TLS及其擴展標準的編號整理

轉自：http://en.wikipedia.org/wiki/Transport_Layer_Security

Extensions[edit]

Other RFCs subsequently extended TLS.

Extensions to TLS 1.0 include:

• RFC 2595: "Using TLS with IMAP, POP3 and ACAP". Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet.
• RFC 2712: "Addition ofKerberos Cipher Suites to Transport Layer Security (TLS)". The 40-bit cipher suites defined in this memo appear only for the purpose of documenting the fact that those cipher suite codes have already been assigned.
• RFC 2817: "Upgrading to TLS Within HTTP/1.1", explains how to use theUpgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the samewell known port (in this case, http: at 80 rather than https: at 443).
• RFC 2818: "HTTP Over TLS", distinguishes secured traffic from insecure traffic by the use of a different 'server port'.
• RFC 3207: "SMTP Service Extension for Secure SMTP over Transport Layer Security". Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet.
• RFC 3268: "AES Ciphersuites for TLS". AddsAdvanced Encryption Standard (AES) cipher suites to the previously existing symmetric ciphers.
• RFC 3546: "Transport Layer Security (TLS) Extensions", adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions. Made obsolete by RFC 4366.
• RFC 3749: "Transport Layer Security Protocol Compression Methods", specifies the framework for compression methods and theDEFLATE compression method.
• RFC 3943: "Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)".
• RFC 4132: "Addition ofCamellia Cipher Suites to Transport Layer Security (TLS)".
• RFC 4162: "Addition ofSEED Cipher Suites to Transport Layer Security (TLS)".
• RFC 4217: "SecuringFTP with TLS".
• RFC 4279: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", adds three sets of new cipher suites for the TLS protocol to support authentication based on pre-shared keys.

Extensions to TLS 1.1 include:

• RFC 4347: "Datagram Transport Layer Security" specifies a TLS variant that works over datagram protocols (such as UDP).
• RFC 4366: "Transport Layer Security (TLS) Extensions" describes both a set of specific extensions and a generic extension mechanism.
• RFC 4492: "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)".
• RFC 4680: "TLS Handshake Message for Supplemental Data".
• RFC 4681: "TLS User Mapping Extension".
• RFC 4785: "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)".
• RFC 5054: "Using theSecure Remote Password (SRP) Protocol for TLS Authentication". Defines the TLS-SRP ciphersuites.
• RFC 5077: "Transport Layer Security (TLS) Session Resumption without Server-Side State".
• RFC 5081: "UsingOpenPGP Keys for Transport Layer Security (TLS) Authentication", obsoleted byRFC 6091.

Extensions to TLS 1.2 include:

• RFC 5288: "AES Galois Counter Mode (GCM) Cipher Suites for TLS".
• RFC 5289: "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)".
• RFC 5746: "Transport Layer Security (TLS) Renegotiation Indication Extension".
• RFC 5878: "Transport Layer Security (TLS) Authorization Extensions".
• RFC 5932: "Camellia Cipher Suites for TLS"
• RFC 6066: "Transport Layer Security (TLS) Extensions: Extension Definitions", includesServer Name Indication and OCSP stapling.
• RFC 6091: "UsingOpenPGP Keys for Transport Layer Security (TLS) Authentication".
• RFC 6176: "Prohibiting Secure Sockets Layer (SSL) Version 2.0".
• RFC 6209: "Addition of theARIA Cipher Suites to Transport Layer Security (TLS)".
• RFC 6347: "Datagram Transport Layer Security Version 1.2".
• RFC 6367: "Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)".
• RFC 6460: "Suite B Profile for Transport Layer Security (TLS)".
• RFC 6655: "AES-CCM Cipher Suites for Transport Layer Security (TLS)".
• RFC 7027: "Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)".
• RFC 7251: "AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS".
• RFC 7301: "Transport Layer Security (TLS)Application-Layer Protocol Negotiation Extension".
• RFC 7366: "Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)".
• RFC 7465: "Prohibiting RC4 Cipher Suites".

Encapsulations of TLS include:

• RFC 5216: "TheEAP-TLS Authentication Protocol"

§Informational RFCs[edit]

• RFC 7457: "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)"

RFC標準查詢界面：http://www.rfc-editor.org/search/rfc_search_detail.php?title=Pre-Shared+Key&pubstatus%5B%5D=Any&pub_date_type=any

 

TLS標準制定情況：http://datatracker.ietf.org/wg/tls/documents/

 

Q：RFC的標準裏是否有寫明對應一個版本的TLS有哪些具體的擴展？ 如pre-shared TLS就沒有在上述維基百科給出的TLS1.2的擴展中寫明，請問TLS1.2包括這個擴展麼？關心這個問題的原因是，renegotiation在TLS1.3的標準制定中有可能取消，因而想確知擴展對應的版本情況。

 

RFC5246 http://tools.ietf.org/html/rfc5246#section-8.1