Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-11.txt

2021-01-20 Thread Gary Gapinski 
https://english.ncsc.nl/latest/news/2021/january/19/it-security-guidelines-for-transport-layer-security-2.1 
may be of interest.


___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] [Gen-art] Genart last call review of draft-ietf-tls-oldversions-deprecate-09

2021-01-20 Thread Kathleen Moriarty 
Thank you, Mohit, Stephen, and Alyssa!

On Wed, Jan 20, 2021 at 2:34 PM Alissa Cooper  wrote:

> Mohit, thanks for your review. Stephen, thanks for your response. I
> entered a Yes ballot.
>
> Alissa
>
> On Nov 25, 2020, at 6:47 AM, Stephen Farrell 
> wrote:
>
>
>
> On 25/11/2020 11:46, Mohit Sethi via Datatracker wrote:
>
> Reviewer: Mohit Sethi
> Review result: Ready
>
>
> Thanks. Will look at those nits when next editing.
>
> Cheers,
> S.
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> For more information, please see the FAQ at
> .
> Document: draft-ietf-tls-oldversions-deprecate-09
> Reviewer: Mohit Sethi
> Review Date: 2020-11-25
> IETF LC End Date: 2020-11-30
> IESG Telechat date: Not scheduled for a telechat
> Summary: This document deprecates older versions of TLS and DTLS. It also
> updates many RFCs that normatively refer to the older TLS/DTLS versions.
> Major issues: None
> Minor issues: None
> Nits/editorial comments: In section 1.1, typo in "waas defined to detect".
> Most references to RFCs are of the form "[RFC7507]". Can we change "RFC
> 7457
> [RFC7457]" to "[RFC7457]" for uniformity. Similarly, perhaps you could
> change
> "RFC5246 [RFC5246]" and "RFC4346 [RFC4346]" to "[RFC5246]" and "[RFC4346]".
> In section 2 "NIST for example have provided " should be "..has
> provided...".
> In section 6 "this document is called out specifically to update text
> implementing the deprecation  recommendations of this document." I was
> initially confused with the repeated usage of "this". Perhaps it would
> help to
> be more explicit.
>
> 
> ___
> Gen-art mailing list
> gen-...@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art
>
>
>

-- 

Best regards,
Kathleen
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] [Gen-art] Genart last call review of draft-ietf-tls-oldversions-deprecate-09

2021-01-20 Thread Alissa Cooper 
Mohit, thanks for your review. Stephen, thanks for your response. I entered a 
Yes ballot.

Alissa

> On Nov 25, 2020, at 6:47 AM, Stephen Farrell  
> wrote:
> 
> 
> 
> On 25/11/2020 11:46, Mohit Sethi via Datatracker wrote:
>> Reviewer: Mohit Sethi
>> Review result: Ready
> 
> Thanks. Will look at those nits when next editing.
> 
> Cheers,
> S.
> 
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed
>> by the IESG for the IETF Chair.  Please treat these comments just
>> like any other last call comments.
>> For more information, please see the FAQ at
>> .
>> Document: draft-ietf-tls-oldversions-deprecate-09
>> Reviewer: Mohit Sethi
>> Review Date: 2020-11-25
>> IETF LC End Date: 2020-11-30
>> IESG Telechat date: Not scheduled for a telechat
>> Summary: This document deprecates older versions of TLS and DTLS. It also
>> updates many RFCs that normatively refer to the older TLS/DTLS versions.
>> Major issues: None
>> Minor issues: None
>> Nits/editorial comments: In section 1.1, typo in "waas defined to detect".
>> Most references to RFCs are of the form "[RFC7507]". Can we change "RFC 7457
>> [RFC7457]" to "[RFC7457]" for uniformity. Similarly, perhaps you could change
>> "RFC5246 [RFC5246]" and "RFC4346 [RFC4346]" to "[RFC5246]" and "[RFC4346]".
>> In section 2 "NIST for example have provided " should be "..has provided...".
>> In section 6 "this document is called out specifically to update text
>> implementing the deprecation  recommendations of this document." I was
>> initially confused with the repeated usage of "this". Perhaps it would help 
>> to
>> be more explicit.
> ___
> Gen-art mailing list
> gen-...@ietf.org 
> https://www.ietf.org/mailman/listinfo/gen-art 
> 
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Closing DTLS 1.3 PRs

2021-01-20 Thread Christopher Wood 
The consensus call is now complete. Thanks to everyone who left feedback and 
suggestions for improvement! 

All PRs have been merged and a new version of the draft was submitted. We'll 
continue moving this document through the publication process now.

Best,
Chris

On Thu, Jan 7, 2021, at 1:33 PM, Christopher Wood wrote:
> Adding one more to this list:
> 
> - Added text regarding the legacy_session_id field (#202)
> 
> Best,
> Chris
> 
> On Mon, Jan 4, 2021, at 8:21 PM, Christopher Wood wrote:
> > There are currently 12 open PRs [1] against the DTLS 1.3 specification 
> > generated in response to Ben's review [2]:
> > 
> > - Require that cipher suites define a record number encryption algorithm 
> > (#166)
> > - PMTU estimates (#168)
> > - Updates to cookie text (#169)
> > - Clarify buffering and retransmission requirements (#171)
> > - Relax age out text (#172)
> > - Records with bogus epochs should be discarded, not generate alerts (#177)
> > - RCID excessive (#179)
> > - Alerts are unreliable (#180)
> > - Rationale for spare CIDs (#185)
> > - Forbid going from an empty CID to a non-empty CID (#194)
> > - Clarify mixing sequence and length settings on the same connection (#195)
> > - Use DTLS style version values, even for DTLS 1.3 (#196)
> > 
> > Please have a look and provide feedback! Barring objections, we plan to 
> > merge these on Monday, January 18. We'll then cut a new version of the 
> > draft and move forward.
> > 
> > Best,
> > Chris, for the chairs
> > 
> > [1] 
> > https://github.com/tlswg/dtls13-spec/pulls?q=is%3Apr+is%3Aopen+label%3Aconsensus-needed
> > [2] 
> > https://mailarchive.ietf.org/arch/msg/tls/FJM6OHfvLJP_pF5uUcR86pzrdYo/
> > 
> > ___
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
> 
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] I-D Action: draft-ietf-tls-dtls13-40.txt

2021-01-20 Thread internet-drafts 


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security WG of the IETF.

Title   : The Datagram Transport Layer Security (DTLS) Protocol 
Version 1.3
Authors : Eric Rescorla
  Hannes Tschofenig
  Nagendra Modadugu
Filename: draft-ietf-tls-dtls13-40.txt
Pages   : 65
Date: 2021-01-20

Abstract:
   This document specifies Version 1.3 of the Datagram Transport Layer
   Security (DTLS) protocol.  DTLS 1.3 allows client/server applications
   to communicate over the Internet in a way that is designed to prevent
   eavesdropping, tampering, and message forgery.

   The DTLS 1.3 protocol is intentionally based on the Transport Layer
   Security (TLS) 1.3 protocol and provides equivalent security
   guarantees with the exception of order protection/non-replayability.
   Datagram semantics of the underlying transport are preserved by the
   DTLS protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-tls-dtls13-40.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-dtls13-40


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] ECH -09 interop

2021-01-20 Thread Christopher Patton 
Hi Rob, all,

Cloudflare is now running an ECH test server here:
https://crypto.cloudflare.com

We're running draft-ietf-tls-esni-09. The HTTPS resource record containing
the current ECH config is available in DNS.

Please let me know if you observe any bugs or otherwise have issues. Our Go
implementation can be found here:
https://github.com/cloudflare/go/tree/cf/src/crypto/tls

Thanks! And for those in the US, happy inauguration day!
- Chris P.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls