Add text about TLS 1.3 0-rtt

oasis-tcs / cti-taxii2

OASIS CTI TC: An official CTI TC repository for TAXII 2 work

https://github.com/oasis-tcs/cti-taxii2

Other

9 stars 4 forks source link

Add text about TLS 1.3 0-rtt #17

Closed jordan2175 closed 6 years ago

jordan2175 commented 6 years ago

We need to add clarifying text to TAXII 2.1 about not using TLS 1.3 0-rtt. I would suggest we use the following text. "Implementations MUST NOT use TLS 1.3 0-rtt for TAXII". The reason for this is the known security implications with 0-rtt with REST based protocols. These are well documented in the IETF TLS 1.3 document.

jordan2175 commented 6 years ago

Added suggested text in section 8.2.2

MarkDavidson commented 6 years ago

Can a link be provided to the appropriate document/section?