Last Call: <draft-ietf-uta-tls-bcp-08.txt> (Recommendations for Secure Use of TLS and DTLS) to Best Current Practice
The IESG <iesg-secretary@ietf.org> Tue, 27 January 2015 19:46 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A79171A89AB; Tue, 27 Jan 2015 11:46:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLFBH7rurm5n; Tue, 27 Jan 2015 11:46:11 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A219C1A89AD; Tue, 27 Jan 2015 11:45:36 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-uta-tls-bcp-08.txt> (Recommendations for Secure Use of TLS and DTLS) to Best Current Practice
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.1.p1
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20150127194536.25109.77246.idtracker@ietfa.amsl.com>
Date: Tue, 27 Jan 2015 11:45:36 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/lKZv7lgWOchUbj4wkDL7l-XQGiM>
Cc: uta@ietf.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jan 2015 19:46:20 -0000
The IESG has received a request from the Using TLS in Applications WG (uta) to consider the following document: - 'Recommendations for Secure Use of TLS and DTLS' <draft-ietf-uta-tls-bcp-08.txt> as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-02-10. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are widely used to protect data exchanged over application protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP. Over the last few years, several serious attacks on TLS have emerged, including attacks on its most commonly used cipher suites and modes of operation. This document provides recommendations for improving the security of deployed services that use TLS and DTLS. The recommendations are applicable to the majority of use cases. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ballot/ No IPR declarations have been submitted directly on this I-D.