Re: [TLS] [OPSEC] OpSec WGLC for draft-ietf-opsec-ns-impact

thoughts together. Tom Petch Thanks! -- SY, Jen Linkova aka Furry on behalf of the OpSec Chairs. ___ OPSEC mailing list op...@ietf.org https://www.ietf.org/mailman/listinfo/opsec ___ TLS mailing list TLS

Re: [TLS] [OPSEC] Call For Adoption: draft-wang-opsec-tls-proxy-bp

while before I am ready with more comments on that other I-D. Tom Petch This draft provides guidelines for TLS proxy implementations; given current activities using TLS with proxying I believe this document is useful for the community and implementors. I support its adoption. Warm regards

Re: [TLS] [OPSEC] OpSec WGLC for draft-ietf-opsec-ns-impact

From: Jen Linkova Sent: 28 July 2020 23:14 To: tom petch On Wed, Jul 29, 2020 at 2:07 AM tom petch wrote: >> This email starts the WG Last Call for draft-ietf-opsec-ns-impact , >> Impact of TLS 1.3 to Operational Network Security Practices, >> https://datatracker.ietf.org/doc/d

Re: [TLS] Draft minutes for TLS at IETF 108

, related to oldversions-deprecate but that is a guess from reading between the lines and that topic is a live one for me so I would appreciate clarity. Tom Petch Best, Chris, on behalf of the chairs On Tue, Jul 28, 2020, at 9:29 AM, Christopher Wood wrote: > Hi folks, > > Draf

Re: [TLS] Draft minutes for TLS at IETF 108

From: Benjamin Kaduk Sent: 11 August 2020 18:06 On Wed, Aug 05, 2020 at 10:30:39AM +, tom petch wrote: > From: TLS on behalf of Christopher Wood > > Sent: 04 August 2020 19:16 > > The official minutes are now up: > > > https://urldefense.proof

[TLS] Fw: Draft minutes for TLS at IETF 108

Kathleen I have some thoughts below on RFC5953 and RFC6353 which I cannot find in deprecate but thought that I would. Tom Petch From: TLS on behalf of tom petch Sent: 13 August 2020 12:33 To: Benjamin Kaduk Cc: TLS Chairs; TLS@ietf.org Subject: Re

Re: [TLS] Last Call: (Deprecating MD5 and SHA-1 signature hashes in TLS 1.2) to Proposed Standard

y vulnerable to attack and this document deprecates their use in TLS 1.2 digital signatures.' And /This draft/This document/ Tom Petch On 14/10/2020 19:40, The IESG wrote: The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 

Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

ormatively references DTLS 1.0 (and which is part of a STD - not sure what that does to the Standard) And, in several places /supercede/supersede/ Tom Petch On 09/11/2020 22:26, The IESG wrote: The IESG has received a request from the Transport Layer Security WG (tls) to consider the followin

Re: [TLS] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 10/11/2020 11:18, Stephen Farrell wrote: Hiya, On 10/11/2020 10:21, tom petch wrote: I am confused about the treatment here of DTLS. The Abstract seems clear about the proposed action for TLS but then the second paragraph has " This document also deprecates Datagram TLS (DTLS) versio

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

security breaches. Tom Petch Thanks, Rob On Thu, Dec 3, 2020 at 7:48 PM Ackermann, Michael wrote: Deborah Thanks so much for your informative and positive message. I have not followed the OPs area too much, but will make an effort to do so now. Any specific drafts you might suggest, I w

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 14/12/2020 14:53, Stephen Farrell wrote: Hi Tom, On 10/11/2020 11:33, Stephen Farrell wrote: On 10/11/2020 11:30, tom petch wrote: Perhaps a second look at the algorithm to work out why these got missed to get a fix on how many more there may be. Sure, that's reasonable. (Mig

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 14/12/2020 16:36, tom petch wrote: On 14/12/2020 14:53, Stephen Farrell wrote: Hi Tom, On 10/11/2020 11:33, Stephen Farrell wrote: On 10/11/2020 11:30, tom petch wrote: Perhaps a second look at the algorithm to work out why these got missed to get a fix on how many more there may be

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 15/12/2020 12:51, tom petch wrote: On 14/12/2020 16:36, tom petch wrote: On 14/12/2020 14:53, Stephen Farrell wrote: On 10/11/2020 11:33, Stephen Farrell wrote: On 10/11/2020 11:30, tom petch wrote: Perhaps a second look at the algorithm to work out why these got missed to get a fix on

Re: [TLS] Last Call: (Connection Identifiers for DTLS 1.2) to Proposed Standard

uested to allocate an entry to the existing "TLS "ExtensionType Values" registry, defined in [RFC5246], and renamed by RFC8447 An extra column is added but I cannot see what value should be placed in that column for existing entries. "The tls12_cid ContentType is only a

Re: [TLS] Last Call: (Connection Identifiers for DTLS 1.2) to Proposed Standard

and wanted to know which form of header and MAC was appropriate but my understanding of the later paragraphs became that a zero length CID can only appear in Hello; but I do think that this needs fixing. I did track the WG discussion last October and did not see anything very clear then.

Re: [TLS] Last Call: (Connection Identifiers for DTLS 1.2) to Proposed Standard

On 12/03/2021 18:32, Thomas Fossati wrote: Hi Tom, all, On 12/03/2021, 17:29, "tom petch" wrote: On 12/03/2021 16:18, Achim Kraus wrote: Hi Tom, Hannes, Thomas, "A zero-length value indicates that the server will send with the client's CID but does not wish the client

Re: [TLS] Last Call: (Connection Identifiers for DTLS 1.2) to Proposed Standard

On 13/03/2021 18:03, Thomas Fossati wrote: hi Tom, On 13/03/2021, 11:54, "tom petch" wrote: Is your suggestion to remove the parenthetical? I.e.: OLD A zero-length value indicates that the server will send with the client's CID but does not wish the client to in