Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
draft-ietf-tls-session-hash-06

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    tls mailing list <tls@ietf.org>,
    tls chair <tls-chairs@tools.ietf.org>
Subject: Protocol Action: 'Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension' to Proposed Standard (draft-ietf-tls-session-hash-06.txt)

The IESG has approved the following document:
- 'Transport Layer Security (TLS) Session Hash and Extended Master Secret
   Extension'
  (draft-ietf-tls-session-hash-06.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working
Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/

Ballot Text

Technical Summary

   The Transport Layer Security (TLS) master secret is not
   cryptographically bound to important session parameters such as the
   server certificate.  Consequently, it is possible for an active
   attacker to set up two sessions, one with a client and another with a
   server, such that the master secrets on the two sessions are the
   same.  Thereafter, any mechanism that relies on the master secret for
   authentication, including session resumption, becomes vulnerable to a
   man-in-the-middle attack, where the attacker can simply forward
   messages back and forth between the client and server.  This
   specification defines a TLS extension that contextually binds the
   master secret to a log of the full handshake that computes it, thus
   preventing such attacks.

Working Group Summary
 
  This document has been reviewed by the WG on the mailing list 
   and has been discussed at numerous TLS meetings (both regularly 
   scheduled IETF meeting and TLS interims).  

Document Quality

   It not only reflects WG consensus it documents an implemented solution.

Personnel

   Sean Turner is the document shepherd.
   Stephen Farrell is the irresponsible AD.

RFC Editor Note