[TLS] Re: Clarification on security considerations of RFC9261

[Sean Turner]

> On Mar 6, 2026, at 12:25, Eric Rescorla <e...@rtfm.com> wrote:
> 
> 
> 
> On Fri, Mar 6, 2026 at 9:20 AM Sean Turner <s...@sn3rd.com 
> <mailto:s...@sn3rd.com>> wrote:
>> snipping down the list
>> 
>>> On Feb 3, 2026, at 15:08, Muhammad Usama Sardar 
>>> <muhammad_usama.sar...@tu-dresden.de 
>>> <mailto:muhammad_usama.sar...@tu-dresden.de>> wrote:
>>> # Known implementation
>>> 
>>> The only public implementation currently known to us is Cloudflare's 
>>> opaque-ea [0], which as acknowledged [1] by Cloudflare, is a partial 
>>> implementation of RFC9261. It implements TLS messages here [2] and is based 
>>> on mint [3] - a minimal TLS 1.3 stack for learning purposes. Is there any 
>>> other open-source implementation?
>>> 
>>> For future, could we please reference the implementations within the RFCs 
>>> (either in text or in "additional resources" in datatracker) to avoid the 
>>> trouble to find it?
>>> 
>>> The developers are ultimately aiming at code that they will use in 
>>> production.
>>> 
>> The shepherd write-up for the I-D that became RFC 6261 noted that there were 
>> two implementations:
>> https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/15/
>> I checked my mail and I can’t find any reference to those implementations 
>> and I can’t remember the names.
>> 
>> As far as including the implementations in the RFC, pretty sure that’s not 
>> normally done.
> 
> I don't think we should change that.
> 
> Note that even in cases where we require implementations to be listed,
> as for promotion above PS, that goes in a separate report, not in the RFC:
> https://www.rfc-editor.org/rfc/rfc2026#section-4.1.2
> 
>    The Working Group chair is responsible for documenting the specific
>    implementations which qualify the specification for Draft or Internet
>    Standard status along with documentation about testing of the
>    interoperation of these implementations.  The documentation must
>    include information about the support of each of the individual
>    options and features.  This documentation should be submitted to the
>    Area Director with the protocol action request. (see Section 6 
> <https://www.rfc-editor.org/rfc/rfc2026#section-6>)
> 
> -Ekr

These implementation reports end up here:
https://www.ietf.org/participate/runningcode/implementation-reports/

spt
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org