Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Transport Layer Security (tls)

WG	Name	Transport Layer Security
	Acronym	tls
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-tls-06 Approved
	Status update	Show Changed 2018-11-07
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	Github Home Page IANA TLS Extension Registry IANA TLS Parameter Registry Wiki Zulip Stream
Personnel	Chairs	Deirdre Connolly, Joseph A. Salowey, Sean Turner
	Area Director	Paul Wouters
Mailing list	Address	[email protected]
	To subscribe	https://www.ietf.org/mailman/listinfo/tls
	Archive	https://mailarchive.ietf.org/arch/browse/tls/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/tls

Charter for Working Group

The TLS (Transport Layer Security) working group was established in 1996 to standardize a 'transport layer' security protocol. The basis for the work was SSL (Secure Socket Layer) v3.0 [RFC6101]. The TLS working group has completed a series of specifications that describe the TLS protocol v1.0 [RFC2246], v1.1 [RFC4346], v1.2 [RFC5246], and v1.3 [RFC8446], and DTLS (Datagram TLS) v1.0 [RFC4347], v1.2 [RFC6347], and v1.3 [draft-ietf-tls-dtls13], as well as extensions to the protocols and ciphersuites.

The working group aims to achieve three goals. First, improve the applicability and suitability of the TLS family of protocols for use in emerging protocols and use cases. This includes extensions or changes that help protocols better use TLS as an authenticated key exchange protocol, or extensions that help protocols better leverage TLS security properties, such as Exported Authenticators. Extensions that focus specifically on protocol extensibility are also in scope. This goal also includes protocol changes that reduce TLS resource consumption without affecting security. Extensions that help reduce TLS handshake size meet this criterion.

The second working group goal is to improve security, privacy, and deployability. This includes, for example, Delegated Credentials and Encrypted SNI. Security and privacy goals will place emphasis on the following:

Encrypt the ClientHello SNI (Server Name Indication) and other application-sensitive extensions, such as ALPN (Application-Layer Protocol Negotiation).
Identify and mitigate other (long-term) user tracking or fingerprinting vectors enabled by TLS deployments and implementations.

The third goal is to maintain current and previous version of the (D)TLS protocol as well as to specify general best practices for use of (D)TLS, extensions to (D)TLS, and cipher suites. This includes recommendations as to when a particular version should be deprecated. Changes or additions to older versions of (D)TLS whether via extensions or ciphersuites are discouraged and require significant justification to be taken on as work items.

The working group will also place a priority in minimizing gratuitous changes to (D)TLS.

Milestones

Date	Milestone	Associated documents
Nov 2021	Submit "Hybrid key exchange in TLS 1.3" to the IESG	draft-stebila-tls-hybrid-design
Jul 2021	Submit "Semi-Static Diffie-Hellman Key Establishment for TLS 1.3" to the IESG	draft-ietf-tls-semistatic-dh
Jul 2021	Submit "Compact TLS 1.3" to the IESG	draft-rescorla-tls-ctls
Mar 2021	Submit "Encrypted Server Name Indication for TLS 1.3" to the IESG	draft-ietf-tls-esni
Nov 2020	Submit "A Flags Extension for TLS 1.3" to the IESG	draft-ietf-tls-tlsflags

Done milestones

Date	Milestone	Associated documents
Done	Submit "Importing External PSKs for TLS" to the IESG	rfc9258 (was draft-ietf-tls-external-psk-importer)
Done	Submit "TLS Ticket Requests" to the IESG	rfc9149 (was draft-ietf-tls-ticketrequests)
Done	Submit "Delegated Credentials for TLS" to the IESG	rfc9345 (was draft-ietf-tls-subcerts)
Done	Submit "Deprecating MD5 and SHA-1 signature hashes in TLS 1.2" to the IESG	rfc9155 (was draft-ietf-tls-md5-sha1-deprecate)