On Wed, 2014-05-28 at 18:15 +0000, Trevor Freeman wrote: > I am curious why the draft treats SSL v3 (SHOULD NOT) differently to > TLS v1.0 (MAY) > From a security perspective, they are equivalent in that they are no > significant threats mitigated by TLS 1.0.
Not really. 1. SSL 3.0 does not check the padding bytes in CBC, and thus allows for far more efficient attacks. 2. SSL 3.0 uses a non-standard MAC (pre-HMAC) variant and can only be combined with SHA1 or MD5 based algorithms. > TLS 1.0 is still vulnerable to the BEAST attack so it should be a > SHOULD NOT like SSL v3. I agree. regards, Nikos _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
