[TLS] Protocol Action: 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks' to Proposed Standard (draft-ietf-tls-downgrade-scsv-05.txt)
The IESG <iesg-secretary@ietf.org> Tue, 24 February 2015 17:05 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2411C1A1BC2; Tue, 24 Feb 2015 09:05:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBqhk7f6edNo; Tue, 24 Feb 2015 09:05:53 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C69181A8868; Tue, 24 Feb 2015 09:05:45 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.11.0.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150224170545.678.71458.idtracker@ietfa.amsl.com>
Date: Tue, 24 Feb 2015 09:05:45 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UQD3D4xbFSU1U5O39qX28ZuTAIE>
Cc: tls mailing list <tls@ietf.org>, tls chair <tls-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [TLS] Protocol Action: 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks' to Proposed Standard (draft-ietf-tls-downgrade-scsv-05.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 17:05:55 -0000
The IESG has approved the following document: - 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks' (draft-ietf-tls-downgrade-scsv-05.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/ Technical Summary This document defines a Signaling Cipher Suite Value (SCSV) that prevents protocol downgrade attacks on the Transport Layer Security (TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246. Working Group Summary Was there anything in the WG process that is worth noting? Yes. Lots and lots of argument:-) See the shepherd writeup for details. The IETF LC mostly repeated arguments already aired and disposed of during the WG process, or was about TLS1.3. Consensus for this is rough, but fairly clear. Document Quality Based on some measurements taken back in November 14.4% of TLS servers on the Internet now support the mechanism described in this draft. Personnel Sean Turner is the document Shepherd, Stephen Farrell is the irresponsible AD.