[TLS] Protocol Action: 'Prohibiting SSL Version 2.0' to Proposed Standard (draft-ietf-tls-ssl2-must-not-04.txt)
The IESG <iesg-secretary@ietf.org> Mon, 20 December 2010 20:39 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D4DE3A68C5; Mon, 20 Dec 2010 12:39:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n3nvQLTqe+rN; Mon, 20 Dec 2010 12:39:43 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 385743A6ACB; Mon, 20 Dec 2010 12:39:43 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 3.10
Message-ID: <20101220203943.10255.44169.idtracker@localhost>
Date: Mon, 20 Dec 2010 12:39:43 -0800
Cc: Internet Architecture Board <iab@iab.org>, tls mailing list <tls@ietf.org>, tls chair <tls-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [TLS] Protocol Action: 'Prohibiting SSL Version 2.0' to Proposed Standard (draft-ietf-tls-ssl2-must-not-04.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2010 20:39:44 -0000
The IESG has approved the following document: - 'Prohibiting SSL Version 2.0' (draft-ietf-tls-ssl2-must-not-04.txt) as a Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Alexey Melnikov and Tim Polk. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-tls-ssl2-must-not/ Technical Summary This document requires that when TLS clients and servers establish connections that they never negotiate the use of Secure Sockets Layer (SSL) version 2.0. Working Group Summary The draft was discussed on TLS WG mailing list and presented to the TLS WG at IETF 78. Initially, the draft (draft-turner-ssl-must-not) contained text that prohibited SSL 2.0 and 3.0 and provided guidance to use TLS 1.2. Based on SSL server implementation statistics provided by WG members (there's lots of SSL 3.0 implementations) and discussions that SSL 3.0 with its mixed SHA-1/MD5 KDF is still acceptable, the scope of the draft was significantly reduced to only prohibit negotiation of SSL 2.0. Document Quality SSL 2.0 has in fact already been removed from many implementations. The intent here is to formalize the retirement of SSL 2.0. Most of the changes were based on reviews from Paul Hoffman, Simon Josefsson, Marsh Ray, and Martin Rex. Other reviewers are noted in the acknowledgments section. Personnel The document shepherd for this document is Joe Salowey <jsalowey@cisco.com>. The responsible Area Director is Alexey Melnikov <alexey.melnikov@isode.com>.