| rfc9916v1.txt | rfc9916.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) D. Dhody | Internet Engineering Task Force (IETF) D. Dhody | |||
| Request for Comments: 9916 Huawei | Request for Comments: 9916 Huawei | |||
| Updates: 8253 S. Turner | Updates: 8253 S. Turner | |||
| Category: Standards Track sn3rd | Category: Standards Track sn3rd | |||
| ISSN: 2070-1721 R. Housley | ISSN: 2070-1721 R. Housley | |||
| Vigil Security | Vigil Security | |||
| January 2026 | January 2026 | |||
| Updates for PCEPS: TLS Connection Establishment Restrictions | Updates to the Usage of TLS to Provide a Secure Transport for the Path | |||
| Computation Element Communication Protocol (PCEP) | ||||
| Abstract | Abstract | |||
| Section 3.4 of RFC 8253 specifies TLS connection establishment | Section 3.4 of RFC 8253 specifies TLS connection establishment | |||
| restrictions for PCEPS; PCEPS refers to usage of TLS to provide a | restrictions for PCEPS; PCEPS refers to usage of TLS to provide a | |||
| secure transport for the Path Computation Element Communication | secure transport for the Path Computation Element Communication | |||
| Protocol (PCEP). This document adds restrictions to specify what | Protocol (PCEP). This document adds restrictions to specify what | |||
| PCEPS implementations do if they support more than one version of the | PCEPS implementations do if they support more than one version of the | |||
| TLS protocol and to restrict the use of TLS 1.3's early data. | TLS protocol and to restrict the use of TLS 1.3's early data. | |||
| skipping to change at line 118 ¶ | skipping to change at line 119 ¶ | |||
| | NOTE: As noted in Section 2.3 of [RFC9846], the security | | NOTE: As noted in Section 2.3 of [RFC9846], the security | |||
| | properties for early data are weaker than those for subsequent | | properties for early data are weaker than those for subsequent | |||
| | TLS-protected data. In particular, early data is not forward | | TLS-protected data. In particular, early data is not forward | |||
| | secret, and there is no protection against the replay of early | | secret, and there is no protection against the replay of early | |||
| | data between connections. Appendix E.5 of [RFC9846] requires | | data between connections. Appendix E.5 of [RFC9846] requires | |||
| | applications not use early data without a profile that defines | | applications not use early data without a profile that defines | |||
| | its use. | | its use. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The security considerations of PCEP [RFC5440], [RFC8231], [RFC8253], | The security considerations of PCEP [RFC5440] [RFC8231] [RFC8253] | |||
| [RFC8281], and [RFC8283]; TLS 1.2 [RFC5246]; TLS 1.3 [RFC9846], and; | [RFC8281] [RFC8283], TLS 1.2 [RFC5246], TLS 1.3 [RFC9846], and TLS/ | |||
| [RFC9325] apply here as well. | DTLS recommendations [RFC9325] apply here as well. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document has no IANA actions. | This document has no IANA actions. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| End of changes. 2 change blocks. | ||||
| 4 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||