Specifications
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are communication procedures (protocols) in order
to encrypt communication contents. When you pay with your credit card at an online shop,
one of these protocols is used to prevent your card number stolen during the transmission.
This page provides specfications and relevant documents of SSL and TLS.
- Core Specifications -- Documents which specify SSL or TLS themselves
- Updates or Extensions -- Proposed documents in order to extend SSL or TLS
- Basic Technologies -- Documents of technologies used as the base of SSL or TLS
- Applications -- Documents of higher layer protocols over SSL or TLS
|
|
 Core Specifications |
|
| RFC 2246 | [ Japanese original ] |
| The TLS Protocol Version 1.0 | |
| The specification of the TLS protocol version 1. It is specified by TLS working group in IETF that takes over the development of the SSL protocol from Netscape Communications.
The group changes its name from "SSL" to "TLS", and decides to use HMAC. It was first published as draft-ietf-tls-protocol, then became RFC. At present, the draft document that modifies this document is issued (see Updates or Extensions).
Issued: January, 1999 |
|
| draft-freier-ssl-version3-02 | [ Japanese original ] |
| The SSL Protocol Version 3.0 | |
| The specification of the SSL protocol version 3. It is specified by Netscape Communications. If you mention "SSL protocol", it is general to point to this version. The development of the SSL protocol has already ended, and is taken over as the TLS protocol. This draft (version3-02) is also published as draft-ietf-tls-ssl-version3-00.
Issued: November, 1996 |
|
| draft-benaloh-pct-00 | [ Japanese original ] |
| The Private Communication Technology Protocol | |
| The specification of the PCT protocol version 1. It is based on the SSL protocol version 2, and improved by Microsoft. It is mainly being used in the products of the Microsoft.
Issued: October, 1995 |
|
| draft-hickman-netscape-ssl-00 | [ Japanese original ] |
| The SSL Protocol | |
| The specification of the SSL protocol version 2. It is specified by Netscape Communications. This is the first version of SSL introduced to the public. The use of this version isn't recommended at present.
Issued: April, 1995 |
|
| United States Patent Patent Number: 5657390 | [ original ] |
| Secure socket layer application program apparatus and method | |
| The patent of the SSL protocol that Netscape Communications acquired in USA.
Issued: August, 1997 |
|
| Return to the page top | |
|
|
 Updates or Extensions |
|
- Extensions of core features
- Addition of cipher suites
- Interoperation
- Authentication methods
- Addition of compression methods
- Protocol bases
- Extensive Protocols
| --- (1) Extensions of core features --- | |
| draft-ietf-tls-rfc2246-bis-12 | [ Japanese original ] |
| The TLS Protocol Version 1.1 | |
| This document is proposed as the TLS version 1.1. It modifies RFC2246 in the following points: (i)40-bit exportable cipher suites are deprecated, and (ii)some modifications are made to prevent the attack to the block ciphers in CBC mode.
Issued: June, 2005 |
|
| RFC 3546 | [ Japanese original ] |
| Transport Layer Security (TLS) Extensions | |
| This document proposes a framework to control TLS handshake, and extended functions such as various limit negotiations to fit wireless environment, server certificate status request using OCSP(Online Certificate Status Protocol), and so on. (The translated document is draft-ietf-tls-extensions-05, not RFC.)
Issued: June, 2003 |
|
| draft-ietf-tls-rfc3546bis-01 | [ Japanese original ] |
| Transport Layer Security (TLS) Extensions | |
| This document modifies RFC3546 in the following points: when you add new extensions toward RFC3546, (i) register for IANA, and (ii)add considerations in the session re-use.
Issued: May, 2005 |
|
| draft-chudov-cryptopro-tlsprfneg-00 | [ Japanese original ] |
| Hash/PRF negotiation in TLS using TLS extensions | |
| This document adds a new extension to RFC3546 which enables to negotiate hash algorithms for PRF function.
Issued: May, 2005 |
|
| draft-funk-tls-inner-application-extension-01 | [ Japanese original ] |
| TLS Inner Application Extension (TLS/IA) | |
| This document adds a new extension to RFC3546 which exchanges password credentials of other protocols between Finished message and encrypted application data.
Issued: February, 2005
|
|
| draft-hajjeh-tls-sign-00 | [ Japanese original ] |
| TLS Sign | |
| This document adds a new extension to RFC3546 which enables non-repudiation in TLS.
Issued: January, 2005
|
|
| draft-ietf-tls-emailaddr-00 | [ Japanese original ] |
| Update to Transport Layer Security (TLS) Extensions | |
| This document adds a new extension to RFC3546 which allows the client to specify an email name as the server name.
Issued: November, 2003 |
|
| draft-ietf-tls-wireless-00 | [ original ] |
| Wireless Extensions to TLS | |
| This document proposes a framework to use TLS under constraints of a portable telephone environment (e.g. calculation ability is not much high, or memory size is small). This draft modified its name as draft-ietf-tls-extensions, and became RFC3546.
Issued: November, 2000
|
|
| draft-ietf-tls-delegation-01 | [ Japanese original ] |
| TLS Delegation Protocol | |
| This document proposes methods to delegate Proxy Certificate or Kerberos 5 forwardable ticket using TLS.
Issued: July, 2001
|
|
| draft-ietf-tls-pathsec-00 | [ Japanese original ] |
| TLS Pathsec Protocol | |
| This document allows existence of intermediaries between client and server by dividing a session into multiple sub sessions.
Issued: September, 2001 |
|
| draft-ietf-tls-ssl-mods-00 | [ Japanese original ] |
| Modifications to the SSL protocol for TLS | |
| This document proposes modifications for SSL version 3. Many points in this document are reflected on the TLS protocol.
Issued: November, 1996 |
|
| draft-benaloh-pct-01 | [ Japanese original ] |
| The Private Communication Technology Protocol | |
| This document proposes the PCT protocol version 2.
Issued: April, 1996 |
|
| --- (2) Addition of cipher suites --- | |
| RFC 3268 | [ Japanese original ] |
| Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) | |
| AES (Advanced Encryption Standard), which is the successor of DES (Data Encryption Standard), is added to cipher suites of TLS. AES is now published as FIPS PUB 197. It was first published as draft-ietf-tls-ciphersuite, then became RFC.
Issued: June, 2002 |
|
| draft-ietf-tls-ecc-10 | [ Japanese original ] |
| ECC Cipher Suites for TLS | |
| This document defines cipher suites which use Elliptic Curve Cryptography (ECC) as a key exchange algorithm.
Issued: May, 2005 |
|
| draft-chudov-cryptopro-cptls-01 | [ Japanese original ] |
| Addition of GOST Ciphersuites to Transport Layer Security (TLS) | |
| This document adds Russian Standard GOST R 34.10-94 and 2001 as TLS key exchange algorithm, GOST 28147-89 as TLS symmetric encryption algorithm, and GOST R 34.11-94 as TLS digest algorithm to TLS.
Issued: April, 2004 |
|
| draft-ietf-tls-camellia-06 | [ Japanese original ] |
| Addition of Camellia Ciphersuites to Transport Layer Security (TLS) | |
| This document adds block cipher
Camellia, which is developed by NTT and
Mitubishi Electric, to TLS. (The translated document is draft-ietf-tls-camellia-02, not 06.)
Issued: October, 2004 |
|
| draft-lee-tls-seed-01 | [ Japanese original ] |
| Addition of SEED Ciphersuites to Transport Layer Security (TLS) | |
| This document adds block cipher SEED, which is developed by TTA.
Issued: January, 2005 |
|
| draft-ietf-tls-seedhas-00 | [ Japanese original ] |
| TLS Extension for SEED and HAS-160 | |
|
This document adds block cipher SEED and hash algorithm HAS-160, which are developed by TTA, to TLS cipher suites.
Issued: July, 2000 |
|
| draft-ietf-tls-ntru-00 | [ Japanese original ] |
| NTRU Cipher Suites for TLS | |
| Definition of cipher suites which use NTRU public key cryptography and signature algorithm NSS as a key exchange algorithm. See NTRU Cryptosystems, Inc. for details about NTRU and NSS.
Issued: July, 2001 |
|
| draft-ietf-tls-misty1-01 | [ Japanese original ] |
| Addition of MISTY1 to TLS | |
| Addition of the block cipher MISTY1, which is developed by Mitubishi Electric.
Issued: March, 2001 |
|
| draft-ietf-tls-56-bit-ciphersuites-01 | [ Japanese original ] |
| 56-bit Export Cipher Suites For TLS | |
| Addition of 56-bit exportable cipher suites to TLS. This document updates draft-ietf-tls-56-bit-ciphersuites-00 with cipher suite name changes, addition and deletion some cipher suites.
Issued: July, 2001 |
|
| draft-ietf-tls-56-bit-ciphersuites-00 | [ Japanese original ] |
| 56-bit Export Cipher Suites For TLS | |
| Addition of 56-bit exportable cipher suites to TLS.
Issued: January, 1999 |
|
| --- (3) Interoperation --- | |
| RFC2712 | [ Japanese original ] |
| Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) | |
| Addition of cipher suites to use authentication methods adopted in Kerberos. It was first published as draft-ietf-tls-kerb-cipher-suites, then became RFC.
Issued: October, 1999 |
|
| draft-ietf-tls-kerb-01 | [ Japanese original ] |
| Kerberos Cipher Suites in Transport Layer Security (TLS) | |
| Updates RFC2712 to support delegation of Kerberos credentials.
Issued: November, 2001 |
|
| draft-ietf-tls-openpgp-02 | [ Japanese original ] |
| Extensions to TLS for OpenPGP keys | |
| Extend TLS to support authentication and trust model which are adopted in OpenPGP.
Issued: February, 2002 |
|
| draft-ietf-tls-openpgp-keys-06 | [ Japanese original ] |
| Using OpenPGP keys for TLS authentication | |
| Extend TLS to support authentication and trust model which are adopted in OpenPGP.
Issued: January, 2005 |
|
| --- (4) Authentication methods --- | |
| draft-badra-tls-key-exchange-00 | [ Japanese original ] |
| Pre-Shared-Key key Exchange methods for TLS | |
|
To avoid high CPU-load public key operations, this document extends RFC 3546 to support authentication based on pre installed key, and to allow anonymous exchanges, identity protection and Perfect Forward Secrecy.
Issued: August, 2004 |
|
| draft-badra-tls-express-01 | [ Jananese original ] |
| TLS Express | |
| To avoid high CPU-load public key operations, it suggests that the client and the server share symmetric keys before communications, then client transmits the key ID to the server using Hello Extensions defined in RFC3546 for establishing TLS commnunications.
Issued: February, 2005 |
|
| draft-ietf-tls-psk-08 | [ Japanese original ] |
| Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) | |
| To avoid high CPU-load public key operations, it suggests that the client and the server share symmetric keys before communications, then client transmits the key ID to the server using ClientKeyExchange message for establishing TLS communications. It was first published as draft-eronen-tls-psk-00 (individual draft), but it was renamed to be discussed in TLS working group.
Issued: April, 2005 |
|
| draft-salowey-tls-ticket-02 | [ Japanese original ] |
| A TLS Hello Extension for Ticket Based Pre-Shared Keys | |
| To avoid high CPU-load public key operations, it suggests that the client and the server share symmetric keys before communications, and the server creates the ticket which includes encrypted server key and sends it to the client (this enables the server not maintaining the shared key), then client transmits the ticket to the server using Hello Extensions defined in RFC3546 for establishing TLS commnunications.
Issued: February, 2005 |
|
| draft-ietf-tls-sharedkeys-02 | [ Japanese original ] |
| Use of Shared Keys in the TLS Protocol | |
| To avoid high CPU-load public key operations, it suggests that the client and the server share symmetric keys before communications, then they identify that keys using session ID (transmitted by ClientHello message) and pre-master secret (transmitted by ClientKeyExchange message) for establishing TLS communications.
Issued: October, 2003 |
|
| draft-ietf-tls-passauth-00 | [ Japanese original ] |
| Addition of Shared Key Authentication to Transport Layer Security (TLS) | |
| Shared-key-based authentication in TLS, instead of using challenge-response-based authentication with public key cryptography.
Issued: November, 1996
|
|
| draft-ietf-tls-srp-09 | [ Japanese original ] |
| Using SRP for TLS Authentication | |
| User authentication based on SRP(Secure Remote Password) in TLS.
Issued: March, 2005 |
|
| draft-ietf-tls-attr-cert-01 | [ Japanese original ] |
| TLS extensions for AttributeCertificate based authorization | |
| Authentication based on Attribute Certificate in TLS for the purpose of providing various types of authorization services.
Issued: August, 1998
|
|
| --- (5) Addition of compression methods --- | |
| RFC 3749 | [ Japanese original ] |
| Transport Layer Security Protocol Compression Methods | |
| Add DEFLATE which is defined in RFC1951 as a compression method in TLS. (The translated document is draft-ietf-tls-compression-06, not RFC.)
Issued: May, 2004 |
|
| RFC 3943 | [ Japanese original ] |
| Transport Layer Security Protocol Compression Using LZS | |
| Add LZS as a compression method in TLS.
Issued: November, 2004 |
|
| draft-sabin-lzs-tls-00 | [ Japanese original ] |
| LZS Compression Transform for TLS Protocol | |
| Add LZS as a compression method in TLS.
Issued: December, 1996 |
|
| --- (6) Protocol bases --- | |
| RFC 3436 | [ Japanese original ] |
| Transport Layer Security over Stream Control Transmission Protocol | |
| Considerations of using TLS over SCTP(Stream Control Transmission Protocol). (The translated document is draft-tuexen-tsvwg-tls-over-sctp-00, not RFC.)
Issued: December, 2002 |
|
| --- (7) Extensive Protocols --- | |
| draft-rescorla-dtls-04 | [ Japanese original ] |
| Datagram Transport Layer Security | |
| TLS over UDP(User Datagram Protocol).
Issued: April, 2005 |
|
| Return to the page top | |
|
|
 Basic Technologies |
|
| --- (1) Symmetric ciphers --- | |
| FIPS PUB 46-3 | [ original ] |
| SPECIFICATIONS FOR THE DATA ENCRYPTION STANDARD (DES) | |
| The specification of the block cipher DES (Data Encryption Standard) and triple DES which are specified by NIST.
Issued: October, 1999 |
|
| draft-hoffman-des40-03 | [ Japanese original ] |
| Creating 40-Bit Keys for DES | |
| A method to use 56-bit DES with a 40-bit length secret.
Issued: April, 1999 |
|
| RFC 2268 | [ Japanese original ] |
| A Description of the RC2(r) Encryption Algorithm | |
| Description of the block cipher RC2, which is developed by RSA Security Inc. There are errata in this document (see here).
Issued: March, 1998 |
|
| draft-kaukonen-cipher-arcfour-03 | [ Japanese original ] |
| A Stream Cipher Encryption Algorithm "Arcfour" | |
| Description of the stream cipher Arcfour, which has interoperability with RC4 developed by RSA Security Inc.
Issued: July, 1999 |
|
| United States Patent Patent Number: 5214703 | [ original ] |
| Device for the conversion of a digital block and use of same | |
| The patent of the block cipher IDEA (International Data Encryption Algorithm) that Ascom Tech AG acquired in USA.
Issued: March, 1993 |
|
| --- (2) Asymmetric ciphers and digital certificate --- | |
| Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120-126. | [ original ] |
| A Method for Obtaining Digital Signatures and Public-Key Cryptosystems | |
| The first paper of RSA cryptography by R.L. Rivest, A. Shamir, and L. Adleman.
Issued: February, 1978 |
|
| RFC 2313 | [ Japanese original ] |
| PKCS #1: RSA Encryption Version 1.5 | |
| The specification of data processing methods using RSA, such as definition of private key and key generation methods, encryption and decryption procedures, and signing and verification procedures.
Issued: March, 1998 |
|
| United States Patent Patent Number: 4,405,829 | [ original ] |
| Cryptographic communications system and method | |
| The patent of RSA cryptography. It is expired in September 2000.
Issued: September, 1983 |
|
| PKCS #3 | [ original ] |
| PKCS #3: Diffie-Hellman Key-Agreement Standard | |
| The specification of data processing methods using Diffie-Hellman cryptography.
Issued: November, 1993 |
|
| United States Patent Patent Number: 4,200,770 | [ original ] |
| Cryptographic apparatus and method | |
| The patent of Diffie-Hellman cryptography. It is expired in April 1997.
Issued: April, 1980 |
|
| RFC 2314 | [ Japanese original ] |
| PKCS #10: Certification Request Syntax Version 1.5 | |
| Data format specification for requesting certificates to Certification Authority (CA).
Issued: March, 1998 |
|
| RFC 2459 | [ Japanese(IPA) original ] |
| Internet X.509 Public Key Infrastructure Certificate and CRL Profile | |
| The specfication of X.509 version 3 certificate and version 2 CRL (Certificate Revocation List). There are errata in this document (see here). This document is updated by RFC 3280.
Issued: January, 1999 |
|
| FIPS PUB 186-2 | [ original ] |
| Specifications for the DIGITAL SIGNATURE STANDARD (DSS) | |
| Specifications of Digital Signature Algorithm (DSA), RSA Digital Signature Algorithm, and ECDSA (Elliptic Curve Digital Signature Algorithm) by NIST.
Issued: January, 2000 |
|
| --- (3) Hash functions --- | |
| RFC 1319 | [ Japanese original ] |
| The MD2 Message-Digest Algorithm | |
| A hash algorithm of RSA Security Inc. It is a high security algorithm, but processing speed is slow, so that it is
not used so widely. There are errata in this document (see here).
Issued: April, 1992 |
|
| RFC 1320 | [ Japanese original ] |
| The MD4 Message-Digest Algorithm | |
| A hash algorithm of RSA Security Inc. It is designed to be able to process faster than MD2. Conversely, safety has decreased.
Issued: April, 1992 |
|
| RFC 1321 | [ Japanese original ] |
| The MD5 Message-Digest Algorithm | |
| A hash algorithm of RSA Security Inc. It is designed to be faster than MD2, and safer than MD4. It is used very widely, but there is a tendensy to avoid using it since possibility of collision being pointed out. There are errata in this document (see here).
Issued: April, 1992 |
|
| RFC 3174 | [ Japanese original ] |
| US Secure Hash Algorithm 1 (SHA1) | |
| RFC version of hash algorithm SHA-1 specification, which is specfied as FIPS PUB 180-1 by NIST. This document includes sample code in C language. It is widely adopted in place of the MD5.There are errata in this document (see here).
Issued: September, 2001 |
|
| RFC 2104 | [ Japanese(IPA) original ] |
| HMAC: Keyed-Hashing for Message Authentication | |
| Method of encapsulating hash algorithms to make the protection by the key.
It is also specfied as FIPS PUB 198.
Issued: February, 1997 |
|
| --- (4) Transmission protocols --- | |
| RFC 793 | [ Japanese(hig) original ] |
| TRANSMISSION CONTROL PROTOCOL | |
| The specification of the communication protocol TCP (Transmission Control Protocol) which is located in the lower layer of TLS. There are errata in this document (see here).
Issued: September, 1981 |
|
| Return to the page top | |
|
|
 Applications |
|
| RFC 3207 | [ Japanese original ] |
| SMTP Service Extension for Secure SMTP over Transport Layer Security | |
| Extends SMTP (Simple Mail Transfer Protocol) with STARTTLS command to transmit messages securely. There are errata in this document (see here).
Issued: February, 2002 |
|
| RFC 2595 | [ Japanese original ] |
| Using TLS with IMAP, POP3 and ACAP | |
| Considerations to use STARTTLS command in IMAP (Internet Message Access Protocol), POP3 (Post Office Protocol Version 3), and ACAP (Application Configuration Access Protocol).
Issued: June, 1999 |
|
| RFC 2817 | [ Japanese original ] |
| Upgrading to TLS Within HTTP/1.1 | |
| Description of sharing the identical port between unsecured and secured HTTP by making use of Upgrade header of HTTP/1.1, and description of CONNECT method to make TLS messages tunnel at the proxy server.
Issued: May, 2000 |
|
| RFC 2818 | [ Japanese original ] |
| HTTP Over TLS | |
| Considerations (connection initiation, closure, authentication, and so on) when HTTP is used over TLS.
Issued: May, 2000 |
|
| draft-belingueres-http-tls-filter-00 | [ Japanese original ] |
| HTTP over TLS using a TCP Filter | |
| Description of sharing the identical port between unsecured and secured HTTP by using TCP Security Filter.
Issued: November, 1999 |
|
| draft-luotonen-web-proxy-tunneling-01 | [ Japanese original ] |
| Tunneling TCP based protocols through Web proxy servers | |
| Description of CONNECT method to make TCP based protocol messages tunnel at the proxy server.
Issued: August, 1998 |
|
| draft-luotonen-ssl-tunneling-03 | [ Japanese original ] |
| Tunneling SSL Through a WWW Proxy | |
| Description of CONNECT method to make SSL messages tunnel at the proxy server.
Issued: March, 1997 |
|
| draft-ietf-tn3270e-telnet-tls-06 | [ Japanese original ] |
| TLS-based Telnet Security | |
| Using Telnet over TLS with START_TLS option.
Issued: April, 2002 |
|
| draft-murray-auth-ftp-ssl-16 | [ Japanese original ] |
| Securing FTP with TLS | |
| Using FTP (File Transfer Protocol) over TLS with AUTH command defined in RFC 2228.
Issued: February, 2005 |
|
| draft-fordh-ftp-ssl-firewall-06 | [ Japanese original ] |
| FTP/TLS Friendly Firewalls | |
| Considerations in case FTP over TLS passes through firewalls.
Issued: February, 2005 |
|
| RFC 2830 | [ Japanese original ] |
| Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security | |
| Description of securing a LDAP (Lightweight Directory Access Protocol) communication with Start TLS extended request.
Issued: May, 2000 |
|
| Return to the page top | |
HomeCopyright (C) 2003-2010 Keisuke Nishihara