draft-ietf-kitten-tls-channel-bindings-for-tls13-06.txt   draft-ietf-kitten-tls-channel-bindings-for-tls13-07.txt 
Transport Layer Security S. Whited Transport Layer Security S. Whited
Internet-Draft 26 May 2021 Internet-Draft 26 May 2021
Updates: 5801, 5802, 5929, 8446 (if approved) Updates: 5801, 5802, 5929, 8446 (if approved)
Intended status: Standards Track Intended status: Standards Track
Expires: 27 November 2021 Expires: 27 November 2021
Channel Bindings for TLS 1.3 Channel Bindings for TLS 1.3
draft-ietf-kitten-tls-channel-bindings-for-tls13-06 draft-ietf-kitten-tls-channel-bindings-for-tls13-07
Abstract Abstract
This document defines a channel binding type, tls-exporter, that is This document defines a channel binding type, tls-exporter, that is
compatible with TLS 1.3 in accordance with RFC 5056, On Channel compatible with TLS 1.3 in accordance with RFC 5056, On Channel
Binding. Furthermore it updates the "default" channel binding to the Binding. Furthermore it updates the "default" channel binding to the
new binding for versions of TLS greater than 1.2. This document new binding for versions of TLS greater than 1.2. This document
updates [RFC5801], [RFC5802], [RFC5929], and [RFC8446]. updates RFC5801, RFC5802, RFC5929, and RFC8446.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
skipping to change at page 3, line 7 skipping to change at page 3, line 7
exporters for TLS as defined in [RFC5705] and [RFC8446] section 7.5 exporters for TLS as defined in [RFC5705] and [RFC8446] section 7.5
by supplying the following inputs: by supplying the following inputs:
Label: The ASCII string "EXPORTER-Channel-Binding" with no Label: The ASCII string "EXPORTER-Channel-Binding" with no
terminating NUL. terminating NUL.
Context value: Empty context value. Context value: Empty context value.
Length: 32 bytes. Length: 32 bytes.
In previous versions of TLS the "tls-unique" channel binding type was SCRAM [RFC5802] defines "tls-unique" as the default channel binding
defined as the default channel binding if no mechanism was defined to use over TLS. As "tls-unique" is not defined for TLS 1.3 (and
for negotiating a different channel binding. Because "tls-unique" is greater), this document updates [RFC5802] to use "tls-exporter" as
not defined for TLS 1.3, the default channel binding mechanism for the default channel binding to use over TLS 1.3 (and greater).
TLS versions 1.3 and greater MUST be "tls-exporter".
3. Security Considerations 3. Security Considerations
Channel bindings do not leak secret information about the channel and Channel bindings do not leak secret information about the channel and
are considered public. Implementations MUST NOT use the channel are considered public. Implementations MUST NOT use the channel
binding to protect secret information. binding to protect secret information.
The Security Considerations sections of [RFC5056], [RFC5705], and The Security Considerations sections of [RFC5056], [RFC5705], and
[RFC8446] apply to this document. [RFC8446] apply to this document.
skipping to change at page 4, line 5 skipping to change at page 4, line 5
Types" registry: Types" registry:
Subject: Registration of channel binding tls-exporter Subject: Registration of channel binding tls-exporter
Channel binding unique prefix: tls-exporter Channel binding unique prefix: tls-exporter
Channel binding type: unique Channel binding type: unique
Channel type: TLS [RFC8446] Channel type: TLS [RFC8446]
Published specification: draft-ietf-kitten-tls-channel-bindings-for- Published specification: draft-ietf-kitten-tls-channel-bindings-for-
tls13-06 tls13-07
Channel binding is secret: no Channel binding is secret: no
Description: The EKM value obtained from the current TLS connection. Description: The EKM value obtained from the current TLS connection.
Intended usage: COMMON Intended usage: COMMON
Person and email address to contact for further information: Sam Person and email address to contact for further information: Sam
Whited <sam@samwhited.com>. Whited <sam@samwhited.com>.
 End of changes. 4 change blocks. 
8 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/