[TLS] wrt -ssl-must-not and -tls-server-id-check
=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 04 August 2010 01:55 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E08A3A6888 for <tls@core3.amsl.com>; Tue, 3 Aug 2010 18:55:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.819
X-Spam-Level:
X-Spam-Status: No, score=-1.819 tagged_above=-999 required=5 tests=[AWL=0.446, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8TDrYD1UuwV for <tls@core3.amsl.com>; Tue, 3 Aug 2010 18:55:52 -0700 (PDT)
Received: from cpoproxy3-pub.bluehost.com (cpoproxy3-pub.bluehost.com [67.222.54.6]) by core3.amsl.com (Postfix) with SMTP id 09CAD3A686E for <tls@ietf.org>; Tue, 3 Aug 2010 18:55:52 -0700 (PDT)
Received: (qmail 24683 invoked by uid 0); 4 Aug 2010 01:56:21 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 4 Aug 2010 01:56:20 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=PoUGUXJ8d+NLWXLQfuCVp20VNx8jiuh9tiWvJ7t9VCsoINDJrmDT/uB3BPDVDJPXQ9GDMwAM4+qF9cjh8NTY/ealgBUHWehPB05xL7OPVI7Zklf0e0ARlKQASXI+QnCs;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.49.190]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1OgTDQ-00085U-Nx for tls@ietf.org; Tue, 03 Aug 2010 19:56:20 -0600
Message-ID: <4C58C8C2.8020403@KingsMountain.com>
Date: Tue, 03 Aug 2010 18:56:18 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF TLS WG <tls@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [TLS] wrt -ssl-must-not and -tls-server-id-check
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 01:55:53 -0000
One of my take-aways from the TLS wg session last week in Maastricht (ietf-78) was that wrt draft-turner-ssl-must-not, the sense in the room was that it will be ok to deprecate SSLv2 and earlier, but not SSLv3. That said, it occurs to me that we should perhaps add an item to the Scope section of -tls-server-id-check <http://tools.ietf.org/html/draft-saintandre-tls-server-id-check> that the requirements described therein apply to SSL certs as well as TLS. Part of the rationale being that many people refer to (and seem to regard) both protocols as essentially the same (i.e. they are differentiated to end users only on a buried advanced preferences dialog) and many use the term "SSL" to refer to both TLS and SSL, and thus we should perhaps explicitly mention SSL once in terms of scope in order to try to be clear about applicability (and help the spec turn up appropriately in search engine results :) thoughts? thanks, =JeffH