IETF Logo Mail Archive

[Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 03 February 2022 12:01 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93AE63A13E8 for <uta@ietfa.amsl.com>; Thu, 3 Feb 2022 04:01:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KpdstcwODveZ for <uta@ietfa.amsl.com>; Thu, 3 Feb 2022 04:01:32 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B94F3A13E1 for <uta@ietf.org>; Thu, 3 Feb 2022 04:01:32 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id u15so4613679wrt.3 for <uta@ietf.org>; Thu, 03 Feb 2022 04:01:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=HCeEVFxe3UCRi7bK4hRbKuV7jcac3I7bdc2eWr9tfIY=; b=K5vgV5NfgrFyNPGUwGj0p5v0dE0JxVmzcmMmHLmNZMvRC+GAAe975a8CjcTOWpRMG+ E7iKGOiRzxl0Uu+1ix+gDFMTUaZFlYOJFB92M/mzIunPwAZ6qa5fDy1/yMc0sgUa9Mwh dHltUFUpozccx3ABmdGRqdG3NWBD2Au++6utZPdh5i4tKhELx9oCgIVPMjNCnIdx5RLf jLL/6/SNvhieFROWYDLQP/eDjeHsWqcPNsDWV/JqKgc+LRZKyyeqxJSr1Nz8ykwVw+Qt s7ZtLW3F36QTwYbIHMPhR1oYYICXPaL6vpLRF/HbnhB0ANcfidFmC0T3fUzOHdcttYr/ j3oQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=HCeEVFxe3UCRi7bK4hRbKuV7jcac3I7bdc2eWr9tfIY=; b=iMvZKLDC6nFFvNN+tb1P8mGpqb4AY70/uhDc8hF2WvI254VWUDqJGvrFTCiiiec0LC aHfDTgKeUmm7suBpe+bYxEvoop0VZHKLGeISdxEgof3I7tlCBcq0G9N1WCL2d7FuAU1q L31rnXCbZiPAJs3rYNXvo1Jh+fWRWUN5UV4Y2V4p0VnsZ+1s6iAXLhpd+KEXw/0ILc9X lPIWhzqU10BIcM2a80UUVyrO38WNxpTXOEsBwFodxVkYfbMRi9n7SLln/nystlW82PJG PR6R58tUlcIkKckQ8FisuD6Rj2OHNqxC0PC8CRykYkGbQJ+FO6xVI4sCGUfp0fd2MVaE Yn5A==
X-Gm-Message-State: AOAM533BJ+8Gi3FURtIrKC+ooIpn2yAvlMSEydh6q/iPcVI3v/I44GF7 xgsxjvIg/QEH7GmvX6pEi1Tg8eVKABE=
X-Google-Smtp-Source: ABdhPJxydJMuXYtoDAlyEzETUiLQ1PxsrPV+Jzo3kms2PX0hlq0l0WY395gyzp20P/LxWoA797zxOw==
X-Received: by 2002:a5d:588e:: with SMTP id n14mr30882664wrf.45.1643889688951; Thu, 03 Feb 2022 04:01:28 -0800 (PST)
Received: from [192.168.68.108] (IGLD-84-229-146-220.inter.net.il. [84.229.146.220]) by smtp.gmail.com with ESMTPSA id d2sm19770673wru.40.2022.02.03.04.01.27 for <uta@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Feb 2022 04:01:28 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.57.22011101
Date: Thu, 03 Feb 2022 14:01:26 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: "uta@ietf.org" <uta@ietf.org>
Message-ID: <9CE288A3-5215-4643-9947-E6CD4B5191E5@gmail.com>
Thread-Topic: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt
References: <164388750225.17034.15575610873964076173@ietfa.amsl.com>
In-Reply-To: <164388750225.17034.15575610873964076173@ietfa.amsl.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/XCIN85CINh-3L1d-3kDz2f2SJpg>
Subject: [Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2022 12:01:36 -0000

Here's the post-WGLC version of the BCP. Thanks to everybody who reviewed the draft and those who participated in the discussion leading to this version.

Quite a few changes from -04:

      -  More clarity and guidance on session resumption.
      -  Clarity on TLS 1.2 renegotiation.
      -  Wording on the 0-RTT feature aligned with RFC 8446.
      -  SHOULD NOT guidance on static and ephemeral finite field DH
         cipher suites.
      -  Revamped the recommended TLS 1.2 cipher suites, removing DHE
         and adding ECDSA.  The latter due to the wide adoption of ECDSA
         certificates and in line with RFC 8446.
      -  Recommendation to use deterministic ECDSA.
      -  Finally deprecated the old TLS 1.2 MTI cipher suite.
      -  Deeper discussion of ECDH public key reuse issues, and as a
         result, recommended support of X25519.
      -  Reworded the section on certificate revocation and OCSP
         following a long mailing list thread.

The authors believe the draft is ready to move forward. Chairs, please make a call on the next steps.

Thanks,
	Peter, Thomas and Yaron

On 2/3/22, 13:25, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:


    A new version of I-D, draft-ietf-uta-rfc7525bis-05.txt
    has been successfully submitted by Yaron Sheffer and posted to the
    IETF repository.

    Name:		draft-ietf-uta-rfc7525bis
    Revision:	05
    Title:		Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
    Document date:	2022-02-03
    Group:		uta
    Pages:		38
    URL:            https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.txt
    Status:         https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
    Html:           https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.html
    Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis
    Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-05

    Abstract:
       Transport Layer Security (TLS) and Datagram Transport Layer Security
       (DTLS) are widely used to protect data exchanged over application
       protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP.  Over the
       years, the industry has witnessed several serious attacks on TLS and
       DTLS, including attacks on the most commonly used cipher suites and
       their modes of operation.  This document provides recommendations for
       improving the security of deployed services that use TLS and DTLS.
       The recommendations are applicable to the majority of use cases.

       This document was published as RFC 7525 when the industry was in the
       midst of its transition to TLS 1.2.  Years later this transition is
       largely complete and TLS 1.3 is widely available.  Given the new
       environment, updated guidance is needed.




    The IETF Secretariat

v2.23.0 | Report a Bug | By Email