[Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 24 November 2006 17:28 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GneqJ-0005AD-7B; Fri, 24 Nov 2006 12:28:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GneqI-0005A8-AZ for gen-art@ietf.org; Fri, 24 Nov 2006 12:28:02 -0500
Received: from osprey.verisign.com ([216.168.239.75]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GneqH-0005Lx-1n for gen-art@ietf.org; Fri, 24 Nov 2006 12:28:02 -0500
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id kAOHS67m024401; Fri, 24 Nov 2006 12:28:06 -0500
Received: from dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Nov 2006 12:27:58 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 24 Nov 2006 12:28:14 -0500
Message-ID: <046F43A8D79C794FA4733814869CDF070192B068@dul1wnexmb01.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
Thread-Index: AccP62SmMSmi6e0/T0CXStFBvDBwTAAAjjaA
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: Black_David@emc.com, gen-art@ietf.org
X-OriginalArrivalTime: 24 Nov 2006 17:27:58.0877 (UTC) FILETIME=[E2B8B4D0:01C70FED]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Cc: hardie@qualcomm.com
Subject: [Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
I need to confirm Ted's reaction before doing anything with this review. The last call period ended on 11 November and I've already updated the documents to reflect comments received as a result of the last call. -Scott- > -----Original Message----- > From: Black_David@emc.com [mailto:Black_David@emc.com] > Sent: Friday, November 24, 2006 12:10 PM > To: gen-art@ietf.org; Hollenbeck, Scott > Cc: Black_David@emc.com; hardie@qualcomm.com > Subject: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt > > I have been selected as the General Area Review Team (Gen-ART) > reviewer for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please wait for direction from your document shepherd > or AD before posting a new version of the draft. > > Document: draft-hollenbeck-epp-rfc3734bis-04.txt > Reviewer: David Black > Review Date: 24 November 2006 > IESG Telechat date: 30 November 2006 > > Summary: > This drafts is on the right track, but has open issues, > described in the review. > > Comments: > This is a small update to the existing RFC 3734. The one > open issue is the need to deal with the fact that TLS has > been updated since RFC 3734 was published; this is almost > a nit, but it does require attention. > > The TLS requirement is "must use", not just "must implement" > - that requirement is already present in RFC 3734, and is > justified by EPP having a weak "password in the clear" > mechanism as the only means of authentication. > > TLS has evolved since RFC 3734 was published. This 3734bis > draft references RFC 2246, which specifies TLS 1.0. TLS 1.1 > has now been specified by RFC 4346, and that RFC needs to be > referenced. In addition, the version usage requirements for > TLS 1.0 vs. TLS 1.1 need to be specified. > > I would say that one of TLS 1.0 or TLS 1.1 MUST be used, TLS > 1.1 SHOULD be used, and TLS 1.1 implementations MUST > correctly negotiate use of TLS 1.0 when that is necessary > (this negotiation is already specified in RFC 4346). The > result should be that implementations developed in accordance > with RFC 3734 are allowed to use TLS 1.0 for backwards > compatibility and that all servers MUST use TLS 1.0 when a > client does not support TLS 1.1, as indicated in the TLS > Client Hello message. > > While not absolutely necessary, it would help implementers > to also say that these TLS requirements prohibit use of SSL 2 > and SSL 3, and they specifically prohibit use of the SSL 2 > ciphersuites and the SSL 2 Client Hello message that are > specified in Appendix E of RFC 4346. This is worth calling > out because SSL 2 has significant security weaknesses by > comparison to SSL 3 and TLS - removing SSL 2 support entirely > is among the best ways to ensure that it is not used. > > Thanks, > --David > ---------------------------------------------------- > David L. Black, Senior Technologist > EMC Corporation, 176 South St., Hopkinton, MA 01748 > +1 (508) 293-7953 FAX: +1 (508) 293-7786 > black_david@emc.com Mobile: +1 (978) 394-7754 > ---------------------------------------------------- > > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] RE: Gen-ART review of draft-hollenbeck-… Black_David
- [Gen-art] Gen-ART review of draft-hollenbeck-epp-… Black_David
- [Gen-art] RE: Gen-ART review of draft-hollenbeck-… Hollenbeck, Scott
- [Gen-art] RE: Gen-ART review of draft-hollenbeck-… Black_David
- [Gen-art] RE: Gen-ART review of draft-hollenbeck-… Hollenbeck, Scott
- Re: [Gen-art] RE: Gen-ART review of draft-hollenb… Brian E Carpenter
- Re: [Gen-art] RE: Gen-ART review of draft-hollenb… Ted Hardie
- Re: [Gen-art] RE: Gen-ART review of draft-hollenb… Brian E Carpenter
- RE: [Gen-art] RE: Gen-ART review ofdraft-hollenbe… Black_David