Re: [TLS] Working Group Last Call fordraft-ietf-tls-ssl2-must-not-02
"t.petch" <ietfc@btconnect.com> Fri, 29 October 2010 11:06 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0FF23A686B for <tls@core3.amsl.com>; Fri, 29 Oct 2010 04:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.28
X-Spam-Level:
X-Spam-Status: No, score=-2.28 tagged_above=-999 required=5 tests=[AWL=0.319, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBRCmnM-dhAC for <tls@core3.amsl.com>; Fri, 29 Oct 2010 04:06:51 -0700 (PDT)
Received: from mail.btconnect.com (c2bthomr07.btconnect.com [213.123.20.125]) by core3.amsl.com (Postfix) with ESMTP id 633DC3A6856 for <tls@ietf.org>; Fri, 29 Oct 2010 04:06:49 -0700 (PDT)
Received: from host86-156-136-67.range86-156.btcentralplus.com (HELO pc6) ([86.156.136.67]) by c2bthomr07.btconnect.com with SMTP id ASG64619; Fri, 29 Oct 2010 12:08:32 +0100 (BST)
Message-ID: <03bf01cb7751$116cf240$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Joe Salowey <jsalowey@cisco.com>
References: <201010251952.o9PJq3pa012929@fs4113.wdf.sap.corp>
Date: Fri, 29 Oct 2010 12:01:10 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=tid=0001.0A0B0302.4CCAAB23.0011, actions=TAG
X-Junkmail-Status: score=10/50, host=c2bthomr07.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0209.4CCAAB38.01EE, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=single engine
X-Junkmail-IWF: false
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call fordraft-ietf-tls-ssl2-must-not-02
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2010 11:07:01 -0000
In the same vein as 1), I would like this to update RFC4347; there is a presumption that updates to TLS should specify their applicability to DTLS and it would be a shame if SSL continued to be used with DTLS. Tom Petch ----- Original Message ----- From: "Martin Rex" <mrex@sap.com> To: "Joe Salowey" <jsalowey@cisco.com> Cc: <tls@ietf.org> Sent: Monday, October 25, 2010 9:52 PM Subject: Re: [TLS] Working Group Last Call fordraft-ietf-tls-ssl2-must-not-02 > Joe Salowey wrote: > > > > This is an announcement of WGLC for draft-ietf-tls-ssl2-must-not-02. The draft and its revisions can be found here: > > > > http://tools.ietf.org/html/draft-ietf-tls-ssl2-must-not-02 > > > > Please send comments to the TLS list by November 17, 2010. > > This WGLC is about publication of the document, I assume. > > In principle I'm OK with publication. > > Re-reading it, I'd like to make two observations: > > 1. Per document header: > Updates: 5246 (once approved) > this document intends to update rfc-5246 _only_. The text in > Sections 1 and 3 does not limit itself to implementations of TLSv1.2, > and I would support to similarily discourage the use of SSLv2 for > existing implementations of TLSv1.0 and TLSv1.1. > > How about listing TLSv1.0 (rfc2246) and TLSv1.1 (rfc4346) > as well in the Updates: of the document header, > just like RFC5746 (TLS extension RI) does. > > > 2. SSLv2 deficiencies: "Sessions can be easily terminated" > > o Sessions can be easily terminated. A man-in-the-middle can easily > insert a TCP FIN to close the session and the peer is unable to > determine whether or not it was a legitimate end of the session. > > I think this exaggerates the usefulness of the closy_notify(0) > warning level alert as used in practice. By using an application > level framing protocol to mark boundaries of data, it is fairly > easy for application callers to compensate for this "lack" of SSLv2. > Many applications that use a framing protocol look only at their > own framing rather than waiting for the close_notify alert exchange > to _complete_. > > > -Martin > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Working Group Last Call for draft-ietf-tls-… Joe Salowey
- Re: [TLS] Working Group Last Call for draft-ietf-… Simon Josefsson
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Yoav Nir
- Re: [TLS] Working Group Last Call for draft-ietf-… Michael D'Errico
- Re: [TLS] Working Group Last Call for draft-ietf-… Paul Hoffman
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for Martin Rex
- Re: [TLS] Working Group Last Call for Marsh Ray
- Re: [TLS] Working Group Last Call fordraft-ietf-t… t.petch
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Martin Rex
- Re: [TLS] Working Group Last Call fordraft-ietf-t… t.petch