Skip to main content

Suite B Profile for Transport Layer Security (TLS)
RFC 5430

Revision differences

Document history

Date Rev. By Action
2022-05-11
11 (System) Received changes through RFC Editor sync (removed Errata tag)
2022-05-10
11 (System) Received changes through RFC Editor sync (added Errata tag)
2018-08-01
11 (System) Received changes through RFC Editor sync (changed standardization level to Historic)
2018-05-29
11 Amy Vezza New status of Historic approved by the IESG
https://datatracker.ietf.org/doc/status-change-suiteb-to-historic/
2015-10-14
11 (System) Notify list changed from housley@vigilsec.com, ekr@rtfm.com, msalter@restarea.ncsc.mil, draft-rescorla-tls-suiteb@ietf.org to (None)
2012-08-22
11 (System) post-migration administrative database adjustment to the Yes position for Pasi Eronen
2011-01-13
(System)
Posted related IPR disclosure: Certicom's Statement of IPR Related to RFC 4492, RFC 5289, RFC 5430, RFC 4754, RFC 4869, …
Posted related IPR disclosure: Certicom's Statement of IPR Related to RFC 4492, RFC 5289, RFC 5430, RFC 4754, RFC 4869, RFC 4109, RFC 5656, RFC 3278, RFC 5753, RFC 5754, RFC 5008, draft-igoe-secsh-suiteb-02
2009-05-27
(System)
2009-05-18
(System)
2009-03-27
11 Cindy Morgan State Changes to RFC Published from RFC Ed Queue by Cindy Morgan
2009-03-27
11 Cindy Morgan [Note]: 'RFC 5430' added by Cindy Morgan
2009-03-19
11 (System) RFC published
2008-11-25
11 (System) IANA Action state changed to No IC from In Progress
2008-11-25
11 (System) IANA Action state changed to In Progress
2008-11-25
11 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2008-11-25
11 Cindy Morgan IESG state changed to Approved-announcement sent
2008-11-25
11 Cindy Morgan IESG has approved the document
2008-11-25
11 Cindy Morgan Closed "Approve" ballot
2008-11-17
11 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to Yes from Discuss by Pasi Eronen
2008-11-17
11 (System) New version available: draft-rescorla-tls-suiteb-11.txt
2008-11-11
11 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Steve Hanna.
2008-11-07
11 (System) Removed from agenda for telechat - 2008-11-06
2008-11-06
11 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2008-11-06
11 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2008-11-06
11 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2008-11-06
11 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-11-06
11 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2008-11-05
11 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2008-11-05
11 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2008-11-05
11 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2008-11-05
11 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2008-11-05
11 Pasi Eronen
[Ballot discuss]
I've reviewed this document earlier, but re-checking version -10
vs. RFC 5246 found couple of nits (and one errata for RFC 5246, …
[Ballot discuss]
I've reviewed this document earlier, but re-checking version -10
vs. RFC 5246 found couple of nits (and one errata for RFC 5246,
unfortunately -- RFC Editor errata ID #1585).

In Section 4.3, the text "While the key exchange algorithm used in
TLS_ECDHE_ECDSA-collection of cipher suites require the server's
certificate to be signed with a particular signature scheme" is
true only for TLS 1.0/1.1, not TLS 1.2.

In Section 4.4, the text should probably say that a Suite B compliant
TLS version 1.2 or later server MUST select either SHA-256+ECDSA or
SHA-384+ECDSA for the signature in the ServerKeyExchange message.
(TLS 1.0/1.1 will use SHA-1+ECDSA, though.)

Section 4.3/4.4 specifies the requirements for server's signatures;
should the document have similar requirements for client's signatures?
E.g. say that Suite B compliant TLS 1.2 or later server MUST include
SHA-256+ECDSA and/or SHA-384+ECDSA in the supported_signature_algorithms
field of the CertificateRequest message, and a Suite B compliant TLS 1.2
or later client MUST select either SHA-256+ECDSA or SHA-384+ECDSA for
the signature in the CertificateVerify message?
2008-11-05
11 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2008-10-31
10 (System) New version available: draft-rescorla-tls-suiteb-10.txt
2008-10-30
(System)
Posted related IPR disclosure: Certicom's Statement about IPR related to RFC 4346, RFC 5246, RFC 5289, RFC 4492, RFC 2409, …
Posted related IPR disclosure: Certicom's Statement about IPR related to RFC 4346, RFC 5246, RFC 5289, RFC 4492, RFC 2409, RFC 4306, RFC 4754, RFC 4753, RFC 4869, RFC 4253, RFC 2633, RFC 3278, RFC 4347, RFC 4366, RFC 4109, RFC 4252, RFC 3850, RFC 3851, RFC 5008, draft-ietf-tls-rfc43...
2008-10-23
11 Russ Housley [Ballot Position Update] New position, Recuse, has been recorded by Russ Housley
2008-10-23
11 Tim Polk State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Tim Polk
2008-10-23
11 Tim Polk Placed on agenda for telechat - 2008-11-06 by Tim Polk
2008-10-23
11 Tim Polk [Ballot Position Update] New position, Yes, has been recorded for Tim Polk
2008-10-23
11 Tim Polk Ballot has been issued by Tim Polk
2008-10-23
11 Tim Polk Created "Approve" ballot
2008-10-23
11 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-10-22
09 (System) New version available: draft-rescorla-tls-suiteb-09.txt
2008-10-14
08 (System) New version available: draft-rescorla-tls-suiteb-08.txt
2008-10-03
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Steve Hanna
2008-10-03
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Steve Hanna
2008-10-03
11 Samuel Weiler Assignment of request for Last Call review by SECDIR to Paul Hoffman was rejected
2008-10-02
07 (System) New version available: draft-rescorla-tls-suiteb-07.txt
2008-09-30
11 Amanda Baber IANA Last Call comments:

As described in the IANA Considerations section, we understand
this document to have NO IANA Actions.
2008-09-26
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Paul Hoffman
2008-09-26
11 Samuel Weiler Request for Last Call review by SECDIR is assigned to Paul Hoffman
2008-09-25
11 Cindy Morgan Last call sent
2008-09-25
11 Cindy Morgan State Changes to In Last Call from Last Call Requested by Cindy Morgan
2008-09-25
11 Tim Polk State Changes to Last Call Requested from Publication Requested by Tim Polk
2008-09-25
11 Tim Polk Last Call was requested by Tim Polk
2008-09-25
11 (System) Ballot writeup text was added
2008-09-25
11 (System) Last call text was added
2008-09-25
11 (System) Ballot approval text was added
2008-09-18
11 Amy Vezza
Document Shepherd Write-Up for draft-rescorla-tls-suiteb-06.txt

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the document …
Document Shepherd Write-Up for draft-rescorla-tls-suiteb-06.txt

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the document
and, in particular, does he or she believe this version is ready
for forwarding to the IESG for publication?

Russ Housley is the Document Shepherd and co-author.


(1.b) Has the document had adequate review both from key members of
the interested community and others? Does the Document Shepherd
have any concerns about the depth or breadth of the reviews that
have been performed?

The document is intended for publication as an Informational RFC.
It has been reviewed by several community members. There are
no concerns about the depth or breadth of those reviews.


(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective, e.g.,
security, operational complexity, someone familiar with AAA,
internationalization or XML?

No concerns.


(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he or
she is uncomfortable with certain parts of the document, or has
concerns whether there really is a need for it. In any event, if
the interested community has discussed those issues and has
indicated that it still wishes to advance the document, detail
those concerns here.

No concerns.


(1.e) How solid is the consensus of the interested community behind
this document? Does it represent the strong concurrence of a few
individuals, with others being silent, or does the interested
community as a whole understand and agree with it?

This document explains the requirements for a TLS implementation
to be considered "Suite B conformant". There is strong consensus
from the people that are defining that term.


(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No.


(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are not
enough; this check needs to be thorough. Has the document met all
formal review criteria it needs to, such as the MIB Doctor, media
type and URI type reviews?

Yes. ID-Checklist and ID-Nits are both satisfied. There is no
need for any formal review from the MIB Doctors or any other such
group.


(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that are
not ready for advancement or are otherwise in an unclear state?
If such normative references exist, what is the strategy for their
completion? Are there normative references that are downward
references, as described in [RFC3967]? If so, list these downward
references to support the Area Director in the Last Call procedure
for them [RFC3967].

References are split. All referenced documents are already RFCs.


(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body of
the document? If the document specifies protocol extensions, are
reservations requested in appropriate IANA registries? Are the
IANA registries clearly identified? If the document creates a new
registry, does it define the proposed initial contents of the
registry and an allocation procedure for future registrations?
Does it suggested a reasonable name for the new registry? See
[RFC5226]. If the document describes an Expert Review process has
the Shepherd conferred with the Responsible Area Director so that
the IESG can appoint the needed Expert during the IESG Evaluation?

No IANA actions are required.


(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML code,
BNF rules, MIB definitions, etc., validate correctly in an
automated checker?

No formal language is used.


(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Writeup? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

The United States Government has published guidelines for
"NSA Suite B Cryptography", which defines cryptographic
algorithm policy for national security applications. This
document defines a profile of TLS which is conformant with
Suite B.

Working Group Summary

This document is not the product of any IETF working group.

Document Quality

This document explains the requirements for a TLS implementation
to be considered "Suite B conformant". There is strong consensus
from the people that are defining that term.
2008-09-18
11 Amy Vezza Draft Added by Amy Vezza in state Publication Requested
2008-09-17
06 (System) New version available: draft-rescorla-tls-suiteb-06.txt
2008-09-16
05 (System) New version available: draft-rescorla-tls-suiteb-05.txt
2008-09-13
04 (System) New version available: draft-rescorla-tls-suiteb-04.txt
2008-09-05
03 (System) New version available: draft-rescorla-tls-suiteb-03.txt
2008-04-14
02 (System) New version available: draft-rescorla-tls-suiteb-02.txt
2007-06-04
01 (System) New version available: draft-rescorla-tls-suiteb-01.txt
2006-12-14
00 (System) New version available: draft-rescorla-tls-suiteb-00.txt