[TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-01.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 20 September 2013 14:34 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C970421F99D5 for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 07:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.632
X-Spam-Status: No, score=-102.632 tagged_above=-999 required=5 tests=[AWL=-0.033, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yiYnxeQgavAG for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 07:34:35 -0700 (PDT)
Received: from mail-wg0-x236.google.com (mail-wg0-x236.google.com [IPv6:2a00:1450:400c:c00::236]) by ietfa.amsl.com (Postfix) with ESMTP id 0612721F968B for <tls@ietf.org>; Fri, 20 Sep 2013 07:34:34 -0700 (PDT)
Received: by mail-wg0-f54.google.com with SMTP id m15so608278wgh.9 for <tls@ietf.org>; Fri, 20 Sep 2013 07:34:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=EFVKp4ir9+mLG1562BN3bK27lZbYW1EC5o9U7uNgx0g=; b=zsW3/0EVOlRnmeIS2i83Sx+UD8u+R5tvXolfhJVGrHV4AvhHtDTF6yNAL/vhil7f8R DowsRJE4G/5yHqP0SROdKu8cwBx7zCwvChbjsAmNQK6kUjcRU5esMfUhIOlEGLP4ihGt D++vFd/1SSFAr6tUyXiqAFc8ePC9oxzOGGT8Q8MbzbyGQ2QJnJCRcmU7jPwP/mFvoz50 qdP/Y//wWLoDxO8bVRkk1arNsPbRKONSignIb/7rvwuT48e4/sXJtLvxe7tcr5dI+OyV ad1gFr518dtYJyNgbFaQTWqUObwRR88jKxOuX9cILxPeSfotYjhCqKPXdHBOO4Y6/lEA WA/Q==
X-Received: by with SMTP id x5mr2998088wia.41.1379687674042; Fri, 20 Sep 2013 07:34:34 -0700 (PDT)
Received: from [] ([]) by mx.google.com with ESMTPSA id ey2sm5359188wib.5.1969. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 20 Sep 2013 07:34:33 -0700 (PDT)
Message-ID: <523C5CF6.2040401@gmail.com>
Date: Fri, 20 Sep 2013 17:34:30 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
References: <20130920142728.15100.58320.idtracker@ietfa.amsl.com>
In-Reply-To: <20130920142728.15100.58320.idtracker@ietfa.amsl.com>
X-Forwarded-Message-Id: <20130920142728.15100.58320.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2013 14:34:35 -0000


Ralph Holz and myself just submitted version -01 of the draft, with a 
large number of changes based on the lively discussion on the mailing 
list. Further comments are of course very welcome.

Change log:

    o  Clarified our motivation in the introduction.
    o  Added a section justifying the need for PFS.
    o  Added recommendations for RSA and DH parameter lengths.  Moved
       from DHE to ECDHE, with a discussion on whether/when DHE is
    o  Recommendation to avoid fallback to SSLv3.
    o  Initial information about browser support - more still needed!
    o  More clarity on compression.
    o  Client can offer stronger cipher suites.
    o  Discussion of the regular TLS mandatory cipher suite.

In addition, we request that the TLS working group adopt this document. 
We believe it can be most effective as a working group document, far 
more than it can ever be as an AD-sponsored RFC.


-------- Original Message --------
Subject: New Version Notification for draft-sheffer-tls-bcp-01.txt
Date: Fri, 20 Sep 2013 07:27:28 -0700
From: internet-drafts@ietf.org
To: Yaron Sheffer <yaronf.ietf@gmail.com>om>, Ralph Holz <holz@net.in.tum.de>

A new version of I-D, draft-sheffer-tls-bcp-01.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.

Filename:	 draft-sheffer-tls-bcp
Revision:	 01
Title:		 Recommendations for Secure Use of TLS and DTLS
Creation date:	 2013-09-20
Group:		 Individual Submission
Number of pages: 12
Status:          http://datatracker.ietf.org/doc/draft-sheffer-tls-bcp
Htmlized:        http://tools.ietf.org/html/draft-sheffer-tls-bcp-01
Diff:            http://www.ietf.org/rfcdiff?url2=draft-sheffer-tls-bcp-01

    Over the last few years there have been several serious attacks on
    TLS, including attacks on its most commonly used ciphers and modes of
    operation.  This document offers recommendations on securely using
    the TLS and DTLS protocols, given existing standards and


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat