Complicated:-( Perhaps there is a danger of losing the wood for the trees.
Thus, I think of TLS in terms of cipher suites and think that software vendors would too; the mix and match approach of algorithms in 2) (where is RC4 or AEAD or AES-GCM?) seems likely to produce the wrong answers. I also think of TLS in terms of versions, of which there are two values that appear separately in setting up a TLS connection, and many software vendors would appear not to understand what the specification says in that regard and so are in breach of it. Fallback attacks derived therefrom are a significant part of using TLS. And then there is Key Usage; some check, other do not. And the hot topic of three years ago was Renego and support for it; still significant today. Links into fallback attacks. While a running sore is where does the software get its identifier from; this document keeps talking of DN (I wonder how common that is). RFC6125 should probably be in there somewhere. And the treatment of user certs (I know what Microsoft does and it is very sensible but suspect that it is unique). etc etc Tom Petch ----- Original Message ----- From: "Rick Andrews" <[email protected]> To: <[email protected]> Sent: Wednesday, November 27, 2013 12:27 AM Folks, Here's a very early draft, started by Tim with updates from David and me. I've turned on Track Changes; please feel free to add edits and comments. I'm sure there's many more questions we can ask. Please pile 'em on. -Rick ------------------------------------------------------------------------ -------- > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
