<?xml version='1.0' encoding='utf-8'?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" ipr="trust200902" docName="draft-ietf-netconf-over-tls13-04" number="9918" category="std" consensus="true" submissionType="IETF" updates="7589" obsoletes="" tocInclude="true" sortRefs="true" symRefs="true" xml:lang="en" prepTime="2026-07-15T02:20:57" indexInclude="true" scripts="Common,Latin" tocDepth="3">
  <link href="https://datatracker.ietf.org/doc/draft-ietf-netconf-over-tls13-04" rel="prev"/>
  <link href="https://dx.doi.org/10.17487/rfc9918" rel="alternate"/>
  <link href="urn:issn:2070-1721" rel="alternate"/>
  <front>
    <title abbrev="NETCONF over TLS">Updates to Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 Authentication</title>
    <seriesInfo name="RFC" value="9918" stream="IETF"/>
    <author initials="S." surname="Turner" fullname="Sean Turner">
      <organization showOnFrontPage="true">sn3rd</organization>
      <address>
        <email>sean@sn3rd.com</email>
      </address>
    </author>
    <author initials="R." surname="Housley" fullname="Russ Housley">
      <organization abbrev="Vigil Security" showOnFrontPage="true">Vigil Security, LLC</organization>
      <address>
        <postal>
          <street>516 Dranesville Road</street>
          <city>Herndon</city>
          <region>VA</region>
          <code>20170</code>
          <country>United States of America</country>
        </postal>
        <email>housley@vigilsec.com</email>
      </address>
    </author>
    <date month="07" year="2026"/>
    <area>OPS</area>
    <workgroup>netconf</workgroup>
    <keyword>NETCONF</keyword>
    <keyword>TLS 1.3</keyword>
    <keyword>TLS 1.2</keyword>
    <keyword>Early Data</keyword>
    <abstract pn="section-abstract">
      <t indent="0" pn="section-abstract-1">RFC 7589 defines how to protect Network Configuration Protocol (NETCONF) messages with TLS 1.2. This
document updates RFC 7589 to update support requirements for TLS 1.2
and add TLS 1.3 support requirements, including restrictions on the
use of TLS 1.3's early data.</t>
    </abstract>
    <boilerplate>
      <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.1">
        <name slugifiedName="name-status-of-this-memo">Status of This Memo</name>
        <t indent="0" pn="section-boilerplate.1-1">
            This is an Internet Standards Track document.
        </t>
        <t indent="0" pn="section-boilerplate.1-2">
            This document is a product of the Internet Engineering Task Force
            (IETF).  It represents the consensus of the IETF community.  It has
            received public review and has been approved for publication by
            the Internet Engineering Steering Group (IESG).  Further
            information on Internet Standards is available in Section 2 of 
            RFC 7841.
        </t>
        <t indent="0" pn="section-boilerplate.1-3">
            Information about the current status of this document, any
            errata, and how to provide feedback on it may be obtained at
            <eref target="https://www.rfc-editor.org/info/rfc9918" brackets="none"/>.
        </t>
      </section>
      <section anchor="copyright" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.2">
        <name slugifiedName="name-copyright-notice">Copyright Notice</name>
        <t indent="0" pn="section-boilerplate.2-1">
            Copyright (c) 2026 IETF Trust and the persons identified as the
            document authors. All rights reserved.
        </t>
        <t indent="0" pn="section-boilerplate.2-2">
            This document is subject to BCP 78 and the IETF Trust's Legal
            Provisions Relating to IETF Documents
            (<eref target="https://trustee.ietf.org/license-info" brackets="none"/>) in effect on the date of
            publication of this document. Please review these documents
            carefully, as they describe your rights and restrictions with
            respect to this document. Code Components extracted from this
            document must include Revised BSD License text as described in
            Section 4.e of the Trust Legal Provisions and are provided without
            warranty as described in the Revised BSD License.
        </t>
      </section>
    </boilerplate>
    <toc>
      <section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" pn="section-toc.1">
        <name slugifiedName="name-table-of-contents">Table of Contents</name>
        <ul bare="true" empty="true" indent="2" spacing="compact" pn="section-toc.1-1">
          <li pn="section-toc.1-1.1">
            <t indent="0" keepWithNext="true" pn="section-toc.1-1.1.1"><xref derivedContent="1" format="counter" sectionFormat="of" target="section-1"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-introduction">Introduction</xref></t>
          </li>
          <li pn="section-toc.1-1.2">
            <t indent="0" keepWithNext="true" pn="section-toc.1-1.2.1"><xref derivedContent="2" format="counter" sectionFormat="of" target="section-2"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-conventions">Conventions</xref></t>
          </li>
          <li pn="section-toc.1-1.3">
            <t indent="0" keepWithNext="true" pn="section-toc.1-1.3.1"><xref derivedContent="3" format="counter" sectionFormat="of" target="section-3"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-early-data">Early Data</xref></t>
          </li>
          <li pn="section-toc.1-1.4">
            <t indent="0" pn="section-toc.1-1.4.1"><xref derivedContent="4" format="counter" sectionFormat="of" target="section-4"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-cipher-suites">Cipher Suites</xref></t>
          </li>
          <li pn="section-toc.1-1.5">
            <t indent="0" pn="section-toc.1-1.5.1"><xref derivedContent="5" format="counter" sectionFormat="of" target="section-5"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-security-considerations">Security Considerations</xref></t>
          </li>
          <li pn="section-toc.1-1.6">
            <t indent="0" pn="section-toc.1-1.6.1"><xref derivedContent="6" format="counter" sectionFormat="of" target="section-6"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-iana-considerations">IANA Considerations</xref></t>
          </li>
          <li pn="section-toc.1-1.7">
            <t indent="0" pn="section-toc.1-1.7.1"><xref derivedContent="7" format="counter" sectionFormat="of" target="section-7"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-normative-references">Normative References</xref></t>
          </li>
          <li pn="section-toc.1-1.8">
            <t indent="0" pn="section-toc.1-1.8.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.a"/><xref derivedContent="" format="title" sectionFormat="of" target="name-acknowledgments">Acknowledgments</xref></t>
          </li>
          <li pn="section-toc.1-1.9">
            <t indent="0" pn="section-toc.1-1.9.1"><xref derivedContent="" format="none" sectionFormat="of" target="section-appendix.b"/><xref derivedContent="" format="title" sectionFormat="of" target="name-authors-addresses">Authors' Addresses</xref></t>
          </li>
        </ul>
      </section>
    </toc>
  </front>
  <middle>
    <section anchor="introduction" numbered="true" removeInRFC="false" toc="include" pn="section-1">
      <name slugifiedName="name-introduction">Introduction</name>
      <t indent="0" pn="section-1-1"><xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/> defines how to protect NETCONF messages <xref target="RFC6241" format="default" sectionFormat="of" derivedContent="RFC6241"/> with
TLS 1.2 <xref target="RFC5246" format="default" sectionFormat="of" derivedContent="RFC5246"/>. This document updates <xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/> to update
support requirements for TLS 1.2 <xref target="RFC5246" format="default" sectionFormat="of" derivedContent="RFC5246"/> and add TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/>
support requirements, including restrictions on the use of TLS 1.3's early data, which is also known as 0-RTT data.
It also updates "netconf‑tls", the IANA-registered port number entry, to
refer to this document. All other provisions set forth in <xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/>
are unchanged, including connection initiation, message framing,
connection closure, certificate validation, server identity, and client
      identity.</t>
      <aside pn="section-1-2">
        <t indent="0" pn="section-1-2.1">NOTE: Implementations that support TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/> <bcp14>SHOULD</bcp14> also
  follow Sections <xref target="RFC7589" section="4" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7589#section-4" derivedContent="RFC7589"/> and <xref target="RFC7589" section="5" sectionFormat="bare" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7589#section-5" derivedContent="RFC7589"/> of <xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/>.</t>
      </aside>
    </section>
    <section anchor="conventions-and-definitions" numbered="true" removeInRFC="false" toc="include" pn="section-2">
      <name slugifiedName="name-conventions">Conventions</name>
      <t indent="0" pn="section-2-1">
    The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
    "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
    described in BCP 14 <xref target="RFC2119" format="default" sectionFormat="of" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFormat="of" derivedContent="RFC8174"/> 
    when, and only when, they appear in all capitals, as shown here.
      </t>
    </section>
    <section anchor="early-data" numbered="true" removeInRFC="false" toc="include" pn="section-3">
      <name slugifiedName="name-early-data">Early Data</name>
      <t indent="0" pn="section-3-1">Early data (aka 0-RTT data) is a mechanism defined in TLS 1.3
<xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/> that allows a client to send data ("early data")
as part of the first flight of messages to a server. Note that TLS 1.3 can
be used without early data as per <xref section="F.5" sectionFormat="of" target="RFC9846" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9846#appendix-F.5" derivedContent="RFC9846"/>.
In fact, early data is permitted by TLS 1.3 only when the client and server
share a Pre-Shared Key (PSK), either obtained externally or via a previous
handshake. The client uses the PSK to authenticate the server and to encrypt
the early data.</t>
      <t indent="0" pn="section-3-2">As noted in <xref section="2.3" sectionFormat="of" target="RFC9846" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9846#section-2.3" derivedContent="RFC9846"/>, the security
properties for early data are weaker than those for subsequent TLS-protected
data. In particular, early data is not forward secret, and there is no
protection against the replay of early data between connections.
<xref section="F.5" sectionFormat="of" target="RFC9846" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9846#appendix-F.5" derivedContent="RFC9846"/> requires applications not
use early data without a profile that defines its use. This document
specifies that NETCONF implementations that support TLS 1.3 or later <bcp14>MUST NOT</bcp14> use early
data.</t>
    </section>
    <section anchor="cipher-suites" numbered="true" removeInRFC="false" toc="include" pn="section-4">
      <name slugifiedName="name-cipher-suites">Cipher Suites</name>
      <t indent="0" pn="section-4-1">Implementations <bcp14>MUST</bcp14> support mutually authenticated TLS 1.2 <xref target="RFC5246" format="default" sectionFormat="of" derivedContent="RFC5246"/>, and
they are, as specified in <xref target="RFC9325" format="default" sectionFormat="of" derivedContent="RFC9325"/>, recommended to support the cipher
suites found in <xref section="4.2" sectionFormat="of" target="RFC9325" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9325#section-4.2" derivedContent="RFC9325"/>.</t>
      <t indent="0" pn="section-4-2">Implementations <bcp14>MAY</bcp14> implement additional TLS 1.2 cipher suites that provide
mutual authentication <xref target="RFC5246" format="default" sectionFormat="of" derivedContent="RFC5246"/> and confidentiality, as required by
NETCONF <xref target="RFC6241" format="default" sectionFormat="of" derivedContent="RFC6241"/>.</t>
      <t indent="0" pn="section-4-3">Implementations <bcp14>SHOULD</bcp14> support mutually authenticated TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/> and,
if implemented, <bcp14>MUST</bcp14> prefer to negotiate TLS 1.3 over earlier versions
of TLS.</t>
      <t indent="0" pn="section-4-4">Implementations that support TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/> are
<bcp14>REQUIRED</bcp14> to support the mandatory-to-implement cipher suites listed in
<xref section="9.1" sectionFormat="of" target="RFC9846" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9846#section-9.1" derivedContent="RFC9846"/>.</t>
      <t indent="0" pn="section-4-5">Implementations that support TLS 1.3 <bcp14>MAY</bcp14> implement additional TLS cipher
suites that provide mutual authentication and confidentiality, which are
required for NETCONF <xref target="RFC6241" format="default" sectionFormat="of" derivedContent="RFC6241"/>.</t>
    </section>
    <section anchor="security-considerations" numbered="true" removeInRFC="false" toc="include" pn="section-5">
      <name slugifiedName="name-security-considerations">Security Considerations</name>
      <t indent="0" pn="section-5-1">The security considerations of <xref target="RFC6241" format="default" sectionFormat="of" derivedContent="RFC6241"/>, <xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/>, and <xref target="RFC9325" format="default" sectionFormat="of" derivedContent="RFC9325"/>
apply here as well.</t>
      <t indent="0" pn="section-5-2">NETCONF implementations <bcp14>SHOULD</bcp14> follow the TLS recommendations given in
<xref target="RFC9325" format="default" sectionFormat="of" derivedContent="RFC9325"/>.</t>
      <t indent="0" pn="section-5-3">For implementations that support TLS 1.3, the security considerations of
TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/> apply.</t>
      <t indent="0" pn="section-5-4">As specified in <xref target="RFC7589" format="default" sectionFormat="of" derivedContent="RFC7589"/>, NETCONF over TLS requires mutual authentication.</t>
      <t indent="0" pn="section-5-5">For implementations that support TLS 1.3 <xref target="RFC9846" format="default" sectionFormat="of" derivedContent="RFC9846"/>:</t>
      <t indent="3" pn="section-5-6">TLS 1.3 mutual authentication is used
to ensure that only authorized users and systems are able to view the
NETCONF server's configuration and state or to modify the NETCONF
server's configuration. To this end, neither the client nor the server
should establish a NETCONF over TLS 1.3 connection with an unknown,
unexpected, or incorrectly identified peer; see <xref section="7" sectionFormat="of" target="RFC7589" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7589#section-7" derivedContent="RFC7589"/>. If
deployments make use of a trusted list of Certification Authority (CA)
certificates <xref target="RFC5280" format="default" sectionFormat="of" derivedContent="RFC5280"/>, then the listed CAs should only issue certificates
to parties that are authorized to access the NETCONF servers. Doing otherwise
will allow certificates that were issued for other purposes to be
inappropriately accepted by a NETCONF server.</t>
      <t indent="0" pn="section-5-7">The security considerations of <xref target="RFC9525" format="default" sectionFormat="of" derivedContent="RFC9525"/> apply to all implementations
when the client checks the identity of the server, as is required in
<xref section="6" sectionFormat="of" target="RFC7589" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7589#section-6" derivedContent="RFC7589"/>.</t>
    </section>
    <section anchor="iana-considerations" numbered="true" removeInRFC="false" toc="include" pn="section-6">
      <name slugifiedName="name-iana-considerations">IANA Considerations</name>
      <t indent="0" pn="section-6-1">IANA has added a reference to this document in the
"netconf-tls" entry in the "Service Name and Transport Protocol Port
Number Registry". The updated registry entry appears as follows:</t>
      <dl spacing="compact" newline="false" indent="3" pn="section-6-2">
        <dt pn="section-6-2.1">Service Name:</dt>
        <dd pn="section-6-2.2">netconf-tls</dd>
        <dt pn="section-6-2.3">Port Number:</dt>
        <dd pn="section-6-2.4">6513</dd>
        <dt pn="section-6-2.5">Transport Protocol:</dt>
        <dd pn="section-6-2.6">tcp</dd>
        <dt pn="section-6-2.7">Description:</dt>
        <dd pn="section-6-2.8">NETCONF over TLS</dd>
        <dt pn="section-6-2.9">Assignee:</dt>
        <dd pn="section-6-2.10">IESG &lt;iesg@ietf.org&gt;</dd>
        <dt pn="section-6-2.11">Contact:</dt>
        <dd pn="section-6-2.12">IETF Chair &lt;chair@ietf.org&gt;</dd>
        <dt pn="section-6-2.13">Reference:</dt>
        <dd pn="section-6-2.14">RFC 7589, RFC 9918</dd>
      </dl>
    </section>
  </middle>
  <back>
    <references anchor="sec-normative-references" pn="section-7">
      <name slugifiedName="name-normative-references">Normative References</name>
      <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" quoteTitle="true" derivedAnchor="RFC2119">
        <front>
          <title>Key words for use in RFCs to Indicate Requirement Levels</title>
          <author fullname="S. Bradner" initials="S." surname="Bradner"/>
          <date month="March" year="1997"/>
          <abstract>
            <t indent="0">In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="2119"/>
        <seriesInfo name="DOI" value="10.17487/RFC2119"/>
      </reference>
      <reference anchor="RFC5246" target="https://www.rfc-editor.org/info/rfc5246" quoteTitle="true" derivedAnchor="RFC5246">
        <front>
          <title>The Transport Layer Security (TLS) Protocol Version 1.2</title>
          <author fullname="T. Dierks" initials="T." surname="Dierks"/>
          <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
          <date month="August" year="2008"/>
          <abstract>
            <t indent="0">This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="5246"/>
        <seriesInfo name="DOI" value="10.17487/RFC5246"/>
      </reference>
      <reference anchor="RFC5280" target="https://www.rfc-editor.org/info/rfc5280" quoteTitle="true" derivedAnchor="RFC5280">
        <front>
          <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
          <author fullname="D. Cooper" initials="D." surname="Cooper"/>
          <author fullname="S. Santesson" initials="S." surname="Santesson"/>
          <author fullname="S. Farrell" initials="S." surname="Farrell"/>
          <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
          <author fullname="R. Housley" initials="R." surname="Housley"/>
          <author fullname="W. Polk" initials="W." surname="Polk"/>
          <date month="May" year="2008"/>
          <abstract>
            <t indent="0">This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="5280"/>
        <seriesInfo name="DOI" value="10.17487/RFC5280"/>
      </reference>
      <reference anchor="RFC6241" target="https://www.rfc-editor.org/info/rfc6241" quoteTitle="true" derivedAnchor="RFC6241">
        <front>
          <title>Network Configuration Protocol (NETCONF)</title>
          <author fullname="R. Enns" initials="R." role="editor" surname="Enns"/>
          <author fullname="M. Bjorklund" initials="M." role="editor" surname="Bjorklund"/>
          <author fullname="J. Schoenwaelder" initials="J." role="editor" surname="Schoenwaelder"/>
          <author fullname="A. Bierman" initials="A." role="editor" surname="Bierman"/>
          <date month="June" year="2011"/>
          <abstract>
            <t indent="0">The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="6241"/>
        <seriesInfo name="DOI" value="10.17487/RFC6241"/>
      </reference>
      <reference anchor="RFC7589" target="https://www.rfc-editor.org/info/rfc7589" quoteTitle="true" derivedAnchor="RFC7589">
        <front>
          <title>Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 Authentication</title>
          <author fullname="M. Badra" initials="M." surname="Badra"/>
          <author fullname="A. Luchuk" initials="A." surname="Luchuk"/>
          <author fullname="J. Schoenwaelder" initials="J." surname="Schoenwaelder"/>
          <date month="June" year="2015"/>
          <abstract>
            <t indent="0">The Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. This document describes how to use the Transport Layer Security (TLS) protocol with mutual X.509 authentication to secure the exchange of NETCONF messages. This revision of RFC 5539 documents the new message framing used by NETCONF 1.1 and it obsoletes RFC 5539.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="7589"/>
        <seriesInfo name="DOI" value="10.17487/RFC7589"/>
      </reference>
      <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" quoteTitle="true" derivedAnchor="RFC8174">
        <front>
          <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
          <author fullname="B. Leiba" initials="B." surname="Leiba"/>
          <date month="May" year="2017"/>
          <abstract>
            <t indent="0">RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="8174"/>
        <seriesInfo name="DOI" value="10.17487/RFC8174"/>
      </reference>
      <reference anchor="RFC9325" target="https://www.rfc-editor.org/info/rfc9325" quoteTitle="true" derivedAnchor="RFC9325">
        <front>
          <title>Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</title>
          <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
          <author fullname="P. Saint-Andre" initials="P." surname="Saint-Andre"/>
          <author fullname="T. Fossati" initials="T." surname="Fossati"/>
          <date month="November" year="2022"/>
          <abstract>
            <t indent="0">Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are used to protect data exchanged over a wide range of application protocols and can also form the basis for secure transport protocols. Over the years, the industry has witnessed several serious attacks on TLS and DTLS, including attacks on the most commonly used cipher suites and their modes of operation. This document provides the latest recommendations for ensuring the security of deployed services that use TLS and DTLS. These recommendations are applicable to the majority of use cases.</t>
            <t indent="0">RFC 7525, an earlier version of the TLS recommendations, was published when the industry was transitioning to TLS 1.2. Years later, this transition is largely complete, and TLS 1.3 is widely available. This document updates the guidance given the new environment and obsoletes RFC 7525. In addition, this document updates RFCs 5288 and 6066 in view of recent attacks.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="195"/>
        <seriesInfo name="RFC" value="9325"/>
        <seriesInfo name="DOI" value="10.17487/RFC9325"/>
      </reference>
      <reference anchor="RFC9525" target="https://www.rfc-editor.org/info/rfc9525" quoteTitle="true" derivedAnchor="RFC9525">
        <front>
          <title>Service Identity in TLS</title>
          <author fullname="P. Saint-Andre" initials="P." surname="Saint-Andre"/>
          <author fullname="R. Salz" initials="R." surname="Salz"/>
          <date month="November" year="2023"/>
          <abstract>
            <t indent="0">Many application technologies enable secure communication between two entities by means of Transport Layer Security (TLS) with Internet Public Key Infrastructure using X.509 (PKIX) certificates. This document specifies procedures for representing and verifying the identity of application services in such interactions.</t>
            <t indent="0">This document obsoletes RFC 6125.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="9525"/>
        <seriesInfo name="DOI" value="10.17487/RFC9525"/>
      </reference>
      <reference anchor="RFC9846" target="https://www.rfc-editor.org/info/rfc9846" quoteTitle="true" derivedAnchor="RFC9846">
        <front>
          <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
          <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
          <date month="July" year="2026"/>
          <abstract>
            <t indent="0">This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
            <t indent="0">This document obsoletes RFC 8446, which specified TLS 1.3. This document obsoletes RFC 5246 (specifying TLS 1.2) and RFCs 5077, 6961, 7627, and 8422, all of which pertain to TLS 1.2 or earlier, and updates RFCs 5705 and 6066. This document also specifies new requirements for TLS 1.2 implementations.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="9846"/>
        <seriesInfo name="DOI" value="10.17487/RFC9846"/>
      </reference>
    </references>
    <section numbered="false" anchor="acknowledgments" removeInRFC="false" toc="include" pn="section-appendix.a">
      <name slugifiedName="name-acknowledgments">Acknowledgments</name>
      <t indent="0" pn="section-appendix.a-1">We would like to thank <contact fullname="Per Andersson"/>, <contact fullname="Jürgen Schönwälder"/>, <contact fullname="Jeff Hartley"/>, <contact fullname="Rob Wilton"/>, and <contact fullname="Qin Wu"/> for their reviews.</t>
    </section>
    <section anchor="authors-addresses" numbered="false" removeInRFC="false" toc="include" pn="section-appendix.b">
      <name slugifiedName="name-authors-addresses">Authors' Addresses</name>
      <author initials="S." surname="Turner" fullname="Sean Turner">
        <organization showOnFrontPage="true">sn3rd</organization>
        <address>
          <email>sean@sn3rd.com</email>
        </address>
      </author>
      <author initials="R." surname="Housley" fullname="Russ Housley">
        <organization abbrev="Vigil Security" showOnFrontPage="true">Vigil Security, LLC</organization>
        <address>
          <postal>
            <street>516 Dranesville Road</street>
            <city>Herndon</city>
            <region>VA</region>
            <code>20170</code>
            <country>United States of America</country>
          </postal>
          <email>housley@vigilsec.com</email>
        </address>
      </author>
    </section>
  </back>
</rfc>
