Hi Yaron et al. Thanks for the update.
Yaron Sheffer wrote: > First, I concur with Aaron's opinion and would like to change SHOULD NOT > to MUST NOT on SSLv3 (but not TLS 1.0), unless there's outcry on the > list in favor of keeping SSLv3 (somewhat) allowed. Just to reiterate why SSLv3 should be a MUST NOT: I guess most of you have already noticed - at Black Hat USA 2014 there was yet another attack presented that uses a downgrade to SSLv3 to be effective: http://bh.ht.vc/ Will look through the attacks draft in the coming days. Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
