Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension (RFC7627)
Original Publication Date: 2015-Sep-01
Included in the Prior Art Database: 2016-Feb-04
Internet Society Requests For Comment (RFCs)
K. Bhargavan: AUTHOR [+6]
In TLS [RFC5246], every session has a "master_secret" computed as:
Internet Engineering Task Force (IETF) K. Bhargavan, Ed. Request for Comments: 7627 A. Delignat-Lavaud Updates: 5246 A. Pironti Category: Standards Track Inria Paris-Rocquencourt ISSN: 2070-1721 A. Langley Google Inc. M. Ray Microsoft Corp. September 2015
Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
The Transport Layer Security (TLS) master secret is not cryptographically bound to important session parameters such as the server certificate. Consequently, it is possible for an active attacker to set up two sessions, one with a client and another with a server, such that the master secrets on the two sessions are the same. Thereafter, any mechanism that relies on the master secret for authentication, including session resumption, becomes vulnerable to a man-in-the-middle attack, where the attacker can simply forward messages back and forth between the client and server. This specification defines a TLS extension that contextually binds the master secret to a log of the full handshake that computes it, thus preventing such attacks.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7627.
al. Standards Track [Page 1]
RFC 7627 TLS Session Hash Extension September 2015
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.