Hi, We have published version -08 of *draft-ietf-tls-extended-key-update*.
This revision incorporates feedback received during recent WG discussions and reviews, and includes several technical updates and clarifications, including changes to the EKU message exchange, DTLS handling, traffic key updates, and exporter behavior. The revision also addresses MitM attacks and updates the Security Considerations accordingly. The state machines in the Appendix have been updated to reflect these changes, and an overview of Security Goals has been added. Further comments and suggestions are welcome. Best regards, -Tiru ---------- Forwarded message --------- From: <[email protected]> Date: Wed, 14 Jan 2026 at 10:52 Subject: New Version Notification for draft-ietf-tls-extended-key-update-08.txt To: Tirumaleswar Reddy.K <[email protected]>, Michael Tüxen < [email protected]>, Hannes Tschofenig <[email protected]>, Hannes Tschofenig <[email protected]>, Steffen Fries < [email protected]>, Yaroslav Rosomakho <[email protected]>, < [email protected]> A new version of Internet-Draft draft-ietf-tls-extended-key-update-08.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-ietf-tls-extended-key-update Revision: 08 Title: Extended Key Update for Transport Layer Security (TLS) 1.3 Date: 2026-01-14 Group: tls Pages: 39 URL: https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-update-08.txt Status: https://datatracker.ietf.org/doc/draft-ietf-tls-extended-key-update/ HTML: https://www.ietf.org/archive/id/draft-ietf-tls-extended-key-update-08.html HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-tls-extended-key-update Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-extended-key-update-08 Abstract: TLS 1.3 ensures forward secrecy by performing an ephemeral Diffie- Hellman key exchange during the initial handshake, protecting past communications even if a party's long-term keys (typically a private key with a corresponding certificate) are later compromised. While the built-in KeyUpdate mechanism allows application traffic keys to be refreshed during a session, it does not incorporate fresh entropy from a new key exchange and therefore does not provide post- compromise security. This limitation can pose a security risk in long-lived sessions, such as those found in industrial IoT or telecommunications environments. To address this, this specification defines an extended key update mechanism that performs a fresh Diffie-Hellman exchange within an active session, thereby ensuring post-compromise security. By forcing attackers to exfiltrate new key material repeatedly, this approach mitigates the risks associated with static key compromise. Regular renewal of session keys helps contain the impact of such compromises. The extension is applicable to both TLS 1.3 and DTLS 1.3. The IETF Secretariat
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
