Internet Engineering Task Force (IETF)                     A. Popov, Ed.
Request for Comments: 8472                                   M. Nystroem
Category: Standards Track                                Microsoft Corp.
ISSN: 2070-1721                                               D. Balfanz
                                                             Google Inc.
                                                            October 2018
        
Internet Engineering Task Force (IETF)                     A. Popov, Ed.
Request for Comments: 8472                                   M. Nystroem
Category: Standards Track                                Microsoft Corp.
ISSN: 2070-1721                                               D. Balfanz
                                                             Google Inc.
                                                            October 2018
        

Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation

用于令牌绑定协议协商的传输层安全性(TLS)扩展

Abstract

摘要

This document specifies a Transport Layer Security (TLS) extension for the negotiation of Token Binding protocol version and key parameters. Negotiation of Token Binding in TLS 1.3 and later versions is beyond the scope of this document.

本文档指定了用于协商令牌绑定协议版本和关键参数的传输层安全性(TLS)扩展。TLS 1.3及更高版本中令牌绑定的协商超出了本文档的范围。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8472.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8472.

Copyright Notice

版权公告

Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
   2.  Token Binding Negotiation ClientHello Extension . . . . . . .   2
   3.  Token Binding Negotiation ServerHello Extension . . . . . . .   3
   4.  Negotiating Token Binding Protocol Version and Key Parameters   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
     6.1.  Downgrade Attacks . . . . . . . . . . . . . . . . . . . .   6
     6.2.  Triple Handshake Vulnerability in TLS 1.2 and Older TLS
           Versions  . . . . . . . . . . . . . . . . . . . . . . . .   6
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
   2.  Token Binding Negotiation ClientHello Extension . . . . . . .   2
   3.  Token Binding Negotiation ServerHello Extension . . . . . . .   3
   4.  Negotiating Token Binding Protocol Version and Key Parameters   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
     6.1.  Downgrade Attacks . . . . . . . . . . . . . . . . . . . .   6
     6.2.  Triple Handshake Vulnerability in TLS 1.2 and Older TLS
           Versions  . . . . . . . . . . . . . . . . . . . . . . . .   6
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
1. Introduction
1. 介绍

In order to use the Token Binding protocol [RFC8471], the client and server need to agree on the Token Binding protocol version and the parameters (signature algorithm and length) of the Token Binding key. This document specifies a new TLS [RFC5246] extension to accomplish this negotiation without introducing additional network round trips in TLS 1.2 and earlier versions. [TOKENBIND-TLS13] addresses Token Binding in TLS 1.3. The negotiation of the Token Binding protocol and key parameters in combination with TLS 1.3 and later versions is beyond the scope of this document. (Note: This document deals with TLS 1.2 and therefore refers to RFC 5246 (which has been obsoleted by RFC 8446). [TOKENBIND-TLS13] addresses Token Binding in TLS 1.3).

为了使用令牌绑定协议[RFC8471],客户机和服务器需要就令牌绑定协议版本和令牌绑定密钥的参数(签名算法和长度)达成一致。本文件规定了一个新的TLS[RFC5246]扩展,以完成此协商,而无需在TLS 1.2和早期版本中引入额外的网络往返。[TOKENBIND-TLS13]解决TLS 1.3中的令牌绑定问题。令牌绑定协议和关键参数与TLS 1.3及更高版本的协商超出了本文档的范围。(注:本文件涉及TLS 1.2,因此参考RFC 5246(已被RFC 8446淘汰)。[TOKENBIND-TLS13]说明TLS 1.3中的令牌绑定)。

1.1. Requirements Language
1.1. 需求语言

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。

2. Token Binding Negotiation ClientHello Extension
2. 令牌绑定协商ClientHello扩展

The client uses the "token_binding" TLS extension to indicate the highest supported Token Binding protocol version and key parameters.

客户端使用“token_binding”TLS扩展来指示支持的最高令牌绑定协议版本和密钥参数。

   enum {
       token_binding(24), (65535)
   } ExtensionType;
        
   enum {
       token_binding(24), (65535)
   } ExtensionType;
        

The "extension_data" field of this extension contains a "TokenBindingParameters" value.

此扩展的“extension_data”字段包含一个“TokenBindingParameters”值。

   struct {
       uint8 major;
       uint8 minor;
   } TB_ProtocolVersion;
        
   struct {
       uint8 major;
       uint8 minor;
   } TB_ProtocolVersion;
        
   enum {
       rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255)
   } TokenBindingKeyParameters;
        
   enum {
       rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255)
   } TokenBindingKeyParameters;
        
   struct {
       TB_ProtocolVersion token_binding_version;
       TokenBindingKeyParameters key_parameters_list<1..2^8-1>
   } TokenBindingParameters;
        
   struct {
       TB_ProtocolVersion token_binding_version;
       TokenBindingKeyParameters key_parameters_list<1..2^8-1>
   } TokenBindingParameters;
        

"token_binding_version" indicates the version of the Token Binding protocol the client wishes to use during this connection. If the client supports multiple Token Binding protocol versions, it SHOULD indicate the latest supported version (the one with the highest TB_ProtocolVersion.major and TB_ProtocolVersion.minor) in TokenBindingParameters.token_binding_version. For example, if the client supports versions {1, 0} and {0, 13} of the Token Binding protocol, it SHOULD indicate version {1, 0}. Please note that the server MAY select any lower protocol version; see Section 3 ("Token Binding Negotiation ServerHello Extension") for more details. If the client does not support the Token Binding protocol version selected by the server, then the connection proceeds without Token Binding. [RFC8471] describes version {1, 0} of the protocol.

“令牌绑定版本”表示客户端希望在此连接期间使用的令牌绑定协议的版本。如果客户端支持多个令牌绑定协议版本,则应在TokenBindingParameters.Token\u Binding\u版本中指明最新支持的版本(具有最高TB\u ProtocolVersion.major和TB\u ProtocolVersion.minor的版本)。例如,如果客户机支持令牌绑定协议的版本{1,0}和{0,13},它应该指示版本{1,0}。请注意,服务器可以选择任何较低的协议版本;有关更多详细信息,请参阅第3节(“令牌绑定协商服务器扩展”)。如果客户端不支持服务器选择的令牌绑定协议版本,则连接将不进行令牌绑定。[RFC8471]描述了协议的版本{1,0}。

Please note that the representation of the Token Binding protocol version using two octets ("major" and "minor") is for human convenience only and carries no protocol significance.

请注意,使用两个八位字节(“主要”和“次要”)表示令牌绑定协议版本仅为方便起见,不具有协议意义。

"key_parameters_list" contains the list of identifiers of the Token Binding key parameters supported by the client, in descending order of preference. [RFC8471] establishes an IANA registry for Token Binding key parameters identifiers.

“密钥参数列表”包含客户端支持的令牌绑定密钥参数的标识符列表,按首选项降序排列。[RFC8471]为令牌绑定键参数标识符建立IANA注册表。

3. Token Binding Negotiation ServerHello Extension
3. 令牌绑定协商服务器hello扩展

The server uses the "token_binding" TLS extension to indicate support for the Token Binding protocol and to select the protocol version and key parameters.

服务器使用“令牌绑定”TLS扩展指示对令牌绑定协议的支持,并选择协议版本和关键参数。

The server that supports Token Binding and receives a ClientHello message containing the "token_binding" extension will include the "token_binding" extension in the ServerHello if all of the following conditions are satisfied:

如果满足以下所有条件,则支持令牌绑定并接收包含“令牌绑定”扩展名的ClientHello消息的服务器将在ServerHello中包含“令牌绑定”扩展名:

1. The server supports the Token Binding protocol version offered by the client, or a lower version.

1. 服务器支持客户端提供的令牌绑定协议版本或更低版本。

2. The server finds acceptable Token Binding key parameters in the client's list.

2. 服务器在客户端列表中找到可接受的令牌绑定密钥参数。

3. The server is also negotiating the extended master secret [RFC7627] and renegotiation indication [RFC5746] TLS extensions. This requirement applies when TLS 1.2 or an older TLS version is used (see Section 6 ("Security Considerations") for more details).

3. 服务器还正在协商扩展主密钥[RFC7627]和重新协商指示[RFC5746]TLS扩展。当使用TLS 1.2或较旧的TLS版本时,此要求适用(有关更多详细信息,请参阅第6节(“安全注意事项”)。

The server will ignore any key parameters that it does not recognize. The "extension_data" field of the "token_binding" extension is structured the same as described above for the client "extension_data".

服务器将忽略它无法识别的任何关键参数。“token_binding”扩展的“extension_data”字段的结构与上面针对客户端“extension_data”所述的结构相同。

"token_binding_version" contains the lower of:

“令牌绑定版本”包含以下较低版本:

o the Token Binding protocol version offered by the client in the "token_binding" extension, and

o 客户端在“令牌绑定”扩展中提供的令牌绑定协议版本,以及

o the highest Token Binding protocol version supported by the server.

o 服务器支持的最高令牌绑定协议版本。

"key_parameters_list" contains exactly one Token Binding key parameters identifier selected by the server from the client's list.

“密钥参数列表”仅包含一个令牌绑定密钥参数标识符,该标识符由服务器从客户端列表中选择。

4. Negotiating Token Binding Protocol Version and Key Parameters
4. 协商令牌绑定协议版本和关键参数

It is expected that a server will have a list of Token Binding key parameters identifiers that it supports, in preference order. The server MUST only select an identifier that the client offered. The server SHOULD select the most highly preferred key parameters identifier it supports, which is also advertised by the client. In the event that the server supports none of the key parameters that the client advertises, then the server MUST NOT include the "token_binding" extension in the ServerHello.

预计服务器将按优先顺序拥有其支持的令牌绑定密钥参数标识符列表。服务器必须只选择客户端提供的标识符。服务器应选择其支持的最优先密钥参数标识符,该标识符也由客户端公布。如果服务器不支持客户端播发的任何关键参数,则服务器不得在ServerHello中包含“令牌绑定”扩展。

The client receiving the "token_binding" extension MUST terminate the handshake with a fatal "unsupported_extension" alert if any of the following conditions are true:

如果以下任一条件为真,则接收“令牌\u绑定”扩展的客户端必须使用致命的“不支持的\u扩展”警报终止握手:

1. The client did not include the "token_binding" extension in the ClientHello.

1. 客户端未在ClientHello中包含“token_binding”扩展。

2. "token_binding_version" is higher than the Token Binding protocol version advertised by the client.

2. “令牌绑定版本”高于客户端公布的令牌绑定协议版本。

3. "key_parameters_list" includes more than one Token Binding key parameters identifier.

3. “密钥参数列表”包括多个令牌绑定密钥参数标识符。

4. "key_parameters_list" includes an identifier that was not advertised by the client.

4. “密钥参数列表”包括客户端未公布的标识符。

5. TLS 1.2 or an older TLS version is used, but the extended master secret [RFC7627] and TLS renegotiation indication [RFC5746] extensions are not negotiated (see Section 6 ("Security Considerations") for more details).

5. 使用TLS 1.2或更旧的TLS版本,但未协商扩展主密钥[RFC7627]和TLS重新协商指示[RFC5746]扩展(有关更多详细信息,请参阅第6节(“安全注意事项”)。

If the "token_binding" extension is included in the ServerHello and the client supports the Token Binding protocol version selected by the server, it means that the version and key parameters have been negotiated between the client and the server and SHALL be definitive for the TLS connection. TLS 1.2 and earlier versions support renegotiation, which allows the client and server to renegotiate the Token Binding protocol version and key parameters on the same connection. The client MUST use the negotiated key parameters in the "provided_token_binding" as described in [RFC8471].

如果ServerHello中包含“token_binding”扩展,并且客户端支持服务器选择的token binding协议版本,则表示该版本和关键参数已在客户端和服务器之间协商,并且对于TLS连接是确定的。TLS 1.2和早期版本支持重新协商,这允许客户端和服务器在同一连接上重新协商令牌绑定协议版本和关键参数。客户端必须使用[RFC8471]中所述的“提供的\u令牌\u绑定”中协商的密钥参数。

If the client does not support the Token Binding protocol version selected by the server, then the connection proceeds without Token Binding. There is no requirement for the client to support any Token Binding versions other than the one advertised in the client's "token_binding" extension.

如果客户端不支持服务器选择的令牌绑定协议版本,则连接将不进行令牌绑定。客户机不需要支持任何令牌绑定版本,但在客户机的“令牌绑定”扩展中公布的版本除外。

Client and server applications can choose to handle failure to negotiate Token Binding in a variety of ways: continue using the connection as usual, shorten the lifetime of tokens issued during this connection, require stronger authentication, terminate the connection, etc.

客户机和服务器应用程序可以选择多种方式来处理协商令牌绑定的失败:像往常一样继续使用连接,缩短在此连接期间颁发的令牌的生命周期,要求更强的身份验证,终止连接,等等。

The Token Binding protocol version and key parameters are negotiated for each TLS connection, which means that the client and server include their "token_binding" extensions in both the full TLS handshake that establishes a new TLS session and the subsequent abbreviated TLS handshakes that resume the TLS session.

为每个TLS连接协商令牌绑定协议版本和密钥参数,这意味着客户端和服务器在建立新TLS会话的完整TLS握手和恢复TLS会话的后续简化TLS握手中都包括其“令牌绑定”扩展。

5. IANA Considerations
5. IANA考虑

This document updates the "TLS ExtensionType Values" registry. The registration for the "token_binding" TLS extension is as follows:

本文档更新“TLS ExtensionType值”注册表。“令牌绑定”TLS扩展的注册如下:

Value: 24

数值:24

Extension name: token_binding

扩展名:令牌绑定

Recommended: Yes

推荐:是

Reference: This document

参考:本文件

This document uses the "Token Binding Key Parameters" registry created by [RFC8471]. This document creates no new registrations in the registry.

本文档使用[RFC8471]创建的“令牌绑定密钥参数”注册表。此文档不会在注册表中创建新注册。

6. Security Considerations
6. 安全考虑
6.1. Downgrade Attacks
6.1. 降级攻击

The Token Binding protocol version and key parameters are negotiated via the "token_binding" extension within the TLS handshake. TLS detects handshake message modification by active attackers; therefore, it is not possible for an attacker to remove or modify the "token_binding" extension without breaking the TLS handshake. The signature algorithm and key length used in the Token Binding of type "provided_token_binding" MUST match the parameters negotiated via the "token_binding" extension.

令牌绑定协议版本和关键参数通过TLS握手中的“令牌绑定”扩展进行协商。TLS检测主动攻击者修改握手消息;因此,攻击者不可能在不破坏TLS握手的情况下删除或修改“令牌绑定”扩展。“提供的令牌绑定”类型的令牌绑定中使用的签名算法和密钥长度必须与通过“令牌绑定”扩展协商的参数匹配。

6.2. Triple Handshake Vulnerability in TLS 1.2 and Older TLS Versions
6.2. TLS 1.2及更早版本TLS中的三重握手漏洞

The Token Binding protocol relies on the TLS exporters [RFC5705] to associate a TLS connection with a Token Binding. The triple handshake attack [TRIPLE-HS] is a known vulnerability in TLS 1.2 and older TLS versions; it allows an attacker to synchronize keying material between TLS connections. The attacker can then successfully replay bound tokens. For this reason, the Token Binding protocol MUST NOT be negotiated with these TLS versions, unless the extended master secret [RFC7627] and renegotiation indication [RFC5746] TLS extensions have also been negotiated.

令牌绑定协议依赖TLS导出器[RFC5705]将TLS连接与令牌绑定相关联。三重握手攻击[triple-HS]是TLS 1.2和旧TLS版本中的已知漏洞;它允许攻击者在TLS连接之间同步密钥材料。然后,攻击者可以成功重放绑定令牌。因此,令牌绑定协议不得与这些TLS版本协商,除非扩展主密钥[RFC7627]和重新协商指示[RFC5746]TLS扩展也已协商。

7. References
7. 工具书类
7.1. Normative References
7.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.

[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <https://www.rfc-editor.org/info/rfc5246>.

[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,DOI 10.17487/RFC5246,2008年8月<https://www.rfc-editor.org/info/rfc5246>.

[RFC5705] Rescorla, E., "Keying Material Exporters for Transport Layer Security (TLS)", RFC 5705, DOI 10.17487/RFC5705, March 2010, <https://www.rfc-editor.org/info/rfc5705>.

[RFC5705]Rescorla,E.“传输层安全(TLS)关键材料导出器”,RFC 5705,DOI 10.17487/RFC5705,2010年3月<https://www.rfc-editor.org/info/rfc5705>.

[RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov, "Transport Layer Security (TLS) Renegotiation Indication Extension", RFC 5746, DOI 10.17487/RFC5746, February 2010, <https://www.rfc-editor.org/info/rfc5746>.

[RFC5746]Rescorla,E.,Ray,M.,Dispensa,S.,和N.Oskov,“传输层安全(TLS)重新协商指示扩展”,RFC 5746,DOI 10.17487/RFC5746,2010年2月<https://www.rfc-editor.org/info/rfc5746>.

[RFC7627] Bhargavan, K., Ed., Delignat-Lavaud, A., Pironti, A., Langley, A., and M. Ray, "Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension", RFC 7627, DOI 10.17487/RFC7627, September 2015, <https://www.rfc-editor.org/info/rfc7627>.

[RFC7627]Bhargavan,K.,Ed.,Delignat Lavaud,A.,Pironti,A.,Langley,A.,和M.Ray,“传输层安全(TLS)会话哈希和扩展主秘密扩展”,RFC 7627,DOI 10.17487/RFC7627,2015年9月<https://www.rfc-editor.org/info/rfc7627>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.

[RFC8471] Popov, A., Ed., Nystroem, M., Balfanz, D., and J. Hodges, "The Token Binding Protocol Version 1.0", RFC 8471, DOI 10.17487/RFC8471, October 2018, <https://www.rfc-editor.org/info/rfc8471>.

[RFC8471]Popov,A.,Ed.,Nystroem,M.,Balfanz,D.,和J.Hodges,“令牌绑定协议版本1.0”,RFC 8471,DOI 10.17487/RFC8471,2018年10月<https://www.rfc-editor.org/info/rfc8471>.

7.2. Informative References
7.2. 资料性引用

[TOKENBIND-TLS13] Harper, N., "Token Binding for Transport Layer Security (TLS) Version 1.3 Connections", Work in Progress, draft-ietf-tokbind-tls13-01, May 2018.

[TOKENBIND-TLS13]哈珀,N.,“传输层安全(TLS)连接的令牌绑定版本1.3”,正在进行中,草稿-ietf-tokbind-TLS13-01,2018年5月。

[TRIPLE-HS] Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., and P. Strub, "Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS", IEEE Symposium on Security and Privacy, DOI 10.1109/SP.2014.14, May 2014.

[TRIPLE-HS]Bhargavan,K.,Delignat Lavaud,A.,Fournet,C.,Pironti,A.,和P.Strub,“三重握手和切饼干器:通过TLS破坏和修复认证”,IEEE安全和隐私研讨会,DOI 10.1109/SP.2014.14,2014年5月。

Acknowledgements

致谢

This document incorporates comments and suggestions offered by Eric Rescorla, Gabriel Montenegro, Martin Thomson, Vinod Anupam, Anthony Nadalin, Michael B. Jones, Bill Cox, Nick Harper, Brian Campbell, Benjamin Kaduk, Alexey Melnikov, and others.

本文件包含Eric Rescorla、Gabriel Montegon、Martin Thomson、Vinod Anupam、Anthony Nadalin、Michael B.Jones、Bill Cox、Nick Harper、Brian Campbell、Benjamin Kaduk、Alexey Melnikov和其他人提出的意见和建议。

This document was produced under the chairmanship of John Bradley and Leif Johansson. The area directors included Eric Rescorla, Kathleen Moriarty, and Stephen Farrell.

本文件由约翰·布拉德利和莱夫·约翰逊主持编写。区域主管包括Eric Rescorla、Kathleen Moriarty和Stephen Farrell。

Authors' Addresses

作者地址

Andrei Popov (editor) Microsoft Corp. United States of America

Andrei Popov(编辑)美利坚合众国微软公司

   Email: andreipo@microsoft.com
        
   Email: andreipo@microsoft.com
        

Magnus Nystroem Microsoft Corp. United States of America

Magnus Nystroem微软公司美利坚合众国

   Email: mnystrom@microsoft.com
        
   Email: mnystrom@microsoft.com
        

Dirk Balfanz Google Inc. United States of America

Dirk Balfanz谷歌公司美利坚合众国

   Email: balfanz@google.com
        
   Email: balfanz@google.com