (TLS) Extensions
RFC 3546

Document type: RFC - Proposed Standard (June 2003)
Obsoleted by RFC 4366
Updates RFC 2246
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3546 (Proposed Standard)
Responsible AD: Steven Bellovin
Send notices to: <treese@acm.org>

Network Working Group                                    S. Blake-Wilson
Request for Comments: 3546                                           BCI
Updates: 2246                                                 M. Nystrom
Category: Standards Track                                   RSA Security
                                                              D. Hopwood
                                                  Independent Consultant
                                                            J. Mikkelsen
                                                         Transactionware
                                                               T. Wright
                                                                Vodafone
                                                               June 2003

               Transport Layer Security (TLS) Extensions

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document describes extensions that may be used to add
   functionality to Transport Layer Security (TLS).  It provides both
   generic extension mechanisms for the TLS handshake client and server
   hellos, and specific extensions using these generic mechanisms.

   The extensions may be used by TLS clients and servers.  The
   extensions are backwards compatible - communication is possible
   between TLS 1.0 clients that support the extensions and TLS 1.0
   servers that do not support the extensions, and vice versa.

Conventions used in this Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119
   [KEYWORDS].

Blake-Wilson, et. al.       Standards Track                     [Page 1]
RFC 3546                     TLS Extensions                    June 2003

Table of Contents

   1.  Introduction .............................................  2
   2.  General Extension Mechanisms .............................  4
       2.1. Extended Client Hello ...............................  5
       2.2. Extended Server Hello ...............................  5
       2.3. Hello Extensions ....................................  6
       2.4. Extensions to the handshake protocol ................  7
   3.  Specific Extensions ......................................  8
       3.1. Server Name Indication ..............................  8
       3.2. Maximum Fragment Length Negotiation ................. 10
       3.3. Client Certificate URLs ............................. 11
       3.4. Trusted CA Indication ............................... 14
       3.5. Truncated HMAC ...................................... 15
       3.6. Certificate Status Request........................... 16
   4. Error alerts .............................................. 18
   5. Procedure for Defining New Extensions...................... 20
   6.  Security Considerations .................................. 21
       6.1. Security of server_name ............................. 21
       6.2. Security of max_fragment_length ..................... 21
       6.3. Security of client_certificate_url .................. 22
       6.4. Security of trusted_ca_keys ......................... 23
       6.5. Security of truncated_hmac .......................... 23
       6.6. Security of status_request .......................... 24
   7.  Internationalization Considerations ...................... 24
   8.  IANA Considerations ...................................... 24
   9.  Intellectual Property Rights ............................. 26
   10. Acknowledgments .......................................... 26
   11. Normative References ..................................... 27
   12. Informative References ................................... 28
   13. Authors' Addresses ....................................... 28
   14. Full Copyright Statement ................................. 29

1. Introduction

   This document describes extensions that may be used to add
   functionality to Transport Layer Security (TLS).  It provides both
   generic extension mechanisms for the TLS handshake client and server
   hellos, and specific extensions using these generic mechanisms.

   TLS is now used in an increasing variety of operational environments

[include full document text]