would be willing to submit a patch and a related message
explaining changes (if need be) to this list. is that acceptable?
- absolutely!
Orit.
________________________________
From: Aaron Zauner<mailto:[email protected]>
Sent: 7/21/2014 5:54 PM
To: [email protected]<mailto:[email protected]>
Subject: [Uta] TLS BCP Review
Hi *,
I'm in the process of reviewing the BCP currently and do have a couple
of open questions and remarks before submitting a patch. Please excuse
me if some of them have already been asked before on the mailing list,
although I tried to go through most of the mails, I might have missed some.
* the document on github seems to be out of sync with the document
that is currently available on the IETF website.
* I've found some typos, rhetorical flaws w.r.t phrasing throughout
the document as well as missing information in reasoning parts. I
would be willing to submit a patch and a related message
explaining changes (if need be) to this list. is that acceptable?
* the document effectively states in 1. that TLS 1.3 will obsolete
this document. UTA should still give recommendations for legacy
protocols that will be widely deployed on the internet. although
faster than it used to be - TLS adoption is still very slow.
* 3.1. states that SSLv2 has "serious security vulnerabilities"
while this is true, it does not emphasize how broken SSLv2
actually is. how about changing the wording to "considered to be
insecure"?
* as for the deployment of "3%", mentioned in 3.2. - previous
posters have pointed to the scans by j.vehent and sslpulse/qualys.
there's also a monthly scan being conducted by h.kario of
redhat [0].
* in 3.6 disabling compression is a SHOULD. with the issues currently
raised by attacks this has to be a MUST in my opinion. and:
* the document does not mention issues with compression in underlying
applications when using TLS (e.g. BREACH for HTTP).
* 4.2: once accepted (and everything looks this way) the draft by DKG
will obsolete parts of this section [2].
* currently the document provides for no reasoning as to why no ECDSA
ciphersuites have been included. while I agree that they should be
excluded, one should include a sentence or two on the matter. I'm
not an expert with DSA/DSS so I can just refer to [1] and the
sources mentioned therein.
* the document currently does not mention any views for
standardization bodies and implementors on key pinning (TACK,
HTKP).
* the document currently does not mention any views for
standardization bodies and implementors on certificate
transparency.
That's all for now, I'm pretty sure I'll come up with more.
Thanks for your time,
Aaron
Sources:
[0] - http://securitypitfalls.wordpress.com
[1] - http://blog.cr.yp.to/20140323-ecdsa.html
[2] - http://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
