I-D Action: draft-pettersen-tls-version-rollback-removal-02.txt

Wed, 21 Aug 2013 16:05:57 -0700 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Managing and removing automatic version rollback in 
TLS Clients
        Author(s)       : Yngve N. Pettersen
        Filename        : draft-pettersen-tls-version-rollback-removal-02.txt
        Pages           : 6
        Date            : 2013-08-21

Abstract:
   Ever since vendors started deploying TLS 1.0 clients, these clients
   have had to handle server implementations that do not tolerate the
   TLS version supported by the client, usually by automatically
   signaling an older supported version instead.  Such version rollbacks
   represent a potential security hazard, if the older version should
   become vulnerable to attacks.  The same history repeated when TLS
   Extensions were introduced, as some servers would not negotiate with
   clients that sent these protocol extensions, forcing clients to
   reduce protocol functionality in order to maintain interoperability.

   This document outlines a procedure to help clients decide when they
   may use version rollback to maintain interoperability with legacy
   servers, under what conditions the clients should not allow version
   rollbacks, such as when the server has indicated support for the TLS
   Renegotiation Information extension.  The intention of this procedure
   is to limit the use of automatic version rollback to legacy servers
   and eventually eliminate its use.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-pettersen-tls-version-rollback-removal

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-pettersen-tls-version-rollback-removal-02

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-pettersen-tls-version-rollback-removal-02


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Reply via email to