Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have implemented draft-ietf-tls-extractor-06 in the TLS v1.0 implementation in OpenSSL. I found the draft easy to implement with no ambiguities or concerns. I believe that the functionality provided by the draft will be extremely valuable for building application-level security protocols and encourage its standardization.

It is my interpretation of the draft that it can be implemented in any version of TLS, not just TLS v1.2. Obviously the derived key may be different if the underlying TLS PRF is defined differently (as it is for TLS v1.2), but the draft is still well-defined for previous versions of TLS.

For those interested in the OpenSSL implementation, I have posted a page on my website with the patch.
	http://www.douglas.stebila.ca/code/keying-material-exporters/
In addition to a patch for OpenSSL, I have also done patches to Apache and PHP to expose a PHP function that allows a PHP application to derive keying material from the underlying TLS connection according to the draft specification.

Douglas

On 2009-Jul-21, at 2:48 AM, The IESG wrote:

The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:

- 'Keying Material Exporters for Transport Layer Security (TLS) '
  <draft-ietf-tls-extractor-06.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2009-08-10. Exceptionally,
comments may be sent to iesg@xxxxxxxx instead. In either case, please
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt


IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0

_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]