IETF Logo Mail Archive

Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 26 May 2022 21:26 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E42DC1594A5 for <uta@ietfa.amsl.com>; Thu, 26 May 2022 14:26:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xFqN6yFINsO for <uta@ietfa.amsl.com>; Thu, 26 May 2022 14:26:16 -0700 (PDT)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33D46C15949E for <uta@ietf.org>; Thu, 26 May 2022 14:26:16 -0700 (PDT)
Received: by mail-wm1-x32b.google.com with SMTP id o9so1671387wmd.0 for <uta@ietf.org>; Thu, 26 May 2022 14:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=kB+z3w7RKJyqHTYCCSim6dghybicGKfBSjVkqClssYg=; b=D7l/vQ7n8U5K8N4mHKr5JMl0zxcbPToCiKXxzyG1AAVxqmZDHttLQiM0VfpnEvljfG WaVQ9AStzfsJPFko67c9AN7gpMPx2x+BOikEuqKdKHP+/M4jmYvKAze3pjkukUSOjBgk CXCUSKVD/cBM5j77kKIArUY0jRNCx+DZjKDSe5a4mKaIl6dgcFUB1iMRvfx9R5qPTobf oVmEffk1iSyGIooj4wjo+8esOGGnMhe8yZ7FbtqSvYtFNhYw6052MThjbry941DVI1f0 39w4ZN9GjHShkxO4bPjxgBdOKrBfAuPSrbHQMBNK+Svap2nkZP5IUsssW6AJsbxN07x5 VkkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=kB+z3w7RKJyqHTYCCSim6dghybicGKfBSjVkqClssYg=; b=5MW9hFsls7UIXwbtT9M7fgukv9hy7MG+/N1QmiYuJg/jvCaU/ZhT7J2TLZ6mdrQMyK K9uoT6z+gaW2BlrWhjc84GEeBF9SgiA/Scpzq9dBfmF88etUAoudvSCEcuDgNFlTdMo7 fF5fqwoVu+LckSiTwDHvRPJYyMH/VZwdmO5A7AEl3aFjhe6aEHsJ0aB4yKxFEw+qyNz4 QwV3Eui54o9rAitfrSSykdfwpbDNll8auLkrtDOnTw4k+28mAxRLk4kj9tSK6zkWROgu EhFmSlGo5iVFOWVLWHCxgRZldoitHjAPkq26ynAQP/2JkvCpAKjH8B1Y4OFjMvHl2qHI NMvA==
X-Gm-Message-State: AOAM532ay3+4l/6BPr7uHzT+Y9A0at9Ikuv0D4gHa7RhvDYyPCBp1Zjz HlIJtLz/HhwwddD0RIp2ZHHOrFqYbQA=
X-Google-Smtp-Source: ABdhPJyyPYKPNURgguod2g5Y9N7YM/uYeom/1nWt9RGroIjFQ26i9A9MJAXm4yaclhHa2iTXNBvofg==
X-Received: by 2002:a05:600c:3ac7:b0:397:5cb4:a2b5 with SMTP id d7-20020a05600c3ac700b003975cb4a2b5mr3999876wms.5.1653600374080; Thu, 26 May 2022 14:26:14 -0700 (PDT)
Received: from [192.168.68.100] (IGLD-84-229-147-76.inter.net.il. [84.229.147.76]) by smtp.gmail.com with ESMTPSA id u14-20020a5d6ace000000b0020c5253d914sm153455wrw.96.2022.05.26.14.26.12 for <uta@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 May 2022 14:26:13 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.61.22050700
Date: Fri, 27 May 2022 00:26:11 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: uta@ietf.org
Message-ID: <CC2019E7-BD6A-4F65-A59F-42B9E79468B0@gmail.com>
Thread-Topic: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
References: <165360014937.7348.791812490092301727@ietfa.amsl.com>
In-Reply-To: <165360014937.7348.791812490092301727@ietfa.amsl.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/pChVU3xPa1bJPKodXr5kXZZa-Lc>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 21:26:17 -0000

This version addresses numerous comments, mostly (but not always) editorial, by Francesca and Paul W.

As a reminder, the document is in IETF LC until May 30.

Thanks,
	Yaron


On 5/27/22, 00:22, "uta-bounces@ietf.org on behalf of internet-drafts@ietf.org" <uta-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:


    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Using TLS in Applications WG of the IETF.

            Title           : Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
            Authors         : Yaron Sheffer
                              Peter Saint-Andre
                              Thomas Fossati
    	Filename        : draft-ietf-uta-rfc7525bis-07.txt
    	Pages           : 39
    	Date            : 2022-05-26

    Abstract:
       Transport Layer Security (TLS) and Datagram Transport Layer Security
       (DTLS) are widely used to protect data exchanged over application
       protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP.  Over the
       years, the industry has witnessed several serious attacks on TLS and
       DTLS, including attacks on the most commonly used cipher suites and
       their modes of operation.  This document provides the latest
       recommendations for ensuring the security of deployed services that
       use TLS and DTLS.  These recommendations are applicable to the
       majority of use cases.

       An earlier version of this document was published as RFC 7525 when
       the industry was in the midst of its transition to TLS 1.2.  Years
       later this transition is largely complete and TLS 1.3 is widely
       available.  This document updates the guidance given the new
       environment and obsoletes RFC 7525.  In addition, the document
       updates RFC 5288 and RFC 6066 in view of recent attacks.


    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/

    There is also an HTML version available at:
    https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-07.html

    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-07


    Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


    _______________________________________________
    Uta mailing list
    Uta@ietf.org
    https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email