Hi all,

We (Songbo and I) would like to request adoption of -09. This version adds a possible template for:

1. threat model (Sec. 3.2.3) and
2. informal security goals (Sec. 3.3.1)

which -- in our experience and as authors of draft-wang-tls-service-affinity requested -- the authors of (adopted and individual) drafts in the WG, in general, find the most difficult to get right.

We hope this draft will help bring the authors, implementers and formal analysis enthusiasts on the same page to lower down the temperature of the room.

Welcome any comments or thoughts and we will address those at priority.

In particular, we request feedback from FATT and authors of (adopted and individual) drafts in the WG.

Best regards,
Usama and Songbo



-------- Forwarded Message --------
Subject: New Version Notification for draft-usama-tls-fatt-extension-09.txt
Date:   Mon, 06 Jul 2026 04:13:25 -0700
From:   [email protected]
To: Muhammad Sardar <[email protected]>, Muhammad Usama Sardar <[email protected]>, Songbo Bu <[email protected]>



A new version of Internet-Draft draft-usama-tls-fatt-extension-09.txt has been
successfully submitted by Muhammad Usama Sardar and posted to the
IETF repository.

Name: draft-usama-tls-fatt-extension
Revision: 09
Title: Proposed Document Template for TLS FATT Process
Date: 2026-07-06
Group: Individual Submission
Pages: 14
URL: https://www.ietf.org/archive/id/draft-usama-tls-fatt-extension-09.txt
Status: https://datatracker.ietf.org/doc/draft-usama-tls-fatt-extension/
HTML: https://www.ietf.org/archive/id/draft-usama-tls-fatt-extension-09.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-usama-tls-fatt-extension Diff: https://author-tools.ietf.org/iddiff?url2=draft-usama-tls-fatt-extension-09

Abstract:

This document applies only to non-trivial extensions of TLS, which
require formal analysis. FATT process has successfully discovered
CVEs of *CVSS 7.5* and most recently expected *CVSS 9.1* in the
*production* implementations of the drafts proposed for adoption in
the TLS WG. To achieve high cryptographic assurances, this document
proposes the drafts specify a clear threat model and informal
security goals in the Security Considerations section, as well as
motivation and a protocol diagram in the draft.



The IETF Secretariat


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to