IETF Working Group on Transport Layer Security (TLS)

Last modified: 14 August 2002

Quick Links

Official Charter

Mailing List Info

About the Working Group

Pending Documents

Completed Documents

Discussion Items

Past Meetings

Welcome to the home page of the Transport Layer Security working group of the IETF. TLS is the IETF standardization of the Secure Sockets Layer (SSL).


Mailing List Information

The TLS mailing list is ietf-tls@lists.certicom.com. To subscribe, send a message with the word "subscribe" in the body to ietf-tls-request@lists.certicom.com The mailing list is archived at http://www.imc.org/ietf-tls/mail-archive A complete archive is also available as a single file.


About the Working Group

The TLS working group is chaired by Win Treese <treese@acm.org>. The Security Area Directors are Jeffrey Schiller <jis@mit.edu> and Steve Bellovin <smb@research.att.com>.


Pending Documents

Pending documents for the working group include:


Completed Documents

  1. The TLS Protocol Version 1.0 (RFC 2246) [Proposed Standard]
  2. Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) (RFC 2712) [Proposed Standard]
  3. Upgrading to TLS Within HTTP/1.1 (RFC 2817) [Proposed Standard]
  4. HTTP Over TLS (RFC 2818)[Proposed Standard]
  5. AES Ciphersuites for TLS (RFC 3268)[Proposed Standard]


Discussion Items

Diffie-Hellman ciphersuites

RFC2246 requires the implementation the TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite to ensure interoperability in conforming implementations. Many popular implementations, including the Microsoft, Netscape, and Opera browsers, do not implement this ciphersuite. Technically, they do not conform to the RFC2246 standard. Some TLS packages, notably OpenSSL, do include an implementation of this ciphersuite.

This ciphersuite was chosen as mandatory when RFC2246 was published because it was the strongest one available at the time without any patent licensing requirements. Since the RFC was published, the patent on the RSA algorithm has expired. In the upcoming revision of RFC2246 under development for publication as a Draft Standard, it is possible that the mandatory ciphersuite will be changed to an RSA-based one.

Because using Diffie-Hellman can also provide perfect forward secrecy, it may be appropriate to use in some applications.


Past Meetings

1 August 2000 (Pittsburgh, PA)

12 December 2000 (San Diego, CA)

8 August 2001 (London, England)

19 March 2002 (Minneapolis, MN)

20 November 2002 (Atlanta, GA)



Comments about this web site should be sent to Win Treese <treese@acm.org>