Hi all, Thanks to everyone who chimed in on this adoption call. It looks like there is consensus to adopt this as a WG item and volunteers to help review. Rich, can you please submit draft-ietf-tls-tls12-frozen-00 to datatracker, and transfer the GitHub repo to the tlswg GitHub org? Thank you!
Cheers, Deirdre, for the holiday chairs ✨ On Thu, Dec 14, 2023 at 6:40 AM William Stratton Apsokardu < williamsapsokardu...@outlook.com> wrote: > Facebook Facebook > FacebookFacebook > Get Outlook for iOS <https://aka.ms/o0ukef> > ------------------------------ > *From:* TLS <tls-boun...@ietf.org> on behalf of Nimrod Aviram < > nimrod.avi...@gmail.com> > *Sent:* Wednesday, December 13, 2023 9:49:55 AM > *To:* Ilari Liusvaara <ilariliusva...@welho.com> > *Cc:* TLS@ietf.org <tls@ietf.org> > *Subject:* Re: [TLS] Adoption call for 'TLS 1.2 Feature Freeze' > > Hi Ilari, thanks for the clarification! > > I attempted to correct the text. > Would you be willing to review the change? It's here: > > https://github.com/richsalz/tls12-frozen/commit/a1ce7ede97897e291af44f0c2f4fc225a2ca4447 > > thanks, > Nimrod > > > On Tue, 12 Dec 2023 at 19:22, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > On Fri, Dec 08, 2023 at 05:47:01PM +0000, Salz, Rich wrote: > > > > Good point. https://github.com/richsalz/tls12-frozen/pull/12 has the > > change. I’ll wait until/if this is adopted by the WG to merge it. > > Reading through the document, I noticed the following: > > "To securely deploy TLS 1.2, either renegotiation must be disabled > entirely, or this extension must be present." (where this extension > means renegotiation_info) > > > Entirely disabling renegotiation is not sufficient to fix the > renegotiation issue in TLS 1.2. For fixing the issue, renegotiation_info > MUST be required both ways. > > And then there is the other part to the triple handshake attack where > using TLS exporters for authentication without extended_master_secret > extension is insecure, even if renegotiation is not supported at all > by either side and both sides implement renegotiation_info. > > And then there is more dangerously flawed stuff, e.g., session tickets > (technically an extension). > > > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls