A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
Authors : Karthikeyan Bhargavan
Antoine Delignat-Lavaud
Alfredo Pironti
Adam Langley
Marsh Ray
Filename : draft-bhargavan-tls-session-hash-01.txt
Pages : 8
Date : 2014-07-21
Abstract:
The Transport Layer Security (TLS) master secret is not
cryptographically bound to important session parameters such as the
client and server identities. Consequently, it is possible for an
active attacker to set up two sessions, one with a client and another
with a server such that the master secrets on the two sessions are
the same. Thereafter, any mechanism that relies on the master secret
for authentication, including renegotiation after session resumption,
becomes vulnerable to a man-in-the-middle attack, where the attacker
can simply forward messages back and forth between the client and
server. This specification defines a TLS extension that contextually
binds the master secret to a log of the full handshake that computes
it, thus preventing such attacks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-bhargavan-tls-session-hash/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-bhargavan-tls-session-hash-01
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-bhargavan-tls-session-hash-01
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
