Encrypt-then-MAC for Transport Layer Security and Datagram Transport Layer Security
RFC 7366, “Encrypt-then-MAC for Transport Layer Security and Datagram Transport Layer Security”, is a Proposed Standard document published in September 2014 by P. Gutmann. The canonical text is published by the RFC Editor.
Abstract
This document describes a means of negotiating the use of the encrypt-then-MAC security mechanism in place of the existing MAC-then-encrypt mechanism in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The MAC-then-encrypt mechanism has been the subject of a number of security vulnerabilities over a period of many years.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7366 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7365 Framework for Data Center Network Virtualization
- RFC 7367 Definition of Managed Objects for the Mobile Ad Hoc Network Simplified Multicast Framework Relay Set Process
- RFC 7364 Problem Statement: Overlays for Network Virtualization
- RFC 7368 IPv6 Home Networking Architecture Principles
- RFC 7363 Self-Tuning Distributed Hash Table for REsource LOcation And Discovery
- RFC 7369 GMPLS RSVP-TE Extensions for Ethernet Operations, Administration, and Maintenance Configuration
- RFC 7362 Latching: Hosted NAT Traversal for Media in Real-Time Communication
- RFC 7370 Updates to the IS-IS TLV Codepoints Registry