[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] Fwd: New Version Notification for draft-pettersen-tls-version-rollback-removal-01.txt
From: "Yngve N. Pettersen" <yngve () spec-work ! net>
Date: 2013-01-09 15:17:17
Message-ID: op.wqngq3vz3dfyax () acorna ! invalid ! invalid
[Download RAW message or body]
Hello all,
I have refreshed my draft about how to leverage the TLS Renegotiation
Information extension (RFC 5746) to disable automatic version rollback in
TLS Clients.
There are no real changes, only fixing a reference IDnit and updating my
email address.
------- Forwarded message -------
From: internet-drafts@ietf.org
To: yngve@spec-work.net
Cc:
Subject: New Version Notification for
draft-pettersen-tls-version-rollback-removal-01.txt
Date: Wed, 09 Jan 2013 16:13:10 +0100
A new version of I-D, draft-pettersen-tls-version-rollback-removal-01.txt
has been successfully submitted by Yngve N. Pettersen and posted to the
IETF repository.
Filename: draft-pettersen-tls-version-rollback-removal
Revision: 01
Title: Managing and removing automatic version rollback in TLS Clients
Creation date: 2013-01-09
WG ID: Individual Submission
Number of pages: 6
URL:
http://www.ietf.org/internet-drafts/draft-pettersen-tls-version-rollback-removal-01.txt
Status:
http://datatracker.ietf.org/doc/draft-pettersen-tls-version-rollback-removal
Htmlized:
http://tools.ietf.org/html/draft-pettersen-tls-version-rollback-removal-01
Diff:
http://www.ietf.org/rfcdiff?url2=draft-pettersen-tls-version-rollback-removal-01
Abstract:
Ever since vendors started deploying TLS 1.0 clients, these clients
have had to handle server implementations that do not tolerate the
TLS version supported by the client, usually by automatically
signaling an older supported version instead. Such version rollbacks
represent a potential security hazard, if the older version should
become vulnerable to attacks. The same history repeated when TLS
Extensions were introduced, as some servers would not negotiate with
clients that sent these protocol extensions, forcing clients to
reduce protocol functionality in order to maintain interoperability.
This document outlines a procedure to help clients decide when they
may use version rollback to maintain interoperability with legacy
servers, under what conditions the clients should not allow version
rollbacks, such as when the server has indicated support for the TLS
Renegotiation Information extension. The intention of this procedure
is to limit the use of automatic version rollback to legacy servers
and eventually eliminate its use.
The IETF Secretariat
--
MVH,
Yngve N. Pettersen
Using Opera's mail client: http://www.opera.com/mail/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic