The following errata report has been rejected for RFC6176, "Prohibiting Secure Sockets Layer (SSL) Version 2.0".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5520 -------------------------------------- Status: Rejected Type: Editorial Reported by: Eugene Adell <eugene.ad...@gmail.com> Date Reported: 2018-10-11 Rejected by: EKR (IESG) Section: 2 Original Text ------------- o Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session. Corrected Text -------------- o Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session. o The root certificate authority keys are overexposed. The server sends only one certificate signed by a root certificate authority, which means a frequent use of this authority keys for signing new certificates. This use can lead to key loss and the compromise of all certificates previously signed including the root certificate. Notes ----- Adding a deficiency. Recent history showed that well-known authorities could loose their keys and it had a wide impact on security. SSL 2.0 limits the certificate handshake message to one single certificate, thus making it impossible to send a certificate chain. A certificate chain doesn't completely prevent key loss, but it gives more protection to the root certificate keys which can be stored and hidden until we need them again, which is much less often than without chaining. --VERIFIER NOTES-- This isn't an error in the original document. It's new text you want to add. -------------------------------------- RFC6176 (draft-ietf-tls-ssl2-must-not-04) -------------------------------------- Title : Prohibiting Secure Sockets Layer (SSL) Version 2.0 Publication Date : March 2011 Author(s) : S. Turner, T. Polk Category : PROPOSED STANDARD Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
