Search RFCs
RFC 7627
Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension,September 2015
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 5246
- Authors:
- K. Bhargavan, Ed.
A. Delignat-Lavaud
A. Pironti
A. Langley
M. Ray - Stream:
- IETF
- Source:
- tls (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7627
Discuss this RFC: Send questions or comments to the mailing listtls@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7627
Abstract
The Transport Layer Security (TLS) master secret is notcryptographically bound to important session parameters such as theserver certificate. Consequently, it is possible for an activeattacker to set up two sessions, one with a client and another with aserver, such that the master secrets on the two sessions are thesame. Thereafter, any mechanism that relies on the master secret forauthentication, including session resumption, becomes vulnerable to aman-in-the-middle attack, where the attacker can simply forwardmessages back and forth between the client and server. Thisspecification defines a TLS extension that contextually binds themaster secret to a log of the full handshake that computes it, thuspreventing such attacks.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.