[Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt

Thu, 03 Feb 2022 04:01:50 -0800 

Here's the post-WGLC version of the BCP. Thanks to everybody who reviewed the 
draft and those who participated in the discussion leading to this version.

Quite a few changes from -04:

      -  More clarity and guidance on session resumption.
      -  Clarity on TLS 1.2 renegotiation.
      -  Wording on the 0-RTT feature aligned with RFC 8446.
      -  SHOULD NOT guidance on static and ephemeral finite field DH
         cipher suites.
      -  Revamped the recommended TLS 1.2 cipher suites, removing DHE
         and adding ECDSA.  The latter due to the wide adoption of ECDSA
         certificates and in line with RFC 8446.
      -  Recommendation to use deterministic ECDSA.
      -  Finally deprecated the old TLS 1.2 MTI cipher suite.
      -  Deeper discussion of ECDH public key reuse issues, and as a
         result, recommended support of X25519.
      -  Reworded the section on certificate revocation and OCSP
         following a long mailing list thread.

The authors believe the draft is ready to move forward. Chairs, please make a 
call on the next steps.

Thanks,
        Peter, Thomas and Yaron

On 2/3/22, 13:25, "[email protected]" <[email protected]> wrote:


    A new version of I-D, draft-ietf-uta-rfc7525bis-05.txt
    has been successfully submitted by Yaron Sheffer and posted to the
    IETF repository.

    Name:               draft-ietf-uta-rfc7525bis
    Revision:   05
    Title:              Recommendations for Secure Use of Transport Layer 
Security (TLS) and Datagram Transport Layer Security (DTLS)
    Document date:      2022-02-03
    Group:              uta
    Pages:              38
    URL:            
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.txt
    Status:         https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
    Html:           
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.html
    Htmlized:       
https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis
    Diff:           
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-05

    Abstract:
       Transport Layer Security (TLS) and Datagram Transport Layer Security
       (DTLS) are widely used to protect data exchanged over application
       protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP.  Over the
       years, the industry has witnessed several serious attacks on TLS and
       DTLS, including attacks on the most commonly used cipher suites and
       their modes of operation.  This document provides recommendations for
       improving the security of deployed services that use TLS and DTLS.
       The recommendations are applicable to the majority of use cases.

       This document was published as RFC 7525 when the industry was in the
       midst of its transition to TLS 1.2.  Years later this transition is
       largely complete and TLS 1.3 is widely available.  Given the new
       environment, updated guidance is needed.




    The IETF Secretariat




_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta

Reply via email to