Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-11.txt
"yaronf.ietf@gmail.com" <yaronf.ietf@gmail.com> Wed, 17 August 2022 05:11 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D7CC1526EE for <uta@ietfa.amsl.com>; Tue, 16 Aug 2022 22:11:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.461
X-Spam-Level:
X-Spam-Status: No, score=-0.461 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X0-XZfv05Zct for <uta@ietfa.amsl.com>; Tue, 16 Aug 2022 22:11:11 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8520C14CE2C for <uta@ietf.org>; Tue, 16 Aug 2022 22:11:11 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id a89so16056845edf.5 for <uta@ietf.org>; Tue, 16 Aug 2022 22:11:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:from:to:cc; bh=/T9ExadSLyhuYGZPqv4EwOPKvBcNKuNjnN7ZMGKlGDA=; b=k8NRIHSzYE0yev7j6pODjZSoMmLjSG9py0/p8Tyj2jOYA5EovFwoZdrGhswMADQ+yC GjBYpcLg9trVg50qTsPu1HomxJ6z5/lG5C2ggWGvYjB3sZlPAFWF0XhkTfHTG1ZuUS4m hQpWs413cmXE/eY/UBGPxqCdZmyOv7zvRldaZ5gEFgw5+UT3BOsweoF8pKm7VoEgKgP3 /m6hS43YvrJEdVFHezLPWtIKwt25B6q2I3E0hnrh11es9uzTtGDQF1JwrnT6MHRcKEr9 3z55kNIW+/tYa87mq5zAcuThtvWT9HF84Pebl1goeNc0QdcyLZbOH/ZOFdXr6KguZuBz mk9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:x-gm-message-state:from :to:cc; bh=/T9ExadSLyhuYGZPqv4EwOPKvBcNKuNjnN7ZMGKlGDA=; b=B3W7kH0PAFdrXFHodXV8a9Wys7iYOmFw2g2HUTZc2UVyMgG54kxT832mftEkSUb/yr m8XYaXuL3d+jaZ5K5JbabpT70UynBE+q2zIRxMCkWZ4ewqUF5WL08sxRNISxBuPoj9tx 4myjkf9qjDvRtasjhaBcwCncGEpm/e+WIzPM1mxBrQ7K1VzO8s02lIhxivy5ck/BcEge R2Fk+43OcfEefhocu44sFajmmtWzC0yL8sjurbo0hCSy3f0vs7x4msGqyhIDc6rlZaiS 6efr+qdMk4vHUZb7d4NawdryIIHmqYTyX20tsgkJxw/LbOmAnDDoEN835MrTSnEc6gbO /nbQ==
X-Gm-Message-State: ACgBeo02310DUKDNshS+3vm9aVQN91kd7XOoAHoyY70qe/Bm/PnF9Kt+ yUZD1R8AylxOkRV5S30q/IrcT8we89E=
X-Google-Smtp-Source: AA6agR4tXVVQy1d5pSHywFucXm45+aUgmBTbauSMybe2KoTtvkqRpqOGc8/KV8ZqVpErbk+GLrmkyA==
X-Received: by 2002:a05:6402:43c3:b0:445:db76:de71 with SMTP id p3-20020a05640243c300b00445db76de71mr1034521edc.218.1660713069844; Tue, 16 Aug 2022 22:11:09 -0700 (PDT)
Received: from macos-F7LQR2FV6V (IGLD-84-229-147-215.inter.net.il. [84.229.147.215]) by smtp.gmail.com with ESMTPSA id wi2-20020a170906fd4200b007308bebce51sm6321151ejb.171.2022.08.16.22.11.08 for <uta@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Aug 2022 22:11:09 -0700 (PDT)
MIME-Version: 1.0
Date: Wed, 17 Aug 2022 00:13:27 +0300
From: "yaronf.ietf@gmail.com" <yaronf.ietf@gmail.com>
Thread-Topic: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-11.txt
In-Reply-To: <166068399219.5003.14980494128383341129@ietfa.amsl.com>
Message-ID: <D3779856-9C2B-F84D-B40C-1EEE676705B3@hxcore.ol>
References: <166068399219.5003.14980494128383341129@ietfa.amsl.com>
To: uta@ietf.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/7h-7uxSgZtLN7uS23yQJD1zQhYk>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-11.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 05:11:15 -0000
Version -10 of this draft addressed a bunch of IESG comments, however we missed a set of comments from Peter Gutmann. This version addresses those remaining comments and we believe we can move forward.
Thanks,
Yaron
On 17/08/2022, 0:07, "Uta" <uta-bounces@ietf.org> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.
Title : Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
Authors : Yaron Sheffer
Peter Saint-Andre
Thomas Fossati
Filename : draft-ietf-uta-rfc7525bis-11.txt
Pages : 46
Date : 2022-08-16
Abstract:
Transport Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) are used to protect data exchanged over a wide range of
application protocols, and can also form the basis for secure
transport protocols. Over the years, the industry has witnessed
several serious attacks on TLS and DTLS, including attacks on the
most commonly used cipher suites and their modes of operation. This
document provides the latest recommendations for ensuring the
security of deployed services that use TLS and DTLS. These
recommendations are applicable to the majority of use cases.
An earlier version of this document was published as RFC 7525 when
the industry was in the midst of its transition to TLS 1.2. Years
later this transition is largely complete and TLS 1.3 is widely
available. This document updates the guidance given the new
environment and obsoletes RFC 7525. In addition, the document
updates RFC 5288 and RFC 6066 in view of recent attacks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/" rel="nofollow">https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-11.html" rel="nofollow">https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-11.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-11" rel="nofollow">https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-11
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
Uta mailing list
- [Uta] I-D Action: draft-ietf-uta-rfc7525bis-11.txt internet-drafts
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-1… yaronf.ietf@gmail.com