Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-00.txt

identified ("## Host Name Validation" should be 6.1). -- Julien ÉLIE « Vina bibant homines, animantia cetera fontes. » ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] ALPN recommendations in draft-ietf-uta-rfc7525bis-01

ld be useful for such uses, but I am unsure it should be considered as a MUST to check them in applications. -- Julien ÉLIE « Vous savez, les idées, elles sont dans l'air. Il suffit que quelqu'un vous en parle de trop près, pour que vous les attrapiez ! » (

Re: [Uta] WGLC for draft-ietf-uta-rfc7525bis-04

est adding what is present in the introduction of RFC 8996: TLS 1.1 "lacks of support for current recommended cipher suites, especially authenticated encryption with associated data (AEAD) ciphers". Happy feasts of end of year, -- Julien ÉLIE « Il buvait toutes mes paroles, et comme je parl

[Uta] Using TLS with NNTP

ietf.org/wg/uta/trac/wiki Thanks beforehand, -- Julien ÉLIE « Aut bibas aut abeas. » ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

[Uta] About implicit TLS

f TLS on a separate port is discouraged for the reasons documented in Section 7 of "Using TLS with IMAP, POP3 and ACAP" [TLS-IMAPPOP]. Should it be changed? -- Julien ÉLIE « – Il est vraiment très frêle cet esquif ! – Il vaudrait mieux ne pas prendre de risques. – Des risques ?

Re: [Uta] Using TLS with NNTP

more background about that in my mail below. I've CC: the original authors of RFC 4642. Thanks beforehand, -- Julien Le 02/11/2015 11:12, Julien ÉLIE a écrit : Hi all, Since the publication of RFC 7465 "Prohibiting RC4 Cipher Suites", there has been a discrepancy with the requirements

Re: [Uta] draft-ietf-uta-email-deep-01 is ready for WGLC

ead of "Email Security Tags". This way, any protocol could benefit of the available security tags instead of duplicating it several times. -- Julien ÉLIE « – Et souvenez-vous ! La seule chose que nous ayons à craindre, c'est que le ciel nous tombe sur la

Re: [Uta] Last Call: (Updated TLS Server Identity Check Procedure for Email Related Protocols) to Proposed Standard

ld indeed be "Recommendations for TLS Server Identity Check Procedure". The advantage would be that the BCP can apply to email protocols, as well as other protocols using TLS. It would save time for others, and permit to have homogeneity and consistent rules across protocols, as well as i

Re: [Uta] Using TLS with NNTP

g the draft and participating to subsequent discussion. Have a nice week, -- Julien ÉLIE « Aequum est ut cuius participauit lucrum, participet et damnun. » ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] I-D Action: draft-ietf-uta-email-deep-03.txt

the IANA registry be named "Security Tags" or "Security Tags in Applications" instead of "Email Security Tags"? This way, any protocol could benefit of the available security tags instead of having to ask for yet another registry. -- Julien ÉLIE « L'atour est fiel aux Huns valides. » ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

[Uta] Compression along with TLS in NNTP

T be used along with compression. Thanks again for your useful comments! -- Julien ÉLIE « Pourvu que ça dure ! » (Letizia Bonaparte) ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] Compression along with TLS in NNTP

Last year, in September 2015, we spoke about the removal of TLS-level compression in TLS 1.2. Of course one should read "TLS 1.3". -- Julien ÉLIE « I don't worry about terrorism. I was married for two years. » (Sam Kinison) ___ U

Re: [Uta] Compression along with TLS in NNTP

ression dictionary after every response. -- Julien ÉLIE « Ta remise sur pied lui a fait perdre la tête ! » (Astérix) ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] [TLS] Compression along with TLS in NNTP

on, in case some of the operations the client wanted to perform are accepted by the server even if the client is unauthenticated. Does it answer your question? -- Julien ÉLIE « Contra factum non datur argumentum. » ___ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] Compression along with TLS in NNTP

y the needs of security? We believe it would work better than complexifying the simple COMPRESS command, and that it no longer introduces potential security issues in the default configuration (whereas the previous version did). -- Julien ÉLIE « A man inserted an 'ad' in the class

Re: [Uta] I-D Action: draft-ietf-uta-email-deep-03.txt

nd prevent forward progress. OK. I did not know registries could be renamed. I'm then fine with that. If one day your work is generalized, we'll be able to reuse it. -- Julien ÉLIE « C'est souvent la femme qui nous inspire les grandes choses qu'elles nous empêchent

[Uta] Refreshing TLS usage with NNTP

ening to that new separate port for mode-switching news servers that do not natively support TLS for peering. Thanks again for your valuable point of view on the draft, -- Julien ÉLIE « La terre étant ronde, le kilomètre devrait être rond et non pas carré. » (Ramón Gomez de La Ser

[Uta] Fwd: Last Call: (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

lgorithm with other validation methods that achieve equivalent levels of verification (such as comparing the server certificate against a local store of already-verified certificates and identity bindings). -- Julien ÉLIE « Ça n'a été qu'un coup de glaive dans l'eau. » (Astér

[Uta] draft-ietf-uta-email-deep-05: wording about strict vs implicit TLS

ons-01 that is currently in IETF Last Call: https://www.ietf.org/id/draft-elie-nntp-tls-recommendations-01.txt I hope that's fine, but of course it is still time to change it if "implicit TLS" is in fact the right wording to use. -- Julien ÉLIE «

[Uta] draft-ietf-uta-email-deep-05: reference RFC 7457

(CERT vulnerability ID #555316). I suggest to write "Section 2.2 of [RFC7457]" instead of "CERT vulnerability ID #555316". Indeed, RFC 7457 properly references CVE-2011-0411 and what CVE is, so it is best to just point to it. -- Julien ÉLIE « L'éternité, c'

[Uta] Wording about SSL stripping in RFC 7457

code and does not impact the TLS protocol directly. STARTTLS and similar mechanisms are vulnerable to downgrade attacks, whereby the attacker simply removes the STARTTLS indication from the (unprotected) request. This cannot be mitigated unless HSTS-like solutions are added. -- Julien

Re: [Uta] Fwd: Last Call: (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

gent need to update NNTP certificate validation to match RFC 6125, contrary to the other updates mentioned in the draft about RC4, TLS-level compression and strict TLS.) -- Julien ÉLIE « Ils ont coulé mon entreprise. » (les pirates, dans _Astérix_) ___

Re: [Uta] Wording about SSL stripping in RFC 7457

channel is encrypted. A client SHOULD attempt to negotiate TLS even if these indications are not communicated by the server. -- Julien On 19/12/16 23:42, Julien ÉLIE wrote: Hi all, In RFC 7457 "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)&

Re: [Uta] Wording about SSL stripping in RFC 7457

Hi Yaron, Well, I guess you're right... Thanks for detecting this error. Could you open an erratum please? Yes, just done. -- Julien ÉLIE Actually I think the paragraph reads better in Sec. 2.2 because Sec. 2.1 is all about HTTP, but we should have picked a more inclusive heading fo

Re: [Uta] draft-ietf-uta-email-deep-05: wording about strict vs implicit TLS

he authors of [RFC4642]), implicit TLS is the preferred way of using TLS with NNTP. It is the only paragraph where I still mention "strict TLS configuration" because I reference RFC 7525. In all other parts of the draft, only "implicit TLS" terminology is now used. Thanks f

[Uta] Obsolete TLS wording in IMAP specification

Shouldn't it be updated in favour of following RFC 7525 (BCP for TLS) and RFC 6125 (guideline for certificate validation)? -- Julien ÉLIE « The following two statements are usually both true: There's not enough documentation. There's too muc

Re: [Uta] Obsolete TLS wording in IMAP specification

uta-email-deep could then update Sections 2.1 and 2.2 of RFC 2595 (Using TLS with IMAP, POP3 and ACAP) and Section 11.1 of RFC 3501 (IMAPv4) to no longer require these obsolete cipher suites. Latest recommendation of RFC 7525 should just be followed. -- Julien ÉLIE « Ça n'a été qu

Re: [Uta] UTA meeting in Chicago?

o longer be followed. Maybe Sections 2.1 and 2.2 of RFC 2595 (Using TLS with IMAP, POP3 and ACAP) could also be marked obsolete, in favour of RFC 7525. Have a nice day, -- Julien ÉLIE « Se coucher tard… nuit. » (Raymond Devos) ___ Uta mailing lis

[Uta] New RFC 8143 on Using TLS with NNTP

) NNTP working groups. -- Julien ÉLIE Message transféré Date : Fri, 21 Apr 2017 21:37:54 -0700 (PDT) A new Request for Comments is now available in online RFC libraries. RFC 8143 Title: Using Transport Layer Security (TLS) with

Re: [Uta] I-D Action: draft-ietf-uta-tls-for-email-01.txt

ter TLS version encouraged to be used by [BCP195] and discontinue support for those earlier versions of SSL and TLS." -- Julien ÉLIE « Le rire est une chose sérieuse avec laquelle il ne faut pas plaisanter. » (Raymond Devos) ___ Uta mailing lis

Re: [Uta] Last Call: (Use of TLS for Email Submission and Access) to Proposed Standard

C should not be restricted to only the protocol version, but all the recommendations in the use of TLS (ciphers, certificate validation...) that are also present in BCP 195? -- Julien ÉLIE « – Le bureau des renseignements ? – Sais pas. Adressez-vous aux renseignements, ils vous renseigner