IETF Logo Mail Archive

Re: [Uta] Proposed list of deliverables

Leif Johansson <leifj@sunet.se> Mon, 20 January 2014 11:40 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4321A0102 for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 03:40:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.535, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnTsJN9fHc03 for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 03:40:05 -0800 (PST)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) by ietfa.amsl.com (Postfix) with ESMTP id C0FD41A00F5 for <uta@ietf.org>; Mon, 20 Jan 2014 03:40:04 -0800 (PST)
Received: from smtp1.sunet.se (smtp1.sunet.se [IPv6:2001:6b0:8:2::214]) by e-mailfilter01.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id s0KBe3UW004611 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <uta@ietf.org>; Mon, 20 Jan 2014 12:40:03 +0100
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.4/8.14.4) with ESMTP id s0KBe0TU027659 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <uta@ietf.org>; Mon, 20 Jan 2014 12:40:03 +0100 (CET)
X-Footer: c3VuZXQuc2U=
Received: from [192.36.125.238] ([192.36.125.238]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.2.2) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256 bits)) for uta@ietf.org; Mon, 20 Jan 2014 12:39:59 +0100
Message-ID: <52DD0B0F.6090901@sunet.se>
Date: Mon, 20 Jan 2014 12:39:59 +0100
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: uta@ietf.org
References: <0bc674da169f4772b0fb2173ed679115@BY2PR03MB300.namprd03.prod.outlook.com> <871u0229lk.fsf@nordberg.se>
In-Reply-To: <871u0229lk.fsf@nordberg.se>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09LgbE31k - e7ea0ad9176b - 20140120
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
X-Scanned-By: CanIt (www . roaringpenguin . com)
Subject: Re: [Uta] Proposed list of deliverables
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 11:40:07 -0000

On 2014-01-20 12:09, Linus Nordberg wrote:
> "Orit Levin (LCA)" <oritl@microsoft.com> wrote
> Sat, 18 Jan 2014 06:24:44 +0000:
>
> | Below is the list of deliverables for your consideration:
> | 
> | 1. A threat analysis document containing a collection of known
> | security breaches to application protocols due to poor use of TLS
> | (Likely an Informational RFC)
> | 2. Applications' independent document recommending best existing and
> | future practices for using TLS (Likely a BCP or a Proposed Standard
> | RFC)
> | 3. A set of documents, each describing best existing and future
> | practices for using TLS with a specific application protocol, i.e.,
> | SMTP, POP, IMAP, XMPP, HTTP 1.1, etc. (Case-by-case likely a BCP or a
> | Proposed Standard RFC)
> | 4. A document discussing (and potentially defining) how to apply the
> | opportunistic encryption approach (preliminary outlined in
> | draft-farrelll-mpls-opportunistic-encrypt-00.txt) to TLS. (Category
> | TBD)
>
> These all seem fine to me. I'd like to propose another document
> describing fingerprintability of TLS traffic and how TLS is being
> fingerprinted in practice.
>
Isn't that more a perpass thing? Unless you propose operational BCPs for
avoiding fingerprinting that is...

v2.23.0 | Report a Bug | By Email