I've reviewed draft-ietf-uta-tls-attacks-01.txt and support its publication. I believe the document would be improved by including CVE numbers for the vulnerabilities in the document.
I had volunteered to write text describing the STARTTLS attack. Here's strawman text: --- 2.9 STARTTLS Command Injection Attack (CVE-2011-0411) A number of IETF application protocols have used an application-level command, usually STARTTLS, to upgrade a clear-text connection to use TLS. Multiple implementations of STARTTLS had a flaw where an application-layer input buffer retained commands that were pipelined with the STARTTLS command, such that commands received prior to TLS negotiation are executed after TLS negotiation. This problem is resolved by requiring the application-level command input buffer to be empty before negotiating TLS. Note that this flaw lives in the application layer code and does not impact the TLS protocol directly. Because several independent implementations had the same problem, use of STARTTLS in new IETF protocols is discouraged. --- This attack is a key factor in changing the bias of the application area with respect to use of STARTTLS and is one of the motivations behind the "implicit TLS" preference in http://tools.ietf.org/html/draft-newman-email-deep-01 - Chris _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
