Transport Layer Security (TLS) Extensions
RFC 3546
Document | Type |
RFC - Proposed Standard
(June 2003; No errata)
Obsoleted by RFC 4366
Updates RFC 2246
|
|
---|---|---|---|
Authors | Simon Blake-Wilson , Jan Mikkelsen , Magnus Nystrom , David Hopwood , Tim Wright | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3546 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Steven Bellovin | ||
Send notices to | <treese@acm.org> |
Network Working Group S. Blake-Wilson Request for Comments: 3546 BCI Updates: 2246 M. Nystrom Category: Standards Track RSA Security D. Hopwood Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone June 2003 Transport Layer Security (TLS) Extensions Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document describes extensions that may be used to add functionality to Transport Layer Security (TLS). It provides both generic extension mechanisms for the TLS handshake client and server hellos, and specific extensions using these generic mechanisms. The extensions may be used by TLS clients and servers. The extensions are backwards compatible - communication is possible between TLS 1.0 clients that support the extensions and TLS 1.0 servers that do not support the extensions, and vice versa. Conventions used in this Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [KEYWORDS]. Blake-Wilson, et. al. Standards Track [Page 1] RFC 3546 TLS Extensions June 2003 Table of Contents 1. Introduction ............................................. 2 2. General Extension Mechanisms ............................. 4 2.1. Extended Client Hello ............................... 5 2.2. Extended Server Hello ............................... 5 2.3. Hello Extensions .................................... 6 2.4. Extensions to the handshake protocol ................ 7 3. Specific Extensions ...................................... 8 3.1. Server Name Indication .............................. 8 3.2. Maximum Fragment Length Negotiation ................. 10 3.3. Client Certificate URLs ............................. 11 3.4. Trusted CA Indication ............................... 14 3.5. Truncated HMAC ...................................... 15 3.6. Certificate Status Request........................... 16 4. Error alerts .............................................. 18 5. Procedure for Defining New Extensions...................... 20 6. Security Considerations .................................. 21 6.1. Security of server_name ............................. 21 6.2. Security of max_fragment_length ..................... 21 6.3. Security of client_certificate_url .................. 22 6.4. Security of trusted_ca_keys ......................... 23 6.5. Security of truncated_hmac .......................... 23 6.6. Security of status_request .......................... 24 7. Internationalization Considerations ...................... 24 8. IANA Considerations ...................................... 24 9. Intellectual Property Rights ............................. 26 10. Acknowledgments .......................................... 26 11. Normative References ..................................... 27 12. Informative References ................................... 28 13. Authors' Addresses ....................................... 28 14. Full Copyright Statement ................................. 29 1. Introduction This document describes extensions that may be used to add functionality to Transport Layer Security (TLS). It provides both generic extension mechanisms for the TLS handshake client and server hellos, and specific extensions using these generic mechanisms. TLS is now used in an increasing variety of operational environments - many of which were not envisioned when the original design criteria for TLS were determined. The extensions introduced in this document are designed to enable TLS to operate as effectively as possible in new environments like wireless networks.Show full document text