Dear all, We seem to be woefully short on advice dealing with hostname validation. This is probably the real world problem that most often trips people up, in part because OpenSSL versions prior to 0.9.8 don't do it, and many TLS libraries have poor interfaces for it. We're also ignoring a discussion of how to avoid being victimized by Triple Handshake.
We're also missing ephemeral key reuse and I think the section of draft-ietf-uta-tls-bcp-01 discussing PFS should include (because it isn't clear) that the suites with ECDHE or DHE in the name are the correct ones, not the ECDH or DH ones. Sincerely, Watson Ladd _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
