[TLS] I-D Action: draft-ietf-tls-rfc4492bis-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security of the IETF. Title : Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier Authors : Yoav Nir Simon Josefsson Manuel Pegourie-Gonnard Filename: draft-ietf-tls-rfc4492bis-11.txt Pages : 32 Date: 2017-01-11 Abstract: This document describes key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol. In particular, it specifies the use of Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the use of Elliptic Curve Digital Signature Algorithm (ECDSA) and Edwards Digital Signature Algorithm (EdDSA) as authentication mechanisms. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc4492bis-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-rfc4492bis-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security of the IETF. Title : Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier Authors : Yoav Nir Simon Josefsson Manuel Pegourie-Gonnard Filename: draft-ietf-tls-rfc4492bis-10.txt Pages : 32 Date: 2017-01-11 Abstract: This document describes key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol. In particular, it specifies the use of Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the use of Elliptic Curve Digital Signature Algorithm (ECDSA) and Edwards Digital Signature Algorithm (EdDSA) as authentication mechanisms. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc4492bis-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] ISE needs reviewer(s) for draft-harkins-tls-dragonfly
Hi TLS experts: Dan Harkins has submitted this draft to the Independent Stream. I already have one review for it, but I need one or two more. Please could anyone on this (TLS) list please take a look at it, and send me their comments? Cheers, Nevil (Independent Submissions Editor) -- Nevil Brownlee (ISE), rfc-...@rfc-editor.org ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] I-D Action: draft-ietf-tls-dnssec-chain-extension-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security of the IETF. Title : A DANE Record and DNSSEC Authentication Chain Extension for TLS Authors : Melinda Shore Richard Barnes Shumon Huque Willem Toorop Filename: draft-ietf-tls-dnssec-chain-extension-02.txt Pages : 14 Date: 2017-01-11 Abstract: This draft describes a new TLS extension for transport of a DNS record set serialized with the DNSSEC signatures needed to authenticate that record set. The intent of this proposal is to allow TLS clients to perform DANE authentication of a TLS server certificate without needing to perform additional DNS record lookups. It will typically not be used for general DNSSEC validation of TLS endpoint names. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-dnssec-chain-extension/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-tls-dnssec-chain-extension-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-dnssec-chain-extension-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] FW: New Version Notification for draft-jay-tls-psk-identity-extension-02.txt
Hi All A new extension is proposed for [D]TLS1.2 and its lower version(not for [D]TLS1.3), to send PSKID in client hello msg instead of client key exchange msg. Using this extension, client can send its list of PSKIDs to server in its hello msg and server can select any one of them and respond in its hello msg. - With the help of this extn, PSK cipher handshake can be completed in 1RTT. Messages exchanged are similar to resumption. - For DHE_PSK, RSA_PSK and ECDHE_PSK ciphers, PSKID in client hello msg gives additional information to server for cipher negotiation. If unknown PSKIDs are present, then server can select any NON PSK cipher or fail at that place only (instead of failing in finished message verification). Already we received interest and review comments from Nikos Mavrogiannopoulos, David Woodhouse and Andreas Walz. Based on that we have submitted the 3rd version of this document. I am requesting other members of this group also to look into and provide comments for further improvements. Regards, Raja Ashok V K Huawei Technologies Bangalore, India http://www.huawei.com 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁 止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中 的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -Original Message- From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] Sent: 17 December 2016 04:11 To: Raja ashok; Raja ashok; Jayaraghavendran Kuppannan Subject: New Version Notification for draft-jay-tls-psk-identity-extension-02.txt A new version of I-D, draft-jay-tls-psk-identity-extension-02.txt has been successfully submitted by Raja Ashok V K and posted to the IETF repository. Name: draft-jay-tls-psk-identity-extension Revision: 02 Title: TLS/DTLS PSK Identity Extension Document date: 2016-12-15 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-jay-tls-psk-identity-extension-02.txt Status: https://datatracker.ietf.org/doc/draft-jay-tls-psk-identity-extension/ Htmlized: https://tools.ietf.org/html/draft-jay-tls-psk-identity-extension-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-jay-tls-psk-identity-extension-02 Abstract: Pre-Shared Key (PSK) based Key Exchange Mechanism is primarily used in constrained environments where resource intensive Asymmetric Cryptography cannot be used. In the Internet of Things (IoT) deployments, constrained devices are commonly used for collecting data via sensors for use in home automation, smart energy etc. In this context, DTLS is being considered as the primary protocol for communication security at the application layer and in some cases, it is also being considered for network access authentication. This document provides a specification for a new extension for Optimizing DTLS and TLS Handshake when the Pre-Shared Key (PSK) based Key Exchange is used. This extension is aimed at reducing the number of messages exchanged and the RTT of the TLS & DTLS Handshakes. Hi, I am submitting my 3rd version of our draft(draft-jay-tls-psk-identity-extension) in TLS working group. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
