| 102 |
Session Key Update timer clarification |
|
Accepted |
33 |
8.4 |
2 |
06 Feb 25 |
07 Feb 25 |
S. Pini |
| 100 |
Rekey may fail in case of overlapping message |
|
Approval (N/A) |
1 |
1 |
1 |
04 Feb 25 |
04 Feb 25 |
R. schimmel |
| 99 |
OCSP responses without NextUpdate |
|
Discussion (red) |
20 |
6.4.4.4.3 |
6.4.4.4.3 |
04 Feb 25 |
07 Feb 25 |
S. Pini |
| 98 |
Align terminology regarding trust anchor and root CA certificate |
|
Discussion (red) |
27 |
7.5.3 |
first |
31 Jan 25 |
22 May 25 |
S. Fries |
| 93 |
Clarification request: does the detection of a revoked X509 lead to TLS session retirement? |
|
Approval (Future Improvement) |
19 |
6.4.4.4.1 |
2 |
19 Dec 24 |
07 Feb 25 |
C. Gordon |
| 91 |
Some Table A.2 TLS events violate the 62351-14 mnemonic naming scheme |
|
Approval (Editoral) |
47 |
Table A.1 |
Table A.1 |
09 Dec 24 |
07 Feb 25 |
C. Gordon |
| 89 |
The case of a not-yet-valid CRL is not handled |
|
Approval (Future Improvement) |
20 |
6.4.4.4.2 |
1 |
04 Dec 24 |
07 Feb 25 |
C. Gordon |
| 88 |
Section 7.3 defines an event at the "alarm" level but Table A.1 defines the same as "warning" |
|
Drafting Implementation |
22 |
7.3 |
3-4 |
03 Dec 24 |
07 Feb 25 |
C. Gordon |
| 87 |
6.4.4.4.1 contains two alarm definitions but only one appears in Table A.1 |
|
Approval (Future Improvement) |
19 |
6.4.4.4.1 |
8 and 9 |
03 Dec 24 |
07 Feb 25 |
C. Gordon |
| 81 |
Triple Handshake (CVE-2014-1295) |
|
Accepted |
26 |
7.5.2 |
1 |
02 Dec 24 |
03 Jan 25 |
C. Cattaneo |
| 80 |
Verification based upon individual certificates - mandatory |
|
Approval (Future Improvement) |
18 |
6.4.4.3 |
1 |
25 Nov 24 |
07 Feb 25 |
S. Pini |
| 79 |
IANA values for TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
|
Drafting Implementation |
21 |
7.2 |
Table 1 |
14 Nov 24 |
08 Jan 25 |
C. Cattaneo |
| 65 |
IEC 62351-3 X509, CRL, OCSP requirements vs. IEC 62351-9 |
|
Approval (Future Improvement) |
18 |
6.4.4.1 |
1 |
04 Nov 24 |
07 Feb 25 |
C. Gordon |
| 63 |
Section 7.4.5 does not specify a maximum wait time for response to HelloRequest |
|
Discussion (red) |
26 |
7.4.5 |
7 |
22 Oct 24 |
08 Jan 25 |
C. Gordon |
| 62 |
Is the use of not-yet-valid certificates forbidden? |
|
Approval (Future Improvement) |
20 |
6.4.4.5 |
1 |
15 Oct 24 |
07 Feb 25 |
C. Gordon |
| 59 |
Failure in finding a matching cipher suite |
|
Approval (Future Improvement) |
15 |
6 |
0 |
12 Sep 24 |
08 Jan 25 |
C. Cattaneo |
| 58 |
Signalling of client supported CA certificates via Trusted CA (par. 7.5.3) |
|
Drafting Implementation |
27 |
7.5.3 |
2 |
10 Sep 24 |
08 Jan 25 |
C. Cattaneo |
| 57 |
Reference to RFC in section 7.5.4 "Signalling of supported signature algorithms" |
|
Approval (N/A) |
28 |
7.5.4 |
Last |
10 Sep 24 |
10 Sep 24 |
C. Cattaneo |
| 50 |
Add mandatory support for extended master secret extension (RFC 7627) to TLS 1.2 |
|
Approval (Future Improvement) |
1 |
1 |
1 |
05 Jul 24 |
07 Feb 25 |
C. Gordon |
| 49 |
"Session renegotiation shall be aligned with CRL update period" is ambiguous |
|
Approval (Future Improvement) |
25 |
7.4.5 |
4 |
01 Jul 24 |
07 Feb 25 |
C. Gordon |
| 48 |
TLS 1.2 requirement for active session resumption initiation lacks a rationale |
|
Approval (N/A) |
24 |
7.4.4 |
2 |
25 Jun 24 |
07 Feb 25 |
C. Gordon |
| 47 |
TLS 1.2 signature_algorithms support implicitly mandates the use of SHA-1 |
|
Approval (N/A) |
27 |
7.5.4 |
2 |
24 Jun 24 |
07 Feb 25 |
C. Gordon |
| 46 |
Most TLS 1.2 mandatory signature_algorithms combinations are deprecated by the BSI in 2025 |
|
Approval (N/A) |
27 |
7.5.4 |
2 |
24 Jun 24 |
08 Jan 25 |
C. Gordon |
| 45 |
TLS 1.2 mandates support for an ECC cipher suite, but does not mandate support for the corresponding |
|
Approval (Future Improvement) |
21 |
7.2 |
Table 1 |
22 Jun 24 |
07 Feb 25 |
C. Gordon |
| 44 |
TLS 1.2 Server status_request ambiguity |
|
Approval (Future Improvement) |
28 |
7.5.5.2 |
4-5 |
21 Jun 24 |
08 Jan 25 |
C. Gordon |
| 43 |
(Clarification) Do implementing entities need to simultaneously support RSA and ECDSA certificates? |
|
Approval (Editoral) |
21 |
7.2 |
Table 1 |
21 Jun 24 |
27 Jun 24 |
C. Gordon |
| 42 |
There are two "62351-3:2.8" events in Table A.2 |
|
Approval (Editoral) |
47 |
A.2 |
1, (Table A.1) |
16 May 24 |
26 Aug 24 |
C. Cattaneo |
| 41 |
Correct RFC reference for "supported signature algorithms" |
|
Approval (Editoral) |
28 |
7.5.4 |
1 |
16 May 24 |
26 Aug 24 |
C. Cattaneo |
| 40 |
There are two "62351-3:2.8" events in Table A.2 |
|
Approval (Editoral) |
48 |
A.3 |
1 (Table A.2) |
15 May 24 |
26 Aug 24 |
C. Gordon |
| 39 |
Is Event ID 62351-3:1.10 supposed to be a "notice" or "warning"? |
|
Approval (Editoral) |
24 and 47 |
7.4.4, A.2 (Table A.1) |
3, 1 |
15 May 24 |
26 Aug 24 |
C. Gordon |
| 31 |
Explicitly state TLS extension name |
|
Approval (Editoral) |
29 |
7.5.5.3 |
4 |
17 Jul 23 |
19 Oct 23 |
S. Fries |
| 30 |
Correct TLS extension name |
|
Approval (Editoral) |
28 |
7.5.5.2 |
4 |
17 Jul 23 |
19 Oct 23 |
S. Fries |
| 29 |
TLS cipher suite support |
|
Approval (Future Improvement) |
21 |
7.2 |
Table 1 |
17 Jul 23 |
19 Oct 23 |
S. Fries |
| 28 |
Support of minimum path len in certificate hierarchy |
|
Approval (Future Improvement) |
18 |
6.4.4 |
new subsection |
17 Jul 23 |
19 Oct 23 |
S. Fries |
| 27 |
Problem in session resumption report |
|
Approval (Future Improvement) |
35 |
8.6 |
1 |
17 Jul 23 |
19 Oct 23 |
M. Lacroix |
| 26 |
Add security event non-encrypting cipher suites is used |
|
Approval (Future Improvement) |
16 |
6.3 |
1 |
17 Jul 23 |
19 Oct 23 |
M. Lacroix |