Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard

[Bodo Moeller <bmoeller@acm.org>]

>
>
> The IESG has received a request from the Transport Layer Security WG
> (tls) to consider the following document:
> - 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing
>    Protocol Downgrade Attacks'
>   <draft-ietf-tls-downgrade-scsv-03.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2015-01-23. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>

I have now posted draft-ietf-tls-downgrade-scsv-04, which has editorial
changes only, all in response to the various Last Call reviews:

- Abstract: appended "Server update considerations are included." [OPS-Dir
review]

- Introduction: changed "particularly critical if they mean losing the TLS
extension feature (when downgrading to SSL 3.0)" into "particularly harmful
when the result is loss of the TLS extension feature by downgrading to SSL
3.0" [Gen-ART review]

- Introduction: added "a" with the following result: "... is not a suitable
substitute ..." [SecDir review & Gen-ART review]

- Introduction: added "the" with the following result: "... if the TLS
implementations also include support ..." [SecDir review]

- IANA considerations: changed URLs to
http://www.iana.org/assignments/tls-parameters. [IANA review]

Bodo