IETF Logo Mail Archive

[Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt

Black_David@emc.com Fri, 24 November 2006 17:55 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GnfGY-0000fr-Qk; Fri, 24 Nov 2006 12:55:10 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GnfGX-0000fk-Jq for gen-art@ietf.org; Fri, 24 Nov 2006 12:55:09 -0500
Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GnfGU-0002Yj-81 for gen-art@ietf.org; Fri, 24 Nov 2006 12:55:09 -0500
Received: from mailhub.lss.emc.com (nagas.lss.emc.com [10.254.144.11]) by mexforward.lss.emc.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id kAOHt5kQ024985; Fri, 24 Nov 2006 12:55:05 -0500 (EST)
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kAOHsdHc019539; Fri, 24 Nov 2006 12:55:04 -0500 (EST)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Nov 2006 12:55:03 -0500
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 24 Nov 2006 12:55:03 -0500
Message-ID: <F222151D3323874393F83102D614E055068B88CF@CORPUSMX20A.corp.emc.com>
In-Reply-To: <046F43A8D79C794FA4733814869CDF070192B068@dul1wnexmb01.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
Thread-Index: AccP62SmMSmi6e0/T0CXStFBvDBwTAAAjjaAAABky3A=
To: shollenbeck@verisign.com, gen-art@ietf.org
X-OriginalArrivalTime: 24 Nov 2006 17:55:03.0703 (UTC) FILETIME=[AB317A70:01C70FF1]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.11.24.91432
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 67c1ea29f88502ef6a32ccec927970f0
Cc: hardie@qualcomm.com, Black_David@emc.com
Subject: [Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org

Scott,

> I need to confirm Ted's reaction before doing anything with
> this review.

That's a fine response, as the review says:

> > Please wait for direction from your document shepherd
> > or AD before posting a new version of the draft.

With regards to timing:

> The last call period ended on 11 November and I've already
> updated the documents to reflect comments received as a result
> of the last call.

This is not a GenART IETF Last Call review.  Usually, GenART
tries to provide an IETF Last Call review, but that doesn't
appear to have happened for this draft.  The GenART reviewers
are human, and "stuff" happens ;-).

This GenART review is intended as input to the position that the
General Area Director will take on the IESG ballot for approval
of the draft, and FWIW, the General AD doesn't always agree 100%
with his reviewers ;-).  If knowing what that ballot position
will be matters, Ted should follow up directly with Brian to
understand Brian's view of these comments.

FWIW, I would hope that one of the Security ADs would point out
the existence of TLS 1.1, in addition to this input to the
General AD.  My understanding is that the primary purpose of
TLS 1.1 was to prevent some attacks on the CBC usage in TLS
1.0, and hence there's a preference for implementations to
move to TLS 1.1 as quickly as reasonably possible.

Thanks,
--David

> -----Original Message-----
> From: Hollenbeck, Scott [mailto:shollenbeck@verisign.com] 
> Sent: Friday, November 24, 2006 12:28 PM
> To: Black, David; gen-art@ietf.org
> Cc: hardie@qualcomm.com
> Subject: RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
> 
> I need to confirm Ted's reaction before doing anything with this
review.
> The last call period ended on 11 November and I've already updated the
> documents to reflect comments received as a result of the last call.
> 
> -Scott- 
> 
> > -----Original Message-----
> > From: Black_David@emc.com [mailto:Black_David@emc.com] 
> > Sent: Friday, November 24, 2006 12:10 PM
> > To: gen-art@ietf.org; Hollenbeck, Scott
> > Cc: Black_David@emc.com; hardie@qualcomm.com
> > Subject: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
> > 
> > I have been selected as the General Area Review Team (Gen-ART)
> > reviewer for this draft (for background on Gen-ART, please see
> > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
> > 
> > Please wait for direction from your document shepherd
> > or AD before posting a new version of the draft.
> > 
> > Document: draft-hollenbeck-epp-rfc3734bis-04.txt
> > Reviewer: David Black
> > Review Date: 24 November 2006
> > IESG Telechat date: 30 November 2006
> > 
> > Summary:
> > This drafts is on the right track, but has open issues,
> > described in the review.
> > 
> > Comments:
> > This is a small update to the existing RFC 3734.  The one
> > open issue is the need to deal with the fact that TLS has
> > been updated since RFC 3734 was published; this is almost
> > a nit, but it does require attention.
> > 
> > The TLS requirement is "must use", not just "must implement"
> > - that requirement is already present in RFC 3734, and is
> > justified by EPP having a weak "password in the clear"
> > mechanism as the only means of authentication.
> > 
> > TLS has evolved since RFC 3734 was published.  This 3734bis
> > draft references RFC 2246, which specifies TLS 1.0.  TLS 1.1
> > has now been specified by RFC 4346, and that RFC needs to be
> > referenced. In addition, the version usage requirements for
> > TLS 1.0 vs. TLS 1.1 need to be specified.
> > 
> > I would say that one of TLS 1.0 or TLS 1.1 MUST be used, TLS
> > 1.1 SHOULD be used, and TLS 1.1 implementations MUST
> > correctly negotiate use of TLS 1.0 when that is necessary
> > (this negotiation is already specified in RFC 4346).  The
> > result should be that implementations developed in accordance
> > with RFC 3734 are allowed to use TLS 1.0 for backwards
> > compatibility and that all servers MUST use TLS 1.0 when a
> > client does not support TLS 1.1, as indicated in the TLS
> > Client Hello message.
> > 
> > While not absolutely necessary, it would help implementers
> > to also say that these TLS requirements prohibit use of SSL 2
> > and SSL 3, and they specifically prohibit use of the SSL 2
> > ciphersuites and the SSL 2 Client Hello message that are
> > specified in Appendix E of RFC 4346.  This is worth calling
> > out because SSL 2 has significant security weaknesses by
> > comparison to SSL 3 and TLS - removing SSL 2 support entirely
> > is among the best ways to ensure that it is not used.
> > 
> > Thanks,
> > --David
> > ----------------------------------------------------
> > David L. Black, Senior Technologist
> > EMC Corporation, 176 South St., Hopkinton, MA  01748
> > +1 (508) 293-7953             FAX: +1 (508) 293-7786
> > black_david@emc.com        Mobile: +1 (978) 394-7754
> > ----------------------------------------------------

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email