Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hi Yaron,

Thanks for doing this. I hope the WG adopt this and
process it quickly.

A few comments:

1) Given recent news, I think section 2 should describe why
PFS is a good thing and should say a bit about how server
private keys can be exposed (e.g. someone hacks into
server and copies a private key file, or gets keys from
a decommissioned server), and the consequences that flow
if non-PFS ciphersuites are used.

2) I think an appendix or section that shows how to configure
a server to prefer whatever ciphersuite configurations end
up as recommended would be very valuable. I realise that that
would be server specific but it should be easy enough to get
for the most popular server or the two most popular. While
that information is already available on the web, and will
go out of date, its finicky stuff so it'd be good to make
all this easier for a site admin who reads the RFC in
the next couple of years.

3) Similarly, saying how to turn off ciphersuites that you
don't want and which those are might be useful.

4) I also think it'd be good to give recommendations for
older versions of TLS (and maybe SSL) that are still
widely deployed, even though TLS 1.2 will have better
options and the overall recommendation is to use a
1.2 ciphersuite.

5) I agree with the point raised by Patrick that some
guidance about reasonable key lengths/strengths would
be good where its needed. I'd be ok with that being in
the non-normative bit where you show how to configure
stuff and/or in the security considerations.

Some text related to a number of the above points can be
found via the links in a mail that Patrick Pelletier [1]
sent to the perpass list.

Cheers,
S.

[1] http://www.ietf.org/mail-archive/web/perpass/current/msg00062.html


On 09/08/2013 09:25 AM, Yaron Sheffer wrote:
> This is an early version of my proposal for a BCP-like document, to
> inform the industry on what can be done with existing implementations,
> while TLS 1.3 is still not ready.
> 
> I would appreciate your comments of course. Specifically,
> I would like to fill in the Implementation Status table (Sec. 5) and
> would be glad to receive solid information (dates, planned dates,
> version numbers) from implementers.
> 
> Thanks,
>     Yaron
> 
> -------- Original Message --------
> Subject: New Version Notification for draft-sheffer-tls-bcp-00.txt
> Date: Sat, 07 Sep 2013 15:46:38 -0700
> From: internet-drafts@ietf.org
> To: Yaron Sheffer <yaronf.ietf@gmail.com>
> 
> 
> A new version of I-D, draft-sheffer-tls-bcp-00.txt
> has been successfully submitted by Yaron Sheffer and posted to the
> IETF repository.
> 
> Filename:     draft-sheffer-tls-bcp
> Revision:     00
> Title:         Recommendations for Secure Use of TLS and DTLS
> Creation date:     2013-09-08
> Group:         Individual Submission
> Number of pages: 8
> URL: http://www.ietf.org/internet-drafts/draft-sheffer-tls-bcp-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-sheffer-tls-bcp
> Htmlized:        http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
> 
> 
> Abstract:
>    Over the last few years there have been several serious attacks on
>    TLS, including attacks on its most commonly used ciphers and modes of
>    operation.  This document offers recommendations on securely using
>    the TLS and DTLS protocols, given existing standards and
>    implementations.
> 
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>