IETF Logo Mail Archive

[Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 24 November 2006 17:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GneqJ-0005AD-7B; Fri, 24 Nov 2006 12:28:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GneqI-0005A8-AZ for gen-art@ietf.org; Fri, 24 Nov 2006 12:28:02 -0500
Received: from osprey.verisign.com ([216.168.239.75]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GneqH-0005Lx-1n for gen-art@ietf.org; Fri, 24 Nov 2006 12:28:02 -0500
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id kAOHS67m024401; Fri, 24 Nov 2006 12:28:06 -0500
Received: from dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 24 Nov 2006 12:27:58 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 24 Nov 2006 12:28:14 -0500
Message-ID: <046F43A8D79C794FA4733814869CDF070192B068@dul1wnexmb01.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
Thread-Index: AccP62SmMSmi6e0/T0CXStFBvDBwTAAAjjaA
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: Black_David@emc.com, gen-art@ietf.org
X-OriginalArrivalTime: 24 Nov 2006 17:27:58.0877 (UTC) FILETIME=[E2B8B4D0:01C70FED]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Cc: hardie@qualcomm.com
Subject: [Gen-art] RE: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org

I need to confirm Ted's reaction before doing anything with this review.
The last call period ended on 11 November and I've already updated the
documents to reflect comments received as a result of the last call.

-Scott- 

> -----Original Message-----
> From: Black_David@emc.com [mailto:Black_David@emc.com] 
> Sent: Friday, November 24, 2006 12:10 PM
> To: gen-art@ietf.org; Hollenbeck, Scott
> Cc: Black_David@emc.com; hardie@qualcomm.com
> Subject: Gen-ART review of draft-hollenbeck-epp-rfc3734bis-04.txt
> 
> I have been selected as the General Area Review Team (Gen-ART)
> reviewer for this draft (for background on Gen-ART, please see
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
> 
> Please wait for direction from your document shepherd
> or AD before posting a new version of the draft.
> 
> Document: draft-hollenbeck-epp-rfc3734bis-04.txt
> Reviewer: David Black
> Review Date: 24 November 2006
> IESG Telechat date: 30 November 2006
> 
> Summary:
> This drafts is on the right track, but has open issues,
> described in the review.
> 
> Comments:
> This is a small update to the existing RFC 3734.  The one
> open issue is the need to deal with the fact that TLS has
> been updated since RFC 3734 was published; this is almost
> a nit, but it does require attention.
> 
> The TLS requirement is "must use", not just "must implement"
> - that requirement is already present in RFC 3734, and is
> justified by EPP having a weak "password in the clear"
> mechanism as the only means of authentication.
> 
> TLS has evolved since RFC 3734 was published.  This 3734bis
> draft references RFC 2246, which specifies TLS 1.0.  TLS 1.1
> has now been specified by RFC 4346, and that RFC needs to be
> referenced. In addition, the version usage requirements for
> TLS 1.0 vs. TLS 1.1 need to be specified.
> 
> I would say that one of TLS 1.0 or TLS 1.1 MUST be used, TLS
> 1.1 SHOULD be used, and TLS 1.1 implementations MUST
> correctly negotiate use of TLS 1.0 when that is necessary
> (this negotiation is already specified in RFC 4346).  The
> result should be that implementations developed in accordance
> with RFC 3734 are allowed to use TLS 1.0 for backwards
> compatibility and that all servers MUST use TLS 1.0 when a
> client does not support TLS 1.1, as indicated in the TLS
> Client Hello message.
> 
> While not absolutely necessary, it would help implementers
> to also say that these TLS requirements prohibit use of SSL 2
> and SSL 3, and they specifically prohibit use of the SSL 2
> ciphersuites and the SSL 2 Client Hello message that are
> specified in Appendix E of RFC 4346.  This is worth calling
> out because SSL 2 has significant security weaknesses by
> comparison to SSL 3 and TLS - removing SSL 2 support entirely
> is among the best ways to ensure that it is not used.
> 
> Thanks,
> --David
> ----------------------------------------------------
> David L. Black, Senior Technologist
> EMC Corporation, 176 South St., Hopkinton, MA  01748
> +1 (508) 293-7953             FAX: +1 (508) 293-7786
> black_david@emc.com        Mobile: +1 (978) 394-7754
> ----------------------------------------------------
> 
> 

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email