Re: [secdir] secdir review for draft-ietf-uta-tls-attacks-05

Leif Johansson <leifj@sunet.se> Fri, 24 October 2014 16:40 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B92A1A1B6F; Fri, 24 Oct 2014 09:40:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.781
X-Spam-Level:
X-Spam-Status: No, score=-0.781 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkqBgRCaL1Oe; Fri, 24 Oct 2014 09:40:08 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 507021A1B04; Fri, 24 Oct 2014 09:40:08 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [IPv6:2001:6b0:8:2::214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id s9OGe2Gw010012 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 24 Oct 2014 18:40:02 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.7/8.14.7) with ESMTP id s9OGdxlo004471 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 24 Oct 2014 18:40:01 +0200 (CEST)
X-Footer: c3VuZXQuc2U=
Received: from [10.0.0.116] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.3.3) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)); Fri, 24 Oct 2014 18:39:57 +0200
Message-ID: <544A80DC.6020401@sunet.se>
Date: Fri, 24 Oct 2014 18:39:56 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: David Harrington <ietfdbh@comcast.net>, draft-ietf-uta-tls-attacks.all@tools.ietf.org
References: <1CA68C92-D578-4606-BF0E-9B43434BE43B@comcast.net>
In-Reply-To: <1CA68C92-D578-4606-BF0E-9B43434BE43B@comcast.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09N74E2Wn - 2142722e4460 - 20141024
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/W-j_kafqmn2MxLe8U_SVfKhxwws
Cc: "iesg@ietf.org" <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review for draft-ietf-uta-tls-attacks-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 16:40:10 -0000

On 2014-10-24 18:38, David Harrington wrote:
> Hi,
> 
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
> 
> Abstract:
> 
> Over the last few years there have been several serious attacks on
>    Transport Layer Security (TLS), including attacks on its most
>    commonly used ciphers and modes of operation.  This document
>    summarizes these attacks, with the goal of motivating generic and
>    protocol-specific recommendations on the usage of TLS and Datagram
>    TLS (DTLS).
> 
> 
> 
> I consider this document ready for publication.
> 
> This document is an Information draft, summarizing somer of the known
> attacks on TLS and DTLS.
> I agree with the security considerations section statement that this
> document has no security implications.
> 
> A few editorial nits:
> s/This attacks summarized/The attacks summarized/
> s/the Klima attack relies on a version-check oracle is only mitigated by
> TLS 1.1./
> the Klima attack relies on a version-check oracle and is only mitigated
> by TLS 1.1./ 


Thx for the review David!

	Cheers Leif