Record Size Limit Extension for TLS
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, Sean Turner <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Record Size Limit Extension for Transport Layer Security (TLS)' to Proposed Standard (draft-ietf-tls-record-limit-03.txt) The IESG has approved the following document: - 'Record Size Limit Extension for Transport Layer Security (TLS)' (draft-ietf-tls-record-limit-03.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Benjamin Kaduk and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-record-limit/
Technical Summary This draft defines a TLS extension to negotiate the maximum size of protected records that each peers sends. This mechanism replaces the maximum fragment length extension defined in RFC 6066. It’s standards track because it updates RFC 6066, which is a Proposed Standard. Working Group Summary The draft was very well received by the WG, resulting in minimal, minor comments. Unlike other TLS-related topics, this WG settled on a solution quickly and consensus was very easily found. Document Quality This document received careful review from several participants, including pointing out some subtle edge cases and differences between TLS 1.2 and TLS 1.3 that got resolved in the document. Personnel Sean Turner is the document shepherd. Benjamin Kaduk is the responsible Area Director.
RFC Editor Note Two late-breaking changes, both in Section 1: OLD Implementing Transport Layer Security (TLS) [TLS] or Datagram TLS (DTLS) [DTLS] constrained devices can be challenging. However, NEW Implementing Transport Layer Security (TLS) [TLS] or Datagram TLS (DTLS) [DTLS] for constrained devices can be challenging. However, OLD authenticated data until the entire record is present. Incremental processing of records could expose endpoints to the risk of forged data. NEW authenticated data until the entire record is present. Incremental processing of records exposes endpoints to the risk of forged data.