1. Summary
Ever heard of the “triple handshake attack”
(https://www.secure-resumption.com/)? If not that’s okay because the draft
explains the attack and documents an implemented solution that
cryptographically bind the master secret to a log of the full handshake. This
document is bound for standards track (even though the header doesn’t indicate
so) because it’s a TLS extension.
Please note this draft applies to all version of TLS prior to 1.3. TLS 1.3 is
going to also going to adopt this work directly into its draft.
Sean Turner is the document shepherd and Stephen Farrell is our über Area
Director!
2. Review and Consensus
This document has been reviewed by the WG on the mailing list and has been
discussed at numerous TLS meetings (both regularly scheduled IETF meeting and
TLS interims). It not only reflects WG consensus it documents an implemented
solution.
3. Intellectual Property
[Confirming this as of 2015-03-13]
The shepherd has confirmed the author's direct, personal knowledge of any IPR
related to this document has already been disclosed, in conformance with BCPs
78 and 79.
4. Other Points
DOWNREFs: None.
IANA Considerations: An early IANA code point assignment was made for this
registry. When published IANA will make this permanent. The instructions for
IANA are well documented.