[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    [TLS] Fwd: New Version Notification for draft-pettersen-tls-version-rollback-removal-01.txt
From:       "Yngve N. Pettersen" <yngve () spec-work ! net>
Date:       2013-01-09 15:17:17
Message-ID: op.wqngq3vz3dfyax () acorna ! invalid ! invalid
[Download RAW message or body]

Hello all,

I have refreshed my draft about how to leverage the TLS Renegotiation  
Information extension (RFC 5746) to disable automatic version rollback in  
TLS Clients.

There are no real changes, only fixing a reference IDnit and updating my  
email address.

------- Forwarded message -------
From: internet-drafts@ietf.org
To: yngve@spec-work.net
Cc:
Subject: New Version Notification for  
draft-pettersen-tls-version-rollback-removal-01.txt
Date: Wed, 09 Jan 2013 16:13:10 +0100


A new version of I-D, draft-pettersen-tls-version-rollback-removal-01.txt
has been successfully submitted by Yngve N. Pettersen and posted to the
IETF repository.

Filename:	 draft-pettersen-tls-version-rollback-removal
Revision:	 01
Title:		 Managing and removing automatic version rollback in TLS Clients
Creation date:	 2013-01-09
WG ID:		 Individual Submission
Number of pages: 6
URL:
http://www.ietf.org/internet-drafts/draft-pettersen-tls-version-rollback-removal-01.txt
Status:
http://datatracker.ietf.org/doc/draft-pettersen-tls-version-rollback-removal
Htmlized:
http://tools.ietf.org/html/draft-pettersen-tls-version-rollback-removal-01
Diff:
http://www.ietf.org/rfcdiff?url2=draft-pettersen-tls-version-rollback-removal-01

Abstract:
     Ever since vendors started deploying TLS 1.0 clients, these clients
     have had to handle server implementations that do not tolerate the
     TLS version supported by the client, usually by automatically
     signaling an older supported version instead.  Such version rollbacks
     represent a potential security hazard, if the older version should
     become vulnerable to attacks.  The same history repeated when TLS
     Extensions were introduced, as some servers would not negotiate with
     clients that sent these protocol extensions, forcing clients to
     reduce protocol functionality in order to maintain interoperability.

     This document outlines a procedure to help clients decide when they
     may use version rollback to maintain interoperability with legacy
     servers, under what conditions the clients should not allow version
     rollbacks, such as when the server has indicated support for the TLS
     Renegotiation Information extension.  The intention of this procedure
     is to limit the use of automatic version rollback to legacy servers
     and eventually eliminate its use.




The IETF Secretariat


-- 
MVH,
Yngve N. Pettersen

Using Opera's mail client: http://www.opera.com/mail/

[prev in list] [next in list] [prev in thread] [next in thread]