diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md index 3d8f5d03..29fa3f79 100644 --- a/draft-ietf-tls-rfc8446bis.md +++ b/draft-ietf-tls-rfc8446bis.md @@ -517,7 +517,7 @@ specific technical changes: - Forbid negotiating TLS 1.0 and 1.1 as they are now deprecated by {{!RFC8996}}. -- Removes ambiguity around which hash is used with PreSharedKeys and +- Removes ambiguity around which hash is used with PreSharedKeys and HelloRetryRequest. - Require that clients ignore NewSessionTicket if they do not @@ -1568,16 +1568,15 @@ Random value to the bytes: 44 4F 57 4E 47 52 44 01 -If negotiating TLS 1.1 or below, TLS 1.3 servers MUST, and TLS 1.2 -servers SHOULD, set the last 8 bytes of their ServerHello.Random value to the +{{RFC8996}} and {{backward-compatibility-security}} forbid +the negotiation of TLS versions below 1.2. However, server +implementations which do not follow that guidance MUST +set the last 8 bytes of their ServerHello.random value to the bytes: 44 4F 57 4E 47 52 44 00 -Note that {{RFC8996}} and {{backward-compatibility-security}} forbid -the negotation of TLS versions below 1.2; implementations which do not -follow that guidance MUST behave as described above. TLS 1.3 clients receiving a ServerHello indicating TLS 1.2 or below MUST check that the last 8 bytes are not equal to either of these values. @@ -3931,7 +3930,7 @@ There are cryptographic limits on the amount of plaintext which can be safely encrypted under a given set of keys. {{AEAD-LIMITS}} provides an analysis of these limits under the assumption that the underlying primitive (AES or ChaCha20) has no weaknesses. Implementations MUST -either close the connection or +either close the connection or do a key update as described in {{key-update}} prior to reaching these limits. Note that it is not possible to perform a KeyUpdate for early data and therefore implementations MUST not exceed the limits @@ -6122,7 +6121,7 @@ Since -05 - Reference RFC 8773 (PR 1296) - Add some more information about application bindings and cite 6125-bis (PR 1297) - + Since -04 * Update the extension table (Issue 1241) @@ -6446,7 +6445,7 @@ Since -00 Brian Smith Independent brian@briansmith.org - + Ben Smyth Ampersand www.bensmyth.com