Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add text about TLS 1.3 0-rtt #17

Closed
jordan2175 opened this issue Nov 17, 2017 · 2 comments
Closed

Add text about TLS 1.3 0-rtt #17

jordan2175 opened this issue Nov 17, 2017 · 2 comments
Labels
Status: Closed Done Target: TAXII-2.1 Type: Bug
Projects
TAXII-2.1
Milestone
2.1-CSD01-WD01

Comments

@jordan2175
Copy link

We need to add clarifying text to TAXII 2.1 about not using TLS 1.3 0-rtt. I would suggest we use the following text. "Implementations MUST NOT use TLS 1.3 0-rtt for TAXII". The reason for this is the known security implications with 0-rtt with REST based protocols. These are well documented in the IETF TLS 1.3 document.
@jordan2175
Copy link
Author

Added suggested text in section 8.2.2

@MarkDavidson
Copy link

Can a link be provided to the appropriate document/section?

@jordan2175 jordan2175 added this to the TAXII-2.1-CSD01 milestone Feb 22, 2018
@jordan2175 jordan2175 added this to Done in TAXII-2.1 Feb 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Closed Done Target: TAXII-2.1 Type: Bug
Projects
No open projects
TAXII-2.1
  
Done
Milestone
2.1-CSD01-WD01
Development

No branches or pull requests
2 participants
@MarkDavidson @jordan2175